Verify a network for open dns resolvers

DNS amplification attacks have become pesky (see below for pointers on these kind of attacks). There’s an easy way to verify if there are nameservers on your network that allow recursive queries for the “world”

Do this from a machine outside of your network (if you’d launch it from a machine inside your network chances are high that your IP is part of an ‘allowed’ list in the NS-config, thus falsifying your results).

The toolRead more.

Secure file sharing with Dropbox and BoxCryptor

One of my customers required a solution that made reliable backups and copies of a Microsoft Access database. The backups had to be accessible from three Windows machines.

I first had a look at the different cloud solutions.

Both Dropbox and Google Drive are valuable candidates. When you use these solutions it is important to have a look at their ToS to verify that they comply with your policies. A post on ZDNet canRead more.

SANS SEC542 (Web App Penetration Testing and Ethical Hacking) cheat sheet

This week I obtained my GWAPT (GIAC Web Application Penetration Tester) certification (as a follow up to the SEC542 Web App Penetration Testing and Ethical Hacking course I followed last May). Besides the course notes I also used my own cheat sheet below.

Tip: take a copy of the ToC of every book and put them together on one big A3, if you want to look up something in the books it helps aRead more.

Track your laptop’s IP even when it gets stolen

If you take your laptop with you when you travel it can get stolen. Often when a laptop gets stolen the thieves don’t go to the trouble of re-installing your laptop. If you install IP-tracking software you might be able to locate its position when the thieves (or people who bought the device from the thieves) boot it. You would still have to go through the trouble of convincing law enforcement that it is yourRead more.

Run postfix as a blackhole mail server (open relay)

If you want to run Postfix as a blackhole mail server (accepting connection for every user on every domain) then all you have to do is add these settings to /etc/postfix/main.cf :

Note: Postfix is not acting as an open relay in this configuration because it discards mails and is not relaying them to the final destination.

Mapping my neighbourhood SSIDs

A recent post by @xme revealed a tool that allows for passive mapping of SSIDs. I gave it a go for 48 hours and below are the results.

bbox2-1888 2126 bbox2-4344 1580 dlink 84 Veronique 123 31 bbox2-0530 28 telenet-4F11F 28 ZapFi 14 FON_BELGACOM 12 linford1986 4 Wifi 45 4 ZapFi-Gusto 4 coffee House 3 homewlan 3 queenshotel 3 WifiCharles 3 Axip-Home 2 Axip-NW 2 bbox2-22b5 2 SKY24721 2 WLAN_38 2 bbox2-c230 1 BENCHIJIGUA 1Read more.

BNP Paribas, internetbanking and security/privacy marriage failure

I do some of my internet banking through BNP Paribas. Today I was greeted with this message:

The flash notice isn’t such a big security risk on its own but from a banking site I’d expect they would be more careful by – informing users that a (useless) banner requires Flash on your computer (Flash being a popular attack vector is good for gaming sites, from a banking site I’d expect something else) – informing users upfrontRead more.

Parse logfiles for entries from IP lists

I sometimes have to parse log files for different IP addresses and then group them by network owner. This becomes tedious If the number of IP addresses is rather long. The script below can help with automating this manual task.

It reads a log file and looks for a match based on keys in an iplist. Afterwards the result is summarized and grouped by a specified field. For example, say you have the log fileRead more.

Phishing notice from Deutsche Bank

A couple of days back I received an e-mail from Deutsche Bank. I’m not a customer from DB. About a year ago I applied for some information and I guess my email addresses ended up in their mailinglist.

The mailing warns customers that there is a phishing attack ongoing. According to the mail, once infected, a virus on your computer lures you to a fake page where you are asked to enter your details.

SoRead more.

The Complete Guide to XSS

There is a good writeup on XSS on Security Override.