Penetration Testing Wiki
Quick video showing a successful attack doing a Denial of Service against a website using WordPress. To be protected against this cyberattack, do not forget to restrict access to /xmlrpc.php resource only from your IP address (1.2.3.4 in the example below). For Apache, edit /.htaccess file to add:
When installing WordPress is important to change the predefined salts to avoid any weak cryptography that makes your cookies and session management weaker. The fastest way to fix that: https://api.wordpress.org/secret-key/1.1/salt/ If you want to get more info about possible attacks on unsecure wordpress installation, here a good reading: https://www.securitysift.com/understanding-wordpress-auth-cookies/
My name is Jacobo Avariento. I started in cybersecurity around 2001 doing vulnerability research and exploit writing.
I worked as a consultant and penetration tester for top tier banks, the European Central Bank, pharmaceutical and automotive companies.
I got a Master’s Degree in Computer Science and hold Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) and Certified Blockchain Security Professional (CBSP) certifications.
