Articles in how-to

  1. Monitoring Drupal with OSSEC - It is possible to monitor your Drupal site using OSSEC, the open source host based intrusion detection system, by implementing a custom decoder and a few simple rules.
  2. Exploiting Drupal Node2Node XSS Vulnerability - Instructions on exploiting the recently unpublished Drupal Node2Node module.
  3. Secure PHP Connections to MySQL with SSL - Using encryption you can protect the traffic between your web server and your database server.
  4. Installing PHP 5.3 on CentOS 5.3 - Installing PHP 5.3 on a CentOS linux machine.
  5. Installing TrueCrypt 6.2 on CentOS 5.3 - Unfortunately installing TrueCrypt on Linux often involves building it from source.
  6. Drupal 6 CCK Module Allows Arbitrary PHP Injection - Attacking and defending the Drupal 6 PHP input type through CCK.
  7. Interrogating DNS - DNS (Domain Name System) is an important component of any reconnaissance or discovery phase of an attack on internet systems.
  8. Creating a Robots.txt Honeypot - Creating a robots.txt to detect and trap web site attackers.
  9. Protecting Your LAMP Site with a Robots.txt Honeypot - Knowing that malicious attackers might look into your robots.txt file and explore the listings there allows you to employ a few defensive techniques.
  10. Installing TrueCrypt on Mandriva - TrueCrypt is a great encryption utility that is available for several operating systems and uses.
  11. Decrypting Zipped Base 64 Encoded PHP Malware - De-obfuscating base 64 encoded PHP malware.
  12. Remote C Development Using Eclipse - One of the major challenges to most beginning C programmers is the lack of a good, open source IDE.
  13. Tips for Securing Drupal - Some tips for securing your Drupal installation.
  14. Installing Nikto on Windows - Nikto is a fast, extensible, free open source web scanner written in Perl.
  15. 4 Simple Tips for Securing OpenSSH - Securing an SSH server is a simple process that many administrators overlook.
  16. Overriding Windows DNS - You query it using an nslookup and things are fine, but when you point a web browser at the location things just bork up.
  17. Overriding Windows DNS - Quick instructions about how to modify your local DNS entries on a Windows system.
  18. Installing Zend Studio on Linux - Recently while trying to install Zend Studio 5 on my Linux system I got an error message about libc.so.6.
  19. Scripting GPG Encryption on Windows - Using GPG file level encryption allows you to distinctly identify files by filename while still protecting their content.
  20. Using Netcat to Transfer Files (and Other Mischief) - Netcat is an oft maligned program that can easily be used for many interesting and useful purposes.
  21. Using PHP to Access MySQL Results - This article aims to show you how to retrieve and use MySQL result sets in PHP.
  22. Converting a Decimal Digit to IEEE 754 Binary Floating Point - IEEE 754 Binary Floating Point is a 32-bit representation (for single precision, 64 bits are used for double precision) for floating point numerals.
  23. Investigating Rogue Ports - Discovering what processes are bound to open ports.
  24. Crontab -e You are not allowed to use this program (crontab) - I recently noticed that my user account wasn't able to use crontab.
  25. Using FreeNX on Mandriva - FreeNX is a remote desktop client/server program much like VNC. I've found that on Mandriva, remote connections using the TightVNC server that is usually installed, can be sluggish.
  26. Mounting an NTFS Partition for Use in Mandriva - Mounting an NTFS disk partition for use in Linux.
  27. Getting GPG Encryption with Evolution - Getting GPG encryption working with Evolution requires a few steps, described herein.
  28. Getting TrueCrypt to Work with Mandriva 2007.1 - How to install and enable TrueCrypt on a Mandriva linux machien.
  29. Return to Castle Wolfenstein on Mandriva - Playing Return to Castle Wolfenstein on Mandriva is a lot of fun. Linux detractors will often point out that Linux lacks games, and point to that as one of the main reasons to stay away from Linux for home use.
  30. Installing Virtual Ubuntu on Windows - Using virtualization you can install Linux on your Windows host operating system.
  31. Creating Drupal External Authentication - Implementing external authentication in Drupal.
  32. Mandriva 2007 on Intel dg965wh - I recently purchased a bunch of new parts, among them an Intel dg965wh motherboard, a new dual core Pentium processor, and an XFX Nvidia 7300 graphics card.
  33. Web Development with CVS - Versioning control is a concept that has been around for quite some time.
  34. Using Crontab - Crontab is an incredibly useful function that allows users to schedule tasks in the same way as the system does with cron.
  35. Wireless Hacking with Kismet - The proliferation of wireless networks is sometimes scary when you consider how insecure most wireless configurations are.
  36. Password Recovery on Windows XP - Resetting or decrypting Windows XP passwords is as fast as booting from a CD.
  37. Installing Perl on Windows - A quick guide to installing Active Perl on your Windows machines, including instructions on how to download and install extra packages from CPAN.
  38. Unwanted Systray Items - The Windows system tray can give you a quick overview of programs running in the background on your machine.
  39. Loading Data into MySQL from a Text File - Short article on loading text into a MySQL database from a plain text file. This operation is remarkably fast and easy, especially for data migration.
