Category Archives: Security

How To Secure Invision Power Board (IPB)

How To Secure Invision Power Board

This guide will show you how to increase the security of an Invision Power Board (IPB) installation. We’ll walk through practical examples for you to follow to harden IPB, reducing your attack surface.

There are a lot of insecure default options which unless modified will put you at a higher risk of being compromised by an attacker. Here we will outline what should be modified to increase security of IPB.

Read more »

Find The IP Address Of A Website Behind CloudFlare

Find Server IP Address Behind CloudFlare

CloudFlare is a freely available service that offers CDN and caching functionality. In order to use CloudFlare a domains DNS will be updated to send all traffic through CloudFlare, as a result it will hide the IP address of the actual web server where the website is hosted in order to provide various protections.

By doing this, CloudFlare essentially hides the real IP address of the web server that is hosting the website. There are many times that we may wish to be able to find the actual IP address of a server behind CloudFlare, such as during a penetration test you may want to bypass the web application firewall (WAF) completely by directly targeting the server itself.

The simple methods outlined here will show you how to find the real IP address of a website that is hidden behind CloudFlare. First we’ll cover the manual methods that can be used so that you understand what is going on before looking at automated options. Along the way we provide mitigations that can be used in order to protect yourself from these methods.

Read more »

How To Add A Nessus Scanner To SecurityCenter Using Certificates

Add Nessus Scanner To Tenable SecurityCenter

This guide will show you how to add a Nessus scanner into Tenable’s SecurityCenter using certificate based authentication, rather than standard username and password authentication.

Read more »

AusCERT 2016 CTF – Game of memory write-up

The AusCERT 2016 Capture The Flag (CTF) was run from the 24th to 26th of May 2016, these are my solutions to the “Game of memory” category of challenges which was made up of 5 parts each worth 100 points, for a total of 500 points.

Read more »

AusCERT 2016 CTF – myfirst_cmd write-up

The AusCERT 2016 Capture The Flag (CTF) was run from the 24th to 26th of May 2016, this is my solution to the first “Pwning” challenge myfirst_cmd which was worth 100 points.

Read more »

Google CTF 2016 – Forensic “For1” Write-up

The Google Capture The Flag (CTF) was run on the 29th and 30th of April 2016, this is my solution to the forensics challenge “For1” which was worth 100 points.

Read more »

Google CTF 2016 – Forensic “For2” Write-up

The Google Capture The Flag (CTF) was run on the 29th and 30th of April 2016, this is my solution to the forensics challenge “For2” which was worth 200 points.

Read more »

How To Update Microsoft Security Essentials In Windows Server 2012 R2

Recently I covered how to install Microsoft Security Essentials in Windows Server 2012 R2, however after performing a Windows update it failed to install with error 0x8004FF04.

Here I will discuss why this happens and then cover how to resolve this problem and update Microsoft Security Essentials manually.
Read more »

How To Install Microsoft Security Essentials In Windows Server 2012 R2

Windows Defender has been built into Windows 8, 8.1 and 10 by default to provide protection against malware, however there is no such default program installed in the Windows server operating system.

To provide a basic level of security in a small server environment, we can install Microsoft Security Essentials with some simple modifications which contains most of the functionality of Windows Defender for free.

By default if you try to install Microsoft Security Essentials in Windows Server you will receive various errors which we will cover how to fix here.

Read more »

How To Use The Bitcoin Client Over The Tor Network

Here we cover how to configure the Bitcoin client to send traffic via the Tor network rather than directly out to the Internet over your own connection, which can help reduce your Bitcoin transactions / addresses from being associated with your IP address.

Read more »