So the OSCP journey is hard work, needs commitment, understanding from your wife and a try harder attitude (you will hate the words try harder and love them at the same time). To be able to pass the exam and earn the OSCP cert you will need to get enough points […]

Another, Here is my OSCP story

PrivateVPN Does PrivateVPN keep any logs? The FAQ is emphatic: “No, we NEVER produce logs of any data traffic. The only things we store are your email address.” That doesn’t rule out logging session traffic, of course: connection times, bandwidth, maybe IPs. As PrivateVPN imposes a six-device limit it presumably maintains a […]

PrivateVPN Thoughts

Ok, so you have upgraded your Wi-Fi to  a new shiney circular Ubiquiti device….and you are using PfSense too? Welcome to the club. Lets get started. There are multiple parts to get this all working so lets step through them. Few things to note:- I have setup the GUEST network […]

Ubiquiti Guest Wifi VLANS and PfSense

Locky ransomware is back, again… It’s delivered with the help of new tricks to fool users and anti-malware defences. Delivered through one of the largest spam campaigns in H2 2017 – as many as 23 million sent messages per day – the newest variant adds the .lukitus extension to the […]

Locky ransomware back with a new bag of tricks

Time is the most important factor in detecting network breaches and, consequently, in containing cyber incidents and mitigating the cost of a breach. “Security event investigations can last hours, and a full analysis of an advanced threat can take days, weeks or even months. Even large security operations center (SOC) teams […]

AI is key to speeding up threat detection and response

The dump is relatively small, containing around 3MB of files. https://pastebin.com/L48e49AK At the end of July, anonymous hackers published documents stolen from an employee of cybersecurity firm FireEye, and claimed that more data would follow. On Monday, the hackers seemingly followed up, and released a second cache of alleged documents, passwords, and […]

Hackers Mock Cybersecurity Firm FireEye with Second Data Dump

The UK Government’s Department of Digital, Culture, Media and Sport (DCMS) has announced that firms could face fines of up to £17m or 4% of global turnover if they fail to protect themselves from cyberattacks. The introduction of such financial penalties will be carried out by the data protection regulator, […]

Fines of £17m for unprotected UK firms

Description Spaghetti is a web application security scanner tool. It is designed to find various default and insecure files, configurations and misconfigurations. Spaghetti is built on python2.7 and can run on any platform which has a Python environment. Installation $ git clone https://github.com/m4ll0k/Spaghetti.git $ cd Spaghetti $ pip install -r […]

Spaghetti – Web Application Security Scanner

If like me you want to customise your Squid Proxy error page then , you have come to the correct place. Before we start, i have already setup transparent proxy on port 80 and WPAD to cover the HTTPS stuff. Go do that then come back, ( i can’t be […]

Custom Access Denied Page – PfSense Squid Proxy

HatCloud is built in Ruby. It allows you to discover the real IP address of a host that is being hidden by CloudFlare. This can be useful if you need test your server and website. obviously it can also be used for malicious purposes, but hey so can a car! […]

HatCloud : Tool to uncover real IP address of servers ...

Have you ever done a domain password audit? Well yes the cracking of the passwords can be fun depending on the rig your using, but what happens after that? Yeah…… the reporting! There are some tools that give stats but none of the can compare to this new tool “PasswordStats”. […]

PasswordStats – A cool new password reporting tool

Malware analysis is like defusing bombs. The objective is to disassemble and understand a program that was built to do harm or spy on computer users (oops, this is where the bomb analogy fails, but one gets the point). That program is often obfuscated (ie: packed) to make the analysis […]

Malboxes: a Tool to Build Malware Analysis Virtual Machines

Last weekend a security researcher publicly disclosed a zero-day vulnerability in Windows 10, Windows 8.1 and Server editions after Microsoft failed to patch it in the past three months. The zero-day memory corruption flaw resides in the implementation of the SMB (server message block) network file sharing protocol that could […]

Windows SMB Zero-Day Exploit Released in the Wild after Microsoft ...

Visitors to more than 10,000 Tor-based websites were met with an alarming announcement this morning: “Hello, Freedom Hosting II, you have been hacked.” A group affiliating itself with Anonymous had compromised servers at Freedom Hosting II, a popular service for hosting websites accessible only through Tor. Roughly six hours after […]

An Anonymous group just took down a fifth of the ...