RSS Blog OpenKod

  • Firewall Switch Batch Script using command line Windows 10 1st June 2018
    Firewall Switch Batch Script using command line for Windows 10   Save as .bat   ECHO OFF CLS :MENU ECHO. ECHO ............................................... ECHO PRESS 1 OR 2 to select your task, or 3 to EXIT. ECHO ............................................... ECHO. ECHO 1 - Firewall OFF ECHO 2 - Firewall ON ECHO 3 - EXIT ECHO. SET /P […]
    hasan
  • PS4: SpecterDev releases 4.05 Kernel Exploit 28th December 2017
          It’s finally here! 2 Months after Team Fail0verflow revealed the technical details of a Kernel Exploit for firmware 4.05, Developer SpecterDev released a functional implementation today. The release is fresh and I haven’t taken the time to test it yet (plus, I’m on 4.01 right now and will need to update), but there’s no reason at […]
    hasan
  • How to set up Apt caching server on Ubuntu or Debian 20th November 2017
    If you often create guest VMs or containers on your Linux computer, you will go through package installation many times across different VMs/containers. In that case, your time may be better spent on something more productive than just waiting to finish installing packages. While server provisioning tools like Puppet, Chef or Ansible can automate the […]
    hasan
  • How to Implement ModSecurity OWASP Core Rule Set in Nginx 25th August 2017
    If you were securing Nginx with Mod Security then you would like to have OWASP core rule set (CRS) activated to protect from following threats. HTTP protocol violation protection Common web attacks Bots, crawlers, malicious activity protection Trojan protection Information leakage protection Cross Site Scripting attacks SQL injection attacks Do you agree? In my previous post, […]
    hasan
  • Nginx Reverse Proxy 25th August 2017
    /etc/nginx/sites-enabled/default server {     listen 80;     server_name www.google.com;       location / {         proxy_pass http://10.20.0.10;         proxy_set_header Host $host;         proxy_set_header X-Real-IP $remote_addr;         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;         proxy_set_header X-Forwarded-Proto $scheme;     }   […]
    hasan
  • udpreplay 4th July 2017
    Overview udpreplay is a simple application for forwarding UDP stateless traffic. The application is a gopiper pipeline, so gopiper is required. Running gopiper --pipe udpreplay.lua Using Docker docker run -e DEVICE='eth0' -e ADDRESS_LIST='192.168.1.1' openkod/udpreplay Requirements gopiper is required to run the application. Also the pcap gopiper component and multiudp gopiper component are required. Configuration You can configure the application using environment variables: Environment […]
    hasan
  • How to push Snort, Bro, YAF log to Metron 20th June 2017
    Install the Metron Bro plugin into your Bro install. This will push the Bro output into Kafka so that Metron can consume it. https://github.com/apache/metron/tree/master/metron-sensors/bro-plugin-kafka You can use the Ansible deployment steps as instructions for one, simple way to pipe YAF and Snort output into Kafka. This is only suitable for small scale testing. https://github.com/apache/metron/tree/master/metron-deployment/roles/yaf https://github.com/apache/metron/tree/master/metron-deployment/roles/snort […]
    hasan
  • Squid and Squid 5th April 2017
    It’s all about squid Problem : [email protected]:/etc# tail -f /var/log/syslogSep 23 23:33:16 proxy kernel: [14772.979413] TCP: too many of orphaned sockets Solution : http://blog.tsunanet.net/2011/03/out-of-socket-memory.html Tunning settings in sysctl.conf http://www.frozentux.net/ipsysctl-tutorial/ipsysctl-tutorial.html#AEN412 TCP Tunning http://web.archive.org/web/20111225052722/http://fasterdata.es.net/fasterdata/host-tuning/linux/ Reload file /etc/sysctl.conf after editing without restart the server [email protected]:/etc# sysctl -p http://xmodulo.com/2012/04/how-to-reload-sysctlconf.html      
    hasan
  • Multiple Vulnerabilities in Drupal Could Allow for Remote Code Execution 20th March 2017
    MS-ISAC ADVISORY NUMBER:2017-028 DATE(S) ISSUED:03/16/2017 SUBJECT:Multiple Vulnerabilities in Drupal Could Allow for Remote Code Execution OVERVIEW: Multiple vulnerabilities have been discovered in Drupal core module, the most severe of which could allow for remote code execution. Drupal is an open source content management system (CMS) written in PHP. Successful exploitation of the most severe of […]
    hasan
  • Microsoft Security Advisory 4010983 15th March 2017
    Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service   Published: January 27, 2017 Version: 1.0 Executive Summary   Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of ASP.NET Core MVC 1.1.0. This advisory also provides guidance on what developers can do to update their applications […]
    hasan