Introduction In this article we'll present the CVE-2014-4690 vulnerability existing in pfSense version <= 2.1.3. In later versions of pfSense, the vulnerabilities have been successfully remediated and are no longer present. You should also read the previous articles about PfSense vulnerabilities at the following locations: PfSense Vulnerabilities Part ...

Introduction In this article we'll present the CVE-2014-4689 vulnerability existing in pfSense version <= 2.1.3. In later versions of pfSense, the vulnerabilities have been successfully remediated and are no longer present. You should also read the previous articles about PfSense vulnerabilities at the following locations: PfSense Vulnerabilities Part ...

Introduction In this article we'll present the CVE-2014-4688 vulnerability existing in pfSense version <= 2.1.3. In later versions of pfSense, the vulnerabilities have been successfully remediated and are no longer present. You should also read the previous articles about PfSense vulnerabilities at the following locations: PfSense Vulnerabilities Part ...

A few days ago we made the decision to change the default insecure HTTP protocol being used in our company website: Protean Security with a secure HTTPS protocol. The process was very easy at the beginning and there was little needed to be configured. Basically we had to register our ...

Introduction In this article we'll explore the Cuckoo Sandbox, an automated malware analysis framework. When installing Cuckoo for the first time, we can quickly determine that it's not all that easy to install Cuckoo [1]. Therefore, to ease the pain we've described the process of how to ...

Whenever finding a new vulnerability in a software product, it's advisable that a researcher first notifies the company responsible for the product and gives them time to fix the identified vulnerabilities. I've found multiple vulnerabilities in Pfsense firewall and reported them to the Pfsense security team. They were ...

Introduction If you're using Pfsense as your firewall solution, then you've surely wondered about keeping your configuration files backed up. Normally, you have to go to Diagnostics - Backup/Restore to backup the configuration files manually as presented on the picture below. But we're all aware that manual ...

Introduction to Full Layout In this article I'll present how I implemented the Full Layout into ZAP OWASP. Since I'm always using ZAP on small screens, it just isn't enough space to actually make use of the two layouts that are available in ZAP: the “Maximize left ...

Introduction In this tutorial we'll present naxsi nginx module, which provides a WAF (Web Application Firewall) to any application running behind Nginx web server. It works by inspecting HTTP requests and matching the malicious pattern rules in naxsi_core.rules. If a match is found, the malicious request is blocked ...

Introduction to Email System On the picture below we can see basic overview we'll be setting up in this tutorial. When working with Mutt, we have to take care of sending and receiving emails separately, since different servers are used for those. The overview can be seen on the ...