THIS CRAFTY TOOL CAN EAVESDROP ON 6G WIRELESS SIGNALS
https://www.futurity.org/metasurface-in-the-middle-6g-wireless-signals-2741042-2/
https://www.futurity.org/metasurface-in-the-middle-6g-wireless-signals-2741042-2/
Futurity
This crafty tool can eavesdrop on 6G wireless signals
Thanks to new findings, 6G wireless networks could be designed with built-in defenses against "metasurface in the middle" attacks.
Beware, here is how WhatsApp accounts are getting hacked..
https://www.linkedin.com/posts/fb1h2s_beware-here-is-how-whatsapp-accounts-are-activity-6934386561048264704-NnFf
https://www.linkedin.com/posts/fb1h2s_beware-here-is-how-whatsapp-accounts-are-activity-6934386561048264704-NnFf
Linkedin
Beware, here is how WhatsApp accounts are getting hacked. First, you receive a call from the attacker who will convince you to…
Beware, here is how WhatsApp accounts are getting hacked. First, you receive a call from the attacker who will convince you to make a call to the following number **67*<10 digit number> or *405*<10 digit number>. Within a few minutes, your WhatsApp would…
R4IoT: When Ransomware Meets IoT and OT
Next-generation ransomware report:
https://www.forescout.com/resources/r4iot-next-generation-ransomware-report
Next-generation ransomware report:
https://www.forescout.com/resources/r4iot-next-generation-ransomware-report
Forwarded from Sys-Admin InfoSec
Open BLD DNS Updating News: Pre-release BLD, Debian migration and Alerting infrastructure
I'm happy to present BLD DNS pre-release services already in production. What's new:
🚀 Speedup:
• Cache and updating process of additional blocking lists, was improved
• Improved memory handling. Redis cluster added.
• Improved DNS prefetching process
🛸 Security:
• Fully removed support olders TLS versions
• All code depenses (include vulnerabilities fixes) was updated
• Added cross check server availability with alerts
• All BLD servers has A statuses in SSLLABS
• All BLD servers divided to specified categories
• Added notifications (alerts) to Telegram Bot
🪚 Stability:
• Added additional systemd timers for watching BLD services statuses
• Added DNS tracking service and automatic restart of BLD services
🚜 Migration:
• All migration (from distro to distro) processes 90% automated
• All CentOS servers deprecated and changed to Debian 🎉
🛰 Today, the BLD infrastructure has 10 servers located around the world 🎈🎈🎉
BLD works without agents or any additional tools, but you can use secure and clean Internet in/on:
• Browsers (Chrome, Brave, Firefox, Edge and etc)
• Mobile devices (Android, iOS)
• Computers or networks (Primaty/Secondary DNS)
If you not tried BLD DNS - get more details on official BLD site:
• https://lab.sys-adm.in
#free #bld #sys-admin #sevices
I'm happy to present BLD DNS pre-release services already in production. What's new:
🚀 Speedup:
• Cache and updating process of additional blocking lists, was improved
• Improved memory handling. Redis cluster added.
• Improved DNS prefetching process
🛸 Security:
• Fully removed support olders TLS versions
• All code depenses (include vulnerabilities fixes) was updated
• Added cross check server availability with alerts
• All BLD servers has A statuses in SSLLABS
• All BLD servers divided to specified categories
• Added notifications (alerts) to Telegram Bot
🪚 Stability:
• Added additional systemd timers for watching BLD services statuses
• Added DNS tracking service and automatic restart of BLD services
🚜 Migration:
• All migration (from distro to distro) processes 90% automated
• All CentOS servers deprecated and changed to Debian 🎉
🛰 Today, the BLD infrastructure has 10 servers located around the world 🎈🎈🎉
BLD works without agents or any additional tools, but you can use secure and clean Internet in/on:
• Browsers (Chrome, Brave, Firefox, Edge and etc)
• Mobile devices (Android, iOS)
• Computers or networks (Primaty/Secondary DNS)
If you not tried BLD DNS - get more details on official BLD site:
• https://lab.sys-adm.in
#free #bld #sys-admin #sevices
Sys-Admin Up pinned «Open BLD DNS Updating News: Pre-release BLD, Debian migration and Alerting infrastructure I'm happy to present BLD DNS pre-release services already in production. What's new: 🚀 Speedup: • Cache and updating process of additional blocking lists, was improved…»
Confluence Server and Data Center - CVE-2022-26134 - Critical severity unauthenticated remote code execution vulnerability
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
Forwarded from Sys-Admin InfoSec
2022-MS-Vulnerability-Report.pdf
1.3 MB
/ Microsoft Vulnerabilities Report 2022
Historically, the report has delivered a holistic annual view of the vulnerabilities within Microsoft’s platforms and products, and has established an
undeniable business case for the importance of removing admin rights to reduce risk…
Historically, the report has delivered a holistic annual view of the vulnerabilities within Microsoft’s platforms and products, and has established an
undeniable business case for the importance of removing admin rights to reduce risk…
NodeJS Security Recommendation Links
- ESLint Plugin Security - https://github.com/nodesecurity/eslint-plugin-security
- Express App Secure with Helmet - https://www.npmjs.com/package/helmet
- 6 Tools for checking vulnerabilitues in Node - https://www.freecodecamp.org/news/6-tools-you-can-use-to-check-for-vulnerabilities-in-node-js/
- Secure coding practices for NodeJS Web Applications - https://auto1.tech/securing-nodejs-applications/
- Top 11 Node.js security best practices - https://blog.sqreen.com/nodejs-security-best-practices/
#node
- ESLint Plugin Security - https://github.com/nodesecurity/eslint-plugin-security
- Express App Secure with Helmet - https://www.npmjs.com/package/helmet
- 6 Tools for checking vulnerabilitues in Node - https://www.freecodecamp.org/news/6-tools-you-can-use-to-check-for-vulnerabilities-in-node-js/
- Secure coding practices for NodeJS Web Applications - https://auto1.tech/securing-nodejs-applications/
- Top 11 Node.js security best practices - https://blog.sqreen.com/nodejs-security-best-practices/
#node
GitHub
GitHub - eslint-community/eslint-plugin-security: ESLint rules for Node Security
ESLint rules for Node Security. Contribute to eslint-community/eslint-plugin-security development by creating an account on GitHub.
