β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to properly protect sysctl on Linux from spoofing and Syn flooding
1) The sysctl system also helps prevent attacks such as SYN floods and IP spoofing.
It also logs some types of suspect packets - spoofed packets, source routed packets, and forwarded packets.
2) You can change kernel parameters at run time using the sysctl command, or you can make changes to the system configuration file to make these changes more permanent.
3) I want to show you how you can protect sysctl by quickly editing the config file.
This configuration will be as follows:
Disable IP forwarding
Disable packet forwarding
Disable accepting ICMP redirects
Enable protection against incorrect error messages
What you need:
4) Linux
User with sudo privileges
Note: I will be demonstrating an example on Ubuntu Server 18.04, but the process is the same for most Linux distributions.
How to edit sysctl config file
Log into your Linux server or desktop and open a terminal window.
5) In the terminal, enter the command:
sudo nano /etc/sysctl.conf
First required parameter:
# net.ipv4.ip_forward = 1
change to:
net.ipv4.ip_forward = 0
Next line:
# net.ipv4.conf.all.send_redirects = 0
change to:
net.ipv4.conf.all.send_redirects = 0
Find the line:
# net.ipv4.conf.all.accept_redirects = 0
change to:
net.ipv4.conf.all.accept_redirects = 0
Add the following line below that:
net.ipv4.conf.default.accept_redirects = 0
Finally, add the following lines to the end of the file:
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 3
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 45
6) The above settings do the following:
Includes protection against incorrect error messages
Enable SYN cookies to prevent the server from dropping connections when the SYN queue is full
Increase SYS queue size to 2048
W akryvayut state SYN_RECV compound pre
Decrease SYN_RECV timeout value to help mitigate SYN flood attack
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦π§ How to properly protect sysctl on Linux from spoofing and Syn flooding
1) The sysctl system also helps prevent attacks such as SYN floods and IP spoofing.
It also logs some types of suspect packets - spoofed packets, source routed packets, and forwarded packets.
2) You can change kernel parameters at run time using the sysctl command, or you can make changes to the system configuration file to make these changes more permanent.
3) I want to show you how you can protect sysctl by quickly editing the config file.
This configuration will be as follows:
Disable IP forwarding
Disable packet forwarding
Disable accepting ICMP redirects
Enable protection against incorrect error messages
What you need:
4) Linux
User with sudo privileges
Note: I will be demonstrating an example on Ubuntu Server 18.04, but the process is the same for most Linux distributions.
How to edit sysctl config file
Log into your Linux server or desktop and open a terminal window.
5) In the terminal, enter the command:
sudo nano /etc/sysctl.conf
First required parameter:
# net.ipv4.ip_forward = 1
change to:
net.ipv4.ip_forward = 0
Next line:
# net.ipv4.conf.all.send_redirects = 0
change to:
net.ipv4.conf.all.send_redirects = 0
Find the line:
# net.ipv4.conf.all.accept_redirects = 0
change to:
net.ipv4.conf.all.accept_redirects = 0
Add the following line below that:
net.ipv4.conf.default.accept_redirects = 0
Finally, add the following lines to the end of the file:
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 3
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 45
6) The above settings do the following:
Includes protection against incorrect error messages
Enable SYN cookies to prevent the server from dropping connections when the SYN queue is full
Increase SYS queue size to 2048
W akryvayut state SYN_RECV compound pre
Decrease SYN_RECV timeout value to help mitigate SYN flood attack
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Among β1,500 information security vulnerabilities in Octoberββ¦ the lowest in the year.
#Analytiques #Vulnerabilities
#Analytiques #Vulnerabilities
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦TYPES OF FIREWALLS :
1) Firewall Types:
Firewall Package Filtering:
This firewall form tracks TCP packet headers at the level of TCP, and searches for source address, target address, source port, destination port, and protocol. They authorize or disallow packets in compliance with written laws, depending on these information.
Any 80 Allow β this rule tells the firewall to permit any packet from any source to port 80 from any source.
2) Firewall Circuit Level:
The session levels are operated and the links are filtered. They are searching for trustworthy connections and filter dependent on trusted connections right before the packets are transferred.
3) Firewalls application:
Alternatively they are called the Proxy firewall; operate on the server layer, filtering packets of the application level. There are various rules for filtering the data at the proxy. Web servers normally accessed by internet users can be positioned as proxy servers outside the internal network and all connections to the proxy can therefore be directed; the internal network can then be shielded from external links.
4) Firewall state-of-the-art:
This is the firewalls mix. It functions on the Network Layer, filters transport speeds, connections at the session level and applications data. This has a state table with separate links status and a law table. It has a state table. It also tracks the number of sequences to deter related attacks.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦TYPES OF FIREWALLS :
1) Firewall Types:
Firewall Package Filtering:
This firewall form tracks TCP packet headers at the level of TCP, and searches for source address, target address, source port, destination port, and protocol. They authorize or disallow packets in compliance with written laws, depending on these information.
