A blog about the state of security

  • Ransomware, should you really be bothered?

    What is a ransomware attack? Simply put, it’s a virus attack that encrypts all the files on your computer/laptop and makes it impossible to access your data. Even though the file is still sitting on your computer/laptop, it’s just not sitting pretty anymore. You are not in a position to really do much till the time…

  • Intercepting proxy and how to use it?

    Given that you are here, we assume you have heard the term intercepting proxy before? If not, let us help you understand what it is and more importantly, what it does. What is an intercepting proxy? An intercepting proxy is an application that sits between your browser and the web application. Why would you want…

  • Website security needs skills, real skills.

    The need for website security has increased leaps and bounds over the last few decades. Every other day there are news reports of websites getting hacked, people’s mail accounts being stolen, credit card data being leaked; how do you make sure your website is not vulnerable? It’s difficult living in our times when it comes…

  • Starting SSH on boot Kali 2.x

    SSH won’t start at boot on Kali 2.0? Don’t worry, it’s because Kali 2.x is based on Debian 8, as opposed to Kali 1.x being based on Debian 7. Kali 1.x uses init/update-rc.d; Kali 2.x uses systemd/systemctl For Kali 1.x, the command is #update-rc.d -f ssh defaults For Kali 2.x, the command is #systemctl enable…

  • Create strong passwords that actually work!

    Every time we are faced with creating a new account on some website, we cringe at the thought of having to create one more “password”. Arrrrggggghhhhh!!!! It’s easier to reuse the same password I used last week, to sign up for the shopping site. One strong password for everything; that ought to work right? It…

  • Metasploit smb_login fails with status_logon_failure

    If you are using Metasploit and have ever tried running the smb_login module against a Windows XP box, chances are high that you have encountered the following error message. This will happen if you are running Windows XP in a non-domain environment. When running in non-domain environments, Windows authenticates all network logon requests to be…

  • PostgreSQL accepting TCP/IP connections on port 5432?

    Just a short post for anyone who is having this particular error, Failed to connect to the database: could not connect to server: Connection refused Is the server running on host “localhost” (::1) and accepting TCP/IP connections on port 5432? could not connect to server: Connection refused. Is the server running on host “localhost” (::1)…

  • Easy way to tunnel VNC over SSH?

    Why would you want to tunnel VNC traffic over SSH? VNC as we know is a graphical desktop sharing system. It uses Remote Frame Buffer(RFB) protocol to remotely control another computer. By default, RFB is not a secure protocol. So in order to make it secure with encryption, we would need to tunnel traffic over…

Got any book recommendations?