Category Archives: Security

Wieso Appliances kein Segen für die Welt sind…

Grosse Hosting-Anbieter haben halt wichtiges zu tun, als ihr Zeug auf einem aktuellen Stand zu halten. [crayon-5905055b5d7ea785896088/] Ich sage jetzt nicht, was es ist. Nur eines: Ich garantiere, wenn irgendwo eine Appliance steht, dann wird es das ...

Posted in Security | Leave a comment

nmap 7

Open source-Projekte haben unterschiedliche Philosophien…bei nmap wird nicht nach “Release early, release often” gestrebt und so dauert es schon mal über drei Jahre bis zum nächsten Release. Aber nun ist nmap 7 da....

Posted in Security | Leave a comment

Fedora Security Spin

The next release of Fedora and the Fedora Security Lab (aka Security Spin) is just around the corner. Time for some testing…we would appreciate if you give the Security Lab a spin, perform the test cases, and report the result. … Continu...

Posted in Fedora Security Lab, Security | Leave a comment

Happy Birthday Fedora Security Lab

Five years ago a bunch of guys started the Fedora Security Lab which was named Security Spin back then. Adam Miller initiated everything with the first commit. [crayon-5905055b5e4b9604153231/] With Fedora 13 the Security Spin aka Security Lab became ...

Posted in Fedora, Fedora Security Lab, Security | Leave a comment

nmap GUI

There is the well-known zenmap GUI for nmap. But there is another one, Umit. This GUI has a little bit more icons… To give umit a try: [crayon-5905055b5e6d4632206439/]  ...

Posted in Fedora Security Lab, Security | Leave a comment

nmap and Heartbleed

It didn’t take long for most tools to pick-up the possibility to detect the Heartbleed OpenSSL bug. For nmap the needed elements are in the VCS. [crayon-5905055b5e907673314461/] Run nmap with the script [crayon-5905055b5e90c902575489/] And you ...

Posted in Fedora Security Lab, Security | Leave a comment

Searching weak keys with nmap

Unfortunately there was a bug in the OpenSSL package in Debian which results in weak keys for services with SSL functionality. Download the tarball, unpack it, move the lists (blacklist.RSA-2048 and blacklist.RSA-2048) to /usr/share/nmap/nselib/data...

Posted in Security | Leave a comment

Fedora Security Test bench with Containers

The Fedora Security Lab Test Bench provides three low-interaction honeypots which are using honeyd. This is nice but real machine are much more fun. It took me a while to include this feature because just go on with nested KVM/qemu … Continue ...

Posted in Fedora, Fedora Security Lab, Security | Leave a comment

Fedora Security Lab now with Xfce

We are proud to announce that the Fedora Security Lab now uses Xfce as desktop environment. This means that the Fedora Security Lab for Fedora 20 will be the first official release after the transition away from LXDE. We are … Continue reading...

Posted in Fedora, Fedora Security Lab, Security | 1 Comment

Daten aus dem Netzverkehr extraieren

Es gibt diverse Möglichkeiten, um Daten aus dem Netzwerkverkehr zu extraieren. Dies funktioniert beispielsweise für SIP mit Wireshark ganz einfach. Aber es lassen sich auch andere Informationen herausziehen. Nur um es klar zu stellen, es geht um di...

Posted in General, Security | Leave a comment

Looking for SSH servers

Banner grabbing for SSH server is like banner grabbing for web server. Let’s say banner grabbing is banner grabbing and a part of the reconnaissance while performing a  security test. nc [crayon-5905055b5f058307560636/] scanssh [crayon-590505...

Posted in Fedora Security Lab, Security | 1 Comment

Am Zahn der Zeit…

20 Minuten ist mit dem Artikel “Mit dem Motorrad auf WLAN-Jagd” ganz aktuell…Wardriving war vor etwa 8-10 Jahre ein Thema. Ok, früher sassen die Leute in einem Auto, da es keine Netbooks gab 🙂...

Posted in Security, Wireless | Leave a comment

Installing SET (Social Engineering Toolkit) on Fedora

A while back I wrote a little blog post about the installation of the Social Engineering Toolkit (SET) on Fedora. In the meantime the developers moved from svn to git. I haven’t used my installation in the last couple of … Continue readi...

Posted in Fedora, Fedora Security Lab, Security | Leave a comment

Arachni

Arachni is another tool for penetration testers and administrators to evaluate the security of web applications. As many other well-know security tools arachni is based on Ruby. Don’t worry, the installation is done very fast (just follow the i...

Posted in General, Security | Leave a comment

Mongoose

mongoose hinzugefügt. Wer den Server unter Fedora nutzen will, kann ihn einfach mit folgendem Befehl installieren [crayon-5905055b5f78e770834186/] Als Vorlage gibt es hier noch eine service unit-Datei für systemd. [crayon-5905055b5f794760058874/] W...

Posted in Fedora, Security | Leave a comment