I recently performed a penetration test against an instance of Clickstudios Passwordstate, a web based Enterprise Password Management solution.
During testing, three instances of cross-site scripting were identified. This blog post is intended to serve as public disclosure of the issues for CVE-2018-14776, which have since been patched by Clickstudios.
The true power of Linux rests in the command line interface. If you are a Linux administrator, power user, or just like to tinker with your machine, you will be spending time in the Linux terminal. In today’s modern Linux operating system, most of us will actually use a terminal emulator. A terminal emulator is just a graphical application designed to run in the graphical user interface that accesses and emulates the command line interface found on all Linux installations.
There are many different terminal emulators out there, some come standard with different distributions while others you have to install yourself. Today, we will examine five of the best terminal emulators for Linux so you can discover the best terminal emulator for your needs.
This quick post is aimed to help you fix the “Invalid target disk adapter type: pvscsi.” error that can occur when importing a virtual machine into a VMware virtualization product.
Dual Intel Xeon E5-2670 server or workstation systems are fairly popular as the CPUs are quite cheap, but is it worth considering AMD’s newer Threadripper instead? In these benchmarks I compare the differences in performance and power usage between the 1950X and two E5-2670 CPUs.
This is my write up for the second Unix challenge at the Ruxcon 2017 security conference capture the flag (CTF).
The challenge was called ‘Bit early in the morning for kungfu’ and was worth 300 points.
This is my write up for the first Unix challenge at the Ruxcon 2017 security conference capture the flag (CTF).
The challenge was called ‘Judo’ and was worth 100 points.
By default the Encrypting File System (EFS) uses self signed certificates that are tied to a user account. Should these be lost a user will no longer be able to access their encrypted files. We can configure the EFS recovery agent which can decrypt the certificates of other users, thereby providing access to their encrypted files.
This guide will show you how to manage EFS and BitLocker certificates, including backup and restore. The certificates are important in order for EFS and BitLocker to work correctly, if they are lost then your data may be too. Therefore it is important that we backup these certificates and also know how to restore them.
In this post we’ll determine requirements and scenarios for implementing shielded VMs. In a traditional environment where virtual machines run on a hypervisor host, it’s possible for the administrator of the virtualization layer to get full access to the virtual machines.
For example if you buy a VPS from a provider, you are given access to the guest operating system. It is technically feasible for a malicious or compromised administrator account to gain access to the virtual machine.
This is where shielded VMs in Windows Server 2016 come in to save the day.
Rather than manually configuring Windows Firewall rules individually on each server, we can instead configure firewall rules for multiple profiles using group policy, allowing us to roll them out to a group of computers at once.
In this example we’ll be working with Windows Server 2016, however the steps are very similar in previous versions of the Windows operating system.