Category: hardening

Penetration Testing Wiki

NIST best practices to prevent and mitigate ransomware attacks

Ransomware is a big threat to any company or corporation. In a matter of minutes all data from servers, workstation, laptops can be encrypted and most probably lost. Also worth to mention that ransomware attacks, can exploit some unpatched Windows vulnerability but most of the times are triggered by employees executing some weird attachment while…
Read more

Sysadmin tricks: Get an alert when users log in

For some critical machines when it is not usual that users login through SSH or execute SU to become superuser, we can use PAM module configuration to receive some kind of alert whenever a user logs into that machine or escalates privileges to root. Two options here: /etc/pam.d/su: To receive alerts everytime a user becomes…
Read more

How to fix WordPress XML-RPC Cyberattacks

To be protected against this cyberattack, do not forget to restrict access to /xmlrpc.php resource only from your IP address (1.2.3.4 in the example below). For Apache, edit /.htaccess file to add:

Gadgets for Penetration Testing

Hardware gadgets http://syncstop.com/ SyncStop prevents accidental data exchange when your device is plugged into someone else’s computer or a public charging station https://usbninja.com/ USBninja

Hardening WordPress installation

When installing WordPress is important to change the predefined salts to avoid any weak cryptography that makes your cookies and session management weaker. The fastest way to fix that: https://api.wordpress.org/secret-key/1.1/salt/ If you want to get more info about possible attacks on unsecure wordpress installation, here a good reading: https://www.securitysift.com/understanding-wordpress-auth-cookies/

Restrict by IP in Apache behind Cloudflare

If you are using Cloudflare as first line of defense, and want to restrict by IP in the Apache webserver behind. Add this to your .htaccess: