In preparation for a new web security training course (german, coming soon), I had another look at the current version of the Damn Vulnerable Web App (DVWA). As I documented the solution for the command injection vulnerability on high, I found something that sparked a tiny idea how this part might b...
Sniffing traffic on a network is fun but getting a physical connection in the first place can be just as interesting, especially when you want to extract information from a cabled network but can't simply plug into it. Wiretapping is a way of tapping into a network wire, hence the name, that is alre...
Now matter how much you want to secure your mail server, to be able to actually communicate with your customers and partners, you will have to face the ugly truth that enforcing STARTTLS might not be the best idea from a business perspective. Using opportunistic encryption, meaning to encrypt mail...
Whenever I'm connecting to a new remote server via SSH, I tend to verify the fingerprint to make sure that I'm actually connecting to my own machine. Usually it's not that big a deal as I'm simply comparing two strings, but what if those two strings are created with two different hashing algorithms?...
A few days ago, the TLS certificate (SSL is dead, remember?) of my private blog www.hashtagsecurity.com expired without me noticing it, mostly because I paused any activities there to focus on my work here at LastBreach as well as this blog. Since I didn't intend on working on hashtagsecurity.com...