API Gateway in NodeJS
- Create an API Gateway Using NodeJS and Express - https://medium.com/geekculture/create-an-api-gateway-using-nodejs-and-express-933d1ca23322
- How to build your first RESTful API in Node.js - https://medium.com/@jlrosenberg/how-to-build-a-node-rest-service-a3f280b99c7d
#node
- Create an API Gateway Using NodeJS and Express - https://medium.com/geekculture/create-an-api-gateway-using-nodejs-and-express-933d1ca23322
- How to build your first RESTful API in Node.js - https://medium.com/@jlrosenberg/how-to-build-a-node-rest-service-a3f280b99c7d
#node
Medium
Create an API Gateway Using NodeJS and Express
Let's say that you have a bunch of API endpoints that you are currently managing, such as a large collection of micro services. Maybe at…
⚙️ Monitor.sh - Script for checking systemd unit status
monitor.sh can run custom noscript / action if unit has stopped or running statuses, examples:
or
or just:
add this noscript to cron and if your systemd unit will be stopped or disabled, monitor.sh will enable and will try tu restart targeted systemd unit…
* https://github.com/m0zgen/monitor
monitor.sh can run custom noscript / action if unit has stopped or running statuses, examples:
./monitor.sh -u sshd -a "/path/to/action-noscript/action.sh"or
./monitor.sh -u multipathd -r -a "/usr/local/sbin/test.sh"or just:
./monitor.sh -u multipathd -radd this noscript to cron and if your systemd unit will be stopped or disabled, monitor.sh will enable and will try tu restart targeted systemd unit…
* https://github.com/m0zgen/monitor
GitHub
GitHub - m0zgen/monitor: ⚙️ Monitor.sh - Script for checking systemd unit status
⚙️ Monitor.sh - Script for checking systemd unit status - m0zgen/monitor
knot-resolver-readthedocs-io-en-stable.pdf
918.1 KB
Knot Resolver - Official Manual (Mar 15, 2022)
Knot Resolver is a minimalistic implementation of a caching validating DNS resolver. Modular architecture keeps the core tiny and efficient, and it provides a state-machine like API for extensions
Knot Resolver is a minimalistic implementation of a caching validating DNS resolver. Modular architecture keeps the core tiny and efficient, and it provides a state-machine like API for extensions
Этика и психология индивидуума айтишного и не только. Риторика.
- В начале было слово. Слово - это поступок. Говоря слова и собирая их в предложения, абзацы - следи за собой ибо ты совершаешь поступки.
- Воля, дух - их как бы нет как органов, но их можно тренировать, развивать и использовать это в своей жизни.
- Совокупность разных качеств образует образ - личность, эксперта или тряпку и болтуна.
Нравственность и мораль, а так же жизненный опыт, аспекты слова и духа и много чего еще образуют еще одну сущность, дисциплину - этика…
Далее о наборе различных компетенций формирующих поведение и отношение к жизни, самому себе и окружающим:
- https://sys-adm.in/live/983-etika-i-psikhologiya-individuuma-ajtishnogo-i-ne-tolko-ritorika.html
- В начале было слово. Слово - это поступок. Говоря слова и собирая их в предложения, абзацы - следи за собой ибо ты совершаешь поступки.
- Воля, дух - их как бы нет как органов, но их можно тренировать, развивать и использовать это в своей жизни.
- Совокупность разных качеств образует образ - личность, эксперта или тряпку и болтуна.
Нравственность и мораль, а так же жизненный опыт, аспекты слова и духа и много чего еще образуют еще одну сущность, дисциплину - этика…
Далее о наборе различных компетенций формирующих поведение и отношение к жизни, самому себе и окружающим:
- https://sys-adm.in/live/983-etika-i-psikhologiya-individuuma-ajtishnogo-i-ne-tolko-ritorika.html
lab.sys-adm.in
Sys-Admin Laboratory
Open Sys-Admin BLD DNS - Focus on information for free with adblocking and implicit cybersecurity threat prevention.