  40. Open Source USB Key Encryption Techniques - A sort guide to using open source encryption technolgoy to secure removable media.
  41. Executing MySQL via Textpad - Instructions on how to execute MySQL commands on a local database directly from within TextPad.
  42. Posting to MySQL with TextPad - You can document the data model as you actually create it. This is wonderful news for anyone that has had to spec up a data model, then create it, then reverse engineer a text document that describes the model.
  43. MS Acces to Oracle via ODBC - Instructions on connecting Microsoft Access to Oracle using ODBC.
  44. Hack by Numbers - An examination of the how-to steps taken by many system crackers.
  45. Dynamically Add HTML Form Elements - This short example shows you how you can dynamically add form elements to an existing form based on user request.
  46. Happy Hacking via Wireless - Abusing unsecured wireless connections for fun and profit, including advice for protecting your own wireless connections.
  47. Monitoring Sun One Web Server Active Threads - Short Perl script for monitoring active threads on a Sun One Web Server through SNMP and reporting abnormally high thread counts using SMTP.
  48. Using Secure Protocols - How to set up SSH and POP3s (or SSL wrapped POP) - Using secured protocols to defend against sniffing attacks on your Linux system.
  49. Effective File Removal - Removing a file from your computer is not as simple as just moving it to the 'Recycle Bin', read up on why and how to actually delete material from your hard drive.
  50. Hardening Your Windows 2000 Server - A list of simple steps you can take to significantly increase the level of security on a default installation of Windows 2000.
  51. Setting up a Linux MySQL server for Windows clients - Quick setup notes for connecting Windows client machines to a MySQL server.
  52. Steps to install Darwin Quicktime Streaming Server on Linux - How to install Apple's Darwin Quick Time Streaming Server on a Linux machine and get it working.
  53. Using Squirrel SQL to connect to your MySQL database - Brief instructions on how to set up Squirrel SQL Client as a GUI for your MySQL server.
  54. Creating an Oracle .WAR file for deployment - Instructions for building a WAR to deploy a .jsp only application (no beans or whatever) through the Oracle management web interface.
  55. BASH Shell Scripting - A quick introduction to shell scripting concepts and uses in the Bourne Again Shell (BASH).
  56. Bypassing Linuxconf in Mandrake - Stopping and starting services without using linuxconf and how to mimic this functionality at the command line.
  57. Backing Up and Restoring MySQL Databases - Backing up and restoring a MySQL database.
  58. Filesharing on Linux Using Napshare - Getting started with napshare including how to connect to the gnutella network and finding gnutella hosts.
  59. Partitioning New Linux Installs - Partitioning strategies for your new Linux install.
  60. Linux Networking Primer - A description of how to examine and change your Linux networking settings from the shell. Info on DNS, gateways and IP settings.
  61. Installing New Software on Mandrake Linux - Simple instructions on how to install both RPM's and .tar.gz software on your Mandrake Linux computer.
  62. How to Enable ODBC Logging for IIS on Win2k - How to enable IIS so that web logs are written to a database
  63. Designing a Data Driven Website - Part III - Tips for rolling out your web site for longevity, reliability, and ease of use.
  64. HTML Tutorial 04 - Including images in your web pages, including getting them and generating new ones.
  65. HTML Tutorial 05 - Using comments and tables.
  66. HTML Tutorial 06 - Where to go to look for more information on HTML
  67. HTML Tutorial 03 - Using lists in HTML
  68. HTML Tutorial 02 - Building a template, formatting text, and using links in your HTML pages.
  69. Designing a Data Driven Website - Part II - Data modeling, building a solid foundation for your data driven site.
  70. Designing a Data Driven Website - Part 1 - Choosing a good platform for your website needs, including operating system, scripting language, and database server.
  71. Madirish Tutorial 07 - Compiling raw C code (for exploits).
  72. Madirish Tutorial 09 - Finding and exploring Windows shares by hand.
  73. Beginners Guide to PHP -
  74. Madirish Tutorial 11 (Brute Forcing) - Breaking in - using a brute forcer to find a username and password for the target system
  75. Hacking Windows shares from Linux with Samba - Instructions on accessing unprotected Netbios shares on a Windows machine from Linux.

Top Articles

  1. Installing Nikto on Windows
  2. SSHatter SSH Brute Forcer
  3. PHP Arbitrary File Include
  4. Hardening PHP from php.ini
  5. Web Hacking Lesson 4 - File Include Vulnerabilities
  6. e107 XSS and XSRF Vulnerabilities
  7. Madirish Tutorial 11 (Brute Forcing)
  8. Using the Google Safe Browsing API from PHP
  9. JavaScript Email Validation
  10. Beginners Guide to PHP

Tags

advisory, apache, authentication, brute force, c, certification, cms, computers, database, development, disclosure, drupal, editorial, email, encryption, exploit, feature, firewall, hardening, hardware, honeypot, how-to, incident response, intrusion detection, java, javascript, linux, malware, microsoft, mysql, networking, open source, oracle, ossec, perl, phishing, php, privacy, review, rootkits, security, social engineering, sql injection, ssh, tools, virtualization, virus, vulnerability, website, wireless, xml, xsrf, xss

Links

Sites or researchers I dig

Blog Articles

Advisories