Any 80 Allow β this rule tells the firewall to permit any packet from any source to port 80 from any source.
2) Firewall Circuit Level:
The session levels are operated and the links are filtered. They are searching for trustworthy connections and filter dependent on trusted connections right before the packets are transferred.
3) Firewalls application:
Alternatively they are called the Proxy firewall; operate on the server layer, filtering packets of the application level. There are various rules for filtering the data at the proxy. Web servers normally accessed by internet users can be positioned as proxy servers outside the internal network and all connections to the proxy can therefore be directed; the internal network can then be shielded from external links.
4) Firewall state-of-the-art:
This is the firewalls mix. It functions on the Network Layer, filters transport speeds, connections at the session level and applications data. This has a state table with separate links status and a law table. It has a state table. It also tracks the number of sequences to deter related attacks.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
You can follow & Stay tunned :
A) Undercode Testing :
instagram.com/UndercodeTesting
Fb.com/UndercodeTesting
Join our fcb group Fb.com/groups/UndercodeTesting
twitter.com/UndercodeUpdate
Youtube.com/Undercode
UndercodeTesting.com
B) Follow & stay updated undercode News:
Instagram.com/UndercodeNews
Fb.com/undercodeNews
Twitter.com/UndercodeNews
UndercodeNews.com
https://m.youtube.com/channel/UCU7X3-cwK7yR3SlSjlCPOkQ
A) Undercode Testing :
instagram.com/UndercodeTesting
Fb.com/UndercodeTesting
Join our fcb group Fb.com/groups/UndercodeTesting
twitter.com/UndercodeUpdate
Youtube.com/Undercode
UndercodeTesting.com
B) Follow & stay updated undercode News:
Instagram.com/UndercodeNews
Fb.com/undercodeNews
Twitter.com/UndercodeNews
UndercodeNews.com
https://m.youtube.com/channel/UCU7X3-cwK7yR3SlSjlCPOkQ
Facebook
Log in or sign up to view
See posts, photos and more on Facebook.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Tips to Improve your Application Security :
1)Be concerned about securing your API
The Application Programming Interface, or API can be said, is an important part of backend development, supporting applications to communicate with each other.
But since they are obvious, they can be a security issue.
2) Don't forget about Back-end security
A significant number of internal APIs suggest that it is unlikely that an application that is reported to have access will be able to communicate with it.
Internal servers must have security systems installed to protect against malicious attacks.
Therefore, you must ensure that all APIs are authenticated based on the mobile platform, as transport processes and API authentication can differ from platform to platform.
3) Use tokens
A token is "a small hardware device controlled by a way to authorize a login to a system account."
In today's world of applications, developers use tokens to handle user sessions more efficiently.
4) High-level authentication
As discussed above, many security breaches are due to weak authentication.
Hence, it becomes more and more important to use stronger authentication.
Authentication often refers to passwords.
As an application developer, your job is to support your users with passwords.
For example, you can design your application so that it only accepts strong alphanumeric passwords that can be recovered every three months.
Two-factor authentication is also a great idea for securing a mobile app.
If your application allows two-factor authentication, the user will previously be required to enter a code delivered to his or her texts or email upon login.
If we talk more about modern authentication methods, then it includes biometric data such as retinal scans. and fingerprints.
5) Run the best encryption tools and techniques
The number one challenge for stronger encryption is choosing key management.
Store your keys in secure containers.
Never host them locally on the server.
6) Testing the program
It is shocking that many developers do not validate their code.
This is a necessary part of developing quality code.
This is why only part of the app security process is focused on building a great mobile app.
To get a secure application, the team must regularly evaluate the code and analyze the security loopholes that can arise from a data breach.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Tips to Improve your Application Security :
1)Be concerned about securing your API
The Application Programming Interface, or API can be said, is an important part of backend development, supporting applications to communicate with each other.
But since they are obvious, they can be a security issue.
2) Don't forget about Back-end security
A significant number of internal APIs suggest that it is unlikely that an application that is reported to have access will be able to communicate with it.
Internal servers must have security systems installed to protect against malicious attacks.
Therefore, you must ensure that all APIs are authenticated based on the mobile platform, as transport processes and API authentication can differ from platform to platform.
3) Use tokens
A token is "a small hardware device controlled by a way to authorize a login to a system account."
In today's world of applications, developers use tokens to handle user sessions more efficiently.
4) High-level authentication
As discussed above, many security breaches are due to weak authentication.
Hence, it becomes more and more important to use stronger authentication.
Authentication often refers to passwords.
As an application developer, your job is to support your users with passwords.
For example, you can design your application so that it only accepts strong alphanumeric passwords that can be recovered every three months.
Two-factor authentication is also a great idea for securing a mobile app.
If your application allows two-factor authentication, the user will previously be required to enter a code delivered to his or her texts or email upon login.
If we talk more about modern authentication methods, then it includes biometric data such as retinal scans. and fingerprints.
5) Run the best encryption tools and techniques
The number one challenge for stronger encryption is choosing key management.
Store your keys in secure containers.
