Secure Shell (SSH) is an amazing cryptographic network protocol, and it undoubtedly helps secure a huge slice of today's Internet - giving sysadmins robust remote access to their servers, but also so much much more. I've been using SSH on Linux Servers for longer than I can remember. Well, not quite. I do remember those "telnet" days when nobody had … Continue reading Hardening SSH on your Ubuntu Server
I recently finished competing in the AusCERT2016 Capture the Flag (CTF) challenge which ran for 48 hours. Coming in 10th place from dozens of active participants was very rewarding! I entered under the team alias "InsertCoin"- partly to protect myself if I performed terribly(!) but also because I'm currently looking for new work opportunities - and the name subtly describes my current state-of-mind … Continue reading AusCERT2016 CTF – 10th Place!
Whenever I've had the task of personally assisting someone with remediating a compromised web server, I can't help switching into researcher mode. I want to know how the attack has happened, and of course to stop it from happening again, but I'm always intrigued by what the attacker is trying to achieve - and it isn't always … Continue reading How to replace malicious PHP pages with sneaky POST data capture
I was standing outside my office during a heavy downpour the other day, admiring that fresh thunderstorm feeling in the air, when we had a very brief power outage...Happened to glance over at a nearby Automatic Teller Machine (ATM) and to my aston...