Libinjection. Libinjection is a C library that detects SQLi attacks in user input. It is designed to be embedded in existing or new applications: Fast > 100k inspections per second No memory allocation No threads Stable memory usage (approximately 500 bytes on stack) 500 lines of C code (plus a few kiobytes of data) It is based on lexical analysis of SQL and SQLi attempts and does not use regular expressions.
A python port is planned and ports to other languages should not be difficult. License: I’m temporarily using GPLv2 to force commericial interests to get in contact. Presentations libinjection and SQLi Obfuscation First presented at OWASP NYC at DTCC’s headquarters at 55 Water Street in NYC on September 20, 2012. libinjection: New Techniques for Detecting SQLi Attacks First presented at iSEC Partners Open Forum, at Gilt Group headquarters in New York City on September 6, 2012 First presented at Black Hat USA, July 25, 2012, 2:45 PM More More More Elsewhere.
LaBrea. LaBrea takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet. The program answers connection attempts in such a way that the machine at the other end gets "stuck", sometimes for a very long time. Grab a chair and listen while Tom Liston talks about LaBrea. What you probably want This is the SourceForge LaBrea web site.
Here is where you can: To see the whole shebang: LaBrea Project Summary and here is Tom Liston's personal web site: Hackbusters Home Page Supported platforms The latest version of LaBrea has been tested on: FreeBSD Linux Solaris Windows (98/2K) LaBrea uses autoconf / automake as well as Dug Song's libdnet, it should easily port to other platforms. (Of course, if you believe that, I have a bridge I want to sell you ...) Documentation Third party links Michael's LaBrea::Tarpit module for perl is cool. Being on the Bleeding edge Like to live dangerously?
Kyprizel/testcookie-nginx-module - GitHub. Linux: 25 PHP Security Best Practices For Sys Admins « Local Server Pentest. PHP is an open-source server-side scripting language and it is a widely used. The Apache web server provides access to files and content via the HTTP OR HTTPS protocol. A misconfigured server-side scripting language can create all sorts of problems. So, PHP should be used with caution. Here are twenty-fivephp security best practices for sysadmins for configuring PHP securely.
Our Sample Setup For PHP Security Tips DocumentRoot: /var/www/htmlDefault Web server: Apache ( you can use Lighttpd or Nginx instead of Apache)Default PHP configuration file: /etc/php.iniDefault PHP extensions config directory: /etc/php.d/Our sample php security config file: /etc/php.d/security.ini (you need to create this file using a text editor)Operating systems: RHEL / CentOS / Fedora Linux (the instructions should work with any other Linux distributions such as Debian / Ubuntu or other Unix like operating systems such as OpenBSD/FreeBSD/HP-UX).Default php server TCP/UDP ports: none #1: Know Your Enemy .
How to detect reverse_https backdoors. Saturday, 09 July 2011 17:42:00 (UTC/GMT) According to Mandiant 83% of all backdoors used by APT attackers are outgoing sessions to TCP port 80 or 443. The reason for why APT, as well as other attackers, are using these two ports is primarily because most organizations allow outgoing connections on TCP 80 as well as 443. Many organizations try to counter this by using web-proxies, which can inspect the HTTP traffic and block any malicious behavior. But TCP 443 cannot be inspected in this way since SSL relies on end-to-end encryption. By end-to-end encryption I mean that the session must be encrypted all the way from the server to the client without having any SSL proxies or MITM devices that break the encryption between the server and client.
Inserting an SSL proxy would typically result in a certificate error in the client's web browser. Ff ff ff ff ff ff 00 00 fe ff ff ff ff ff ff ff ff ff 88 ff Metasploit's reverse_https # . # . Share | Short URL: Source Checkout - pyfiscan - Free web-application vulnerability and version scanner. PHPIDS » Web Application Security 2.0. Comments. Md5deep and hashdeep. Minemu. Linux Kernel /etc/sysctl.conf Security Hardening. How do I set advanced security options of the TCP/IP stack and virtual memory to improve security and performance of my system? How do I configure Linux kernel to prevent certain kinds of attacks using /etc/sysctl.conf?
How do I set Linux kernel parameters? Sysctl is an interface that allows you to make changes to a running Linux kernel. With /etc/sysctl.conf you can configure various Linux networking and system settings such as: Limit network-transmitted configuration for IPv4Limit network-transmitted configuration for IPv6Turn on execshield protectionPrevent against the common ‘syn flood attack’Turn on source IP address verificationPrevents a cracker from using a spoofing attack against the IP address of the server.Logs several types of suspicious packets, such as spoofed packets, source-routed packets, and redirects. sysctl command The sysctl command is used to modify kernel parameters at runtime.
Sample /etc/sysctl.conf Edit /etc/sysctl.conf and update it as follows. References: