How to Force HTTPS on Web Servers

I’ve seen plenty of websites that use https but don’t force it by default, this isn’t considered a good security practice and should be resolved promptly. Below lists five of the most popular web servers (Nginx, Apache, IIS, OpenLitespeed and Lighttpd) configurations to force HTTPS by default. All tests were carried out on a local Debian Stretch server with the exception of IIS. All http:// requests will be (301) Moved Permanently to https:// with respected request path....

July 6, 2017 · 2 min · Naz Markuta

Being Evil against Encoded PHP Files

Lets say a server has been exploited and an attacker wants to intercept data coming from a web application in order to gain sensitive information such as plaintext server passwords. Lets also say that application is WHMCS. One of the requirements is IonCube Loader which protects PHP source code from easy observation, theft and change by compiling into bytecode. Sample of WHMCS with IonCube encoded source code When an encoded Ioncube file is changed in any way a 500 internal server error occurs....

June 28, 2017 · 2 min · Naz Markuta

Bad UEFI implementation Workaround

I decided to install the latest stable branch of Debian Stretch on a budget laptop (Toshiba Satellite C50-B-14D) bought in 2015. Its minimal specs was perfect for Linux. Installation image used was debian-9.0.0-amd64-netinst.iso. Once the installation process finished and I restarted my system, it would not recognise grub or any boot partition. Solution Rename folder and filename /EFI/debian/grubx64.efi to /EFI/boot/bootx64.efi Read more: https://wiki.debian.org/UEFI#Booting_a_UEFI_machine_normally With a different filename the UEFI implementation recognised and booted successfully....

June 18, 2017 · 1 min · Naz Markuta

Dynamips at 100% CPU Usage Fix

While working on a virtual pentest lab in VMWare Fusion. I had the desire of emulating a Cisco router device on a virtual network. The tool I used Dynamics did exactly that. However, it was eating up all CPU resources, making other guests almost unusable. Below shows VMware Fusion process running in Activity Monitor: Fix Open the Dynagen Management console dynagen /opt/config.net and run idlepc get R1 (R1 is the name of the router) which will calculate a better Idle PC Value for the current guest....

May 30, 2017 · 1 min · Naz Markuta