Security
From neil.tappsville.com
Jump to navigationJump to search- SANS Institute https://www.sans.org/
- Security Onion - https://securityonion.net/ IDS , analysis of pcap to alerts.
- TraceWrangler https://www.tracewrangler.com/ - sanitization and anonymization of PCAP (windows based)
Chrome untrusted SSL Certs
Click anywhere on the page and type a BYPASS_SEQUENCE
thisisunsafe is a BYPASS_SEQUENCE for Chrome version 65
badidea Chrome version 62 - 64.
danger used to work in earlier versions of Chrome
You don't need to look for input field, just type it. It feels strange but it is working.
Self Signed Certs
sudo openssl req -x509 -newkey rsa:4096 -keyout hostname.key.pem -nodes -out hostname.cert.pem -subj '/CN=hostname.domain.com' -days 182 -sha256
place in /etc/pki/tls/private then restart httpd. (nginx)
Password Hashes
If we take a look at the crypt.3 manpage, we can see:
If salt is a character string starting with the characters "$id$" followed by
a string terminated by "$":
$id$salt$encrypted
then instead of using the DES machine, id identifies the encryption method
used and this then determines how the rest of the password string is
interpreted. The following values of id are supported:
ID | Method
---------------------------------------------------------
1 | MD5
2a | Blowfish (not in mainline glibc; added in some
| Linux distributions)
5 | SHA-256 (since glibc 2.7)
6 | SHA-512 (since glibc 2.7)
SHA-512 on MAC
pip3 install passlib
python3 -c "from passlib.hash import sha512_crypt; import getpass,string,random; print( sha512_crypt.using(salt=.join([random.choice(string.ascii_letters + string.digits) for _ in range(16)]),rounds=5000).hash(getpass.getpass()))"
