In this article we'll talk about the CVE-2013-1862 vulnerability, which exists in Apache versions 2.2.x before 2.2.25, where the data written to the log is not sanitized for non-printing characters. Therefore, an escape sequence characters sent by attacker in a request will get logged to ...

Whenever finding a new vulnerability in a software product, it's advisable that a researcher first notifies the company responsible for the product and gives them time to fix the identified vulnerabilities. I've found multiple vulnerabilities in Pfsense firewall and reported them to the Pfsense security team. They were ...

Introduction If you're using Pfsense as your firewall solution, then you've surely wondered about keeping your configuration files backed up. Normally, you have to go to Diagnostics - Backup/Restore to backup the configuration files manually as presented on the picture below. But we're all aware that manual ...

Introduction to Full Layout In this article I'll present how I implemented the Full Layout into ZAP OWASP. Since I'm always using ZAP on small screens, it just isn't enough space to actually make use of the two layouts that are available in ZAP: the “Maximize left ...

Introduction In this tutorial we'll present naxsi nginx module, which provides a WAF (Web Application Firewall) to any application running behind Nginx web server. It works by inspecting HTTP requests and matching the malicious pattern rules in naxsi_core.rules. If a match is found, the malicious request is blocked ...

Introduction to Email System On the picture below we can see basic overview we'll be setting up in this tutorial. When working with Mutt, we have to take care of sending and receiving emails separately, since different servers are used for those. The overview can be seen on the ...

Introduction In this article we'll present the open source host-based intrusion detection system, which is needed if we would like to detect host-based attacks on our computer. First of all, we should emphasize that OSSEC is supported on most platforms including Linux, MAC, Windows, Solaris, HP-UX, ESX, etc and ...

Introduction Bridged networking can be used when we want our guest virtual machine to get the IP address from our router and be able to see the host and all other machines in our LAN network. This is also a requirement if we want to have a server on the ...

Introduction There are different kind of backend networks that we can use with QEMU. In order to specify the backend network, we need to use the -netdev command-line option. This is directly connected to the -net command-line option. The -netdev has multiple syntaxes presented below that directly correspond to the ...

In this tutorial we'll talk about managing Vim plugins. Has it often occurred to you that you've found about this new shiny Vim plugin, installed it, used it for some time and then completely forgot about updating it? And it gets worse when you get a new computer ...