Never host them locally on the server.
6) Testing the program
It is shocking that many developers do not validate their code.
This is a necessary part of developing quality code.
This is why only part of the app security process is focused on building a great mobile app.
To get a secure application, the team must regularly evaluate the code and analyze the security loopholes that can arise from a data breach.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The main ways to distribute your Trojan:
#fastTips
1. Protroyan gamer: Go to the gaming forum, well, or a blog where you can leave comments and glue your Trojan with cheats, as they say the profit is good, because gamers turn off their antivirus.
2. The same thing, but gluing with cracks, again comments on forums, torrent trackers, etc. The coverage is great, maybe as they say.
3. Varez music and clips, here the method is quite simple, a shortcut is made, like music / playlist, etc. for example, it runs it, and instead of it, the Trojan starts, well, of course, music / film, you can also run it to divert your eyes. The main thing is to mask your virus so that no one thinks that this is an executable file that will launch the shortcut.
4. Distribution by mail with the extension .src, you can spam by mail like there: "You received an invoice!"
5. Extensions like doc.exe are used less often, but everything is clear here, this is spam for soap, etc.
6. Another good way, this is a miracle program for hacking VKontakte, etc., there are many victims in general.
7. Phishing sites, such as update adob, chrome, etc.
8. Well, the last way, trample the hacker, go for a hack. board and put a cryptor, a stealer, etc. there. with a fucker, you can both in the build and in the builder. In the latter case, someone else will do the job for you. UPD This article was created for informational purposes only. If we missed something, add it in the comments.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The main ways to distribute your Trojan:
#fastTips
1. Protroyan gamer: Go to the gaming forum, well, or a blog where you can leave comments and glue your Trojan with cheats, as they say the profit is good, because gamers turn off their antivirus.
2. The same thing, but gluing with cracks, again comments on forums, torrent trackers, etc. The coverage is great, maybe as they say.
3. Varez music and clips, here the method is quite simple, a shortcut is made, like music / playlist, etc. for example, it runs it, and instead of it, the Trojan starts, well, of course, music / film, you can also run it to divert your eyes. The main thing is to mask your virus so that no one thinks that this is an executable file that will launch the shortcut.
4. Distribution by mail with the extension .src, you can spam by mail like there: "You received an invoice!"
5. Extensions like doc.exe are used less often, but everything is clear here, this is spam for soap, etc.
6. Another good way, this is a miracle program for hacking VKontakte, etc., there are many victims in general.
7. Phishing sites, such as update adob, chrome, etc.
8. Well, the last way, trample the hacker, go for a hack. board and put a cryptor, a stealer, etc. there. with a fucker, you can both in the build and in the builder. In the latter case, someone else will do the job for you. UPD This article was created for informational purposes only. If we missed something, add it in the comments.
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Free Data Hacking Project:
"Hacking in the sense of deconstructing an idea, hardware, anything and getting it to do something it wasnβt intended or to better understand how something works." (BSides CFP)
So hacking here means we want to quickly deconstruct data, understand what we've got and how to best utilize it for the problem at hand.
The primary motivation for these exercises is to explore the nexus of IPython, Pandas and Scikit Learn on security data of various kinds. The exercises will often intentionally show common missteps, warts in the data, paths that didn't work out that well and results that could definitely be improved upon. In general we're trying to capture what worked and what didn't, not only is that more realistic but often much more informative to the reader
π¦HOW TO USE ?
Most of the notebooks will have relative paths to some resources, data files or images. In general the easiest way we found to run ipython on the notebooks is to change into that project directory and run ipython with this alias (put in your .bashrc or whatever):
alias ipython='ipython notebook --FileNotebookManager.notebook_dir=
$ cd data_hacking/fun_with_syslog
$ ipython
For download: https://github.com/SuperCowPowers/data_hacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Free Data Hacking Project:
"Hacking in the sense of deconstructing an idea, hardware, anything and getting it to do something it wasnβt intended or to better understand how something works." (BSides CFP)
So hacking here means we want to quickly deconstruct data, understand what we've got and how to best utilize it for the problem at hand.
The primary motivation for these exercises is to explore the nexus of IPython, Pandas and Scikit Learn on security data of various kinds. The exercises will often intentionally show common missteps, warts in the data, paths that didn't work out that well and results that could definitely be improved upon. In general we're trying to capture what worked and what didn't, not only is that more realistic but often much more informative to the reader
π¦HOW TO USE ?
Most of the notebooks will have relative paths to some resources, data files or images. In general the easiest way we found to run ipython on the notebooks is to change into that project directory and run ipython with this alias (put in your .bashrc or whatever):
alias ipython='ipython notebook --FileNotebookManager.notebook_dir=
pwd'$ cd data_hacking/fun_with_syslog
$ ipython
For download: https://github.com/SuperCowPowers/data_hacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - SuperCowPowers/data_hacking: Data Hacking Project
Data Hacking Project. Contribute to SuperCowPowers/data_hacking development by creating an account on GitHub.