HTTPoxy vulnerability affecting CGI Applications ?>

HTTPoxy vulnerability affecting CGI Applications

There’s this new vulnerability with a website [HTTPoxy.org] and a logo. Apart from the complete description that’s available at their official website I’m going to walk you through it and give you some practical examples of abuse cases. I’ve also developed a tool that you can run on your servers which tells you if you’re vulnerable or not. What is HTTPoxy and how does it work? HTTPoxy is the name of a vulnerability affecting CGI based applications. This can affect…

Read More Read More

Client Certificate Authentication, Configuring IIS To Authenticate Users Via Hardware Tokens ?>

Client Certificate Authentication, Configuring IIS To Authenticate Users Via Hardware Tokens

Preface What is PKI? Wikipedia says: A Public Key Infrastructure (PKI) is a set of roles, policies and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. Is PKI all about public key cryptography? Not exactly, the emphasis is more on policies and procedures rather than the technology and math. Ok, What does this PKI thing look like? This system consists of different parties, namely the Certificate Authority (CA), the Registration Authority (RA)…

Read More Read More

Website Deface Detection Script ?>

Website Deface Detection Script

You’re going to get hacked on the weekend? Panic mode activated. Today I’m going to show you how easy it is to get a “bot” up and running that watches your website and alerts you if you get hacked (defaced). This bot is going to kindly notify you over telegram. [Skip to the technical part] The Story (What was the problem I was trying to solve?) I suppose all admins and techies have had this nightmare at least once in…

Read More Read More

Mac OS X ElCapitan 10.11.5 Update Login Issue ?>

Mac OS X ElCapitan 10.11.5 Update Login Issue

Facing issues after 10.11.5 update? The login screen stuck at loading? Backups not available or are old? Don’t panic hopefully this post will guide you through fixing it with no data loss. It took me 2 days to figure this out. The fun coincidence here is that the guy who posted this tip on apple forums said that it was his last resort before giving up. And when I found this post I was preparing my ElCapitan bootable disk to…

Read More Read More