Probing for Passwords –
Privacy Implications of SSIDs in Probe Requests
https://arxiv.org/pdf/2206.03745.pdf
Privacy Implications of SSIDs in Probe Requests
https://arxiv.org/pdf/2206.03745.pdf
Top 5 Free Kubernetes Certifications
The purpose of this post is to share 5 free self-paced certifications that everyone interested in the Kubernetes ecosystem should know:
https://medium.com/geekculture/top-5-free-kubernetes-certifications-8c86b2c5b590
The purpose of this post is to share 5 free self-paced certifications that everyone interested in the Kubernetes ecosystem should know:
https://medium.com/geekculture/top-5-free-kubernetes-certifications-8c86b2c5b590
Medium
Top 5 Free Kubernetes Certifications
Today, Kubernetes is the most adopted open-source platform to orchestrate containers. Research proves IT teams are thinking about…
Forwarded from Sys-Admin InfoSec
Открытый курс по этичному хакингу. Формат: 10% теория / 90% практика.
Это то, что доктор прописал, курс от практикующего Этичного Хакера, Master of Computer Science, OSCP, eWPTXv2, eCPTXv2
Исследователь множественных CVE, автор блога: murat.one, канала: @onebrick, хорошего человека и моего друга, по окончанию курса слушатели будут на уровне junior penetration tester, в общем 10 недель:
• Неделя 1. Введение в коммерческий пентест. Создание рабочей среды
• Неделя 2. Сбор информации. OSINT
• Неделя 3. Техники социальной инженерии
• Неделя 4. Безопасность web-приложений
• Неделя 5. Атака на web-приложения. Автоматические инструменты
• Неделя 6. Безопасность инфраструктуры. Разведка
• Неделя 7. Атаки на инфраструктуру. Metasploit Framework
• Неделя 8. Основы Android приложений и атаки на WiFi
• Неделя 9. Платформы для обучения кибербезопасности
• Неделя 10. Написание коммерческого отчета
Со слов автора - не диктор и возможно придется поставить скорость на 1.5, но лично мне все в самый раз:
• https://youtu.be/oRflkcjm08U
Спасибо @manfromkz за проделанный труд и за открытый awareness паблику 🤝
[ru] Мои "Flex" факторы работы с инфраструктурой, про 12 факторов Heroku и не только
В Августе 2021 года, когда я запускал OPEN BLD DNS и по сегодняшний день - слыхом не слыхивал про методологию THE TWELVE-FACTOR APP, но когда прочитал, понял - у меня все так и было +- на интуитивном уровне, сегодня хочу рассказать свою версию факторов подхода к разработке, деплою, использованию и отслеживанию работоспособности проектов.
Далее о 12 факторах, моей "Flex" методологии и о том, как это все можно применять на практике:
* Статья о 12 факторах Heroku и моего “Flex” взгляда
~~~
[en] My "Flex" factors working with infrastructure and about of 12-factors app from Heroku
Try to use Google Translator, but I created repo and site for my “Flex” concept:
* Repo: https://github.com/m0zgen/flex-doc
* Site: https://flex-doc.pages.dev
В Августе 2021 года, когда я запускал OPEN BLD DNS и по сегодняшний день - слыхом не слыхивал про методологию THE TWELVE-FACTOR APP, но когда прочитал, понял - у меня все так и было +- на интуитивном уровне, сегодня хочу рассказать свою версию факторов подхода к разработке, деплою, использованию и отслеживанию работоспособности проектов.
Далее о 12 факторах, моей "Flex" методологии и о том, как это все можно применять на практике:
* Статья о 12 факторах Heroku и моего “Flex” взгляда
~~~
[en] My "Flex" factors working with infrastructure and about of 12-factors app from Heroku
Try to use Google Translator, but I created repo and site for my “Flex” concept:
* Repo: https://github.com/m0zgen/flex-doc
* Site: https://flex-doc.pages.dev
lab.sys-adm.in
Sys-Admin Laboratory
Open Sys-Admin BLD DNS - Focus on information for free with adblocking and implicit cybersecurity threat prevention.
CyrilEx Regex Tester
One of the best regex tester:
* https://extendsclass.com/regex-tester.html
#regex #test
One of the best regex tester:
* https://extendsclass.com/regex-tester.html
#regex #test
Extendsclass
Online Regex tester and visualizer - Python, PHP, Ruby, JavaScript, Java, MySQL
Online regular expression tester for Python, PHP, Ruby, JS, Java and MySQL. Regex visualizer. Syntax highlighting. Cheatsheet. Generate string corresponding to a regex.
macOS Security and Privacy Guide
highly hardenning configarions and examples:
* https://github.com/drduh/macOS-Security-and-Privacy-Guide
highly hardenning configarions and examples:
* https://github.com/drduh/macOS-Security-and-Privacy-Guide
GitHub
GitHub - drduh/macOS-Security-and-Privacy-Guide: Community guide to securing and improving privacy on macOS.
Community guide to securing and improving privacy on macOS. - drduh/macOS-Security-and-Privacy-Guide