This month I passed the (ISC)² Certified Secure Software Lifecycle Professional (CSSLP) exam. As I have been studying with the new version revised in late 2020 and have taken the revised exam, I would like to share my experience with you. My previous security certifications were always practically applied certifications, for example for pentesting. For me, the CSSLP was the…
7 CommentsJavan Rasokat Posts
After 3 months of good preparation I passed a challenging GIAC Certification for the GXPN – GIAC Exploit Researcher and Advanced Penetration Tester. The highlights for me were to learn and really understand how to defeat Windows and Linux stack protection, find common mistakes in cryptography implementation and in general to create and customize the tools to make them work…
2 Comments
Since Kali Linux is not available as an app in the Microsoft App Store, the installation as subsystem requires to run a few commands. 1. First, the subsystem feature must be activated via PowerShell (if not already activated). Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux 2. Kali Linux is downloaded as an AppX file. We can find a file that is always up…
Leave a Comment
This article is about installing Sqreen on the hosting and web server management system Plesk. Sqreen is a Web-Application-Firewall (WAF) and Runtime-Application-Self-Protection (RASP) solution. Sqreen is easy to install and works out of the box. The onboarding process guides you very well step-by-step through the whole setup and while setting up your first application you learn about each config. This…
Leave a Comment
WordPress ist das weit verbreitetste CMS überhaupt. Doch nach der ersten Betriebsnahme denken die meisten nicht weiter an die Sicherheit. Deshalb sind Schwachstellen in WordPress besonders lukrativ. Veraltete Versionen, für welche öffentliche Schwachstellen bekannt sind, werden durch sogenannte Crawler und Bots erkannt und angegriffen. Dies passiert meist vollautomatisch. Oft ist das Ziel dieser automatisierten Angriffe das CMS dazu zu missbrauchen,…
1 Comment
Nachdem ich ein Jahr mit meinen Dauerscheinen keine einzige Lottoziehung verpassen konnte, wird es nun Zeit für eine Auswertung der Daten und ein Fazit. Wie viel kostet mich das Lottospielen effektiv? In diesem Beitrag zeige ich, wie mit Hilfe der Firefox-Entwicklerwerkzeugen eine Auswertung erstellt werden kann und wie Webseiten sich manipulieren lassen. Vielleicht lässt sich ja auch eine ganz typische…
Leave a Comment
For WordPress there are very comprehensive scanning tools like WPScan. Unfortunately it is not quite the same with the CMS TYPO3. Typo3 describes in its Security Guideline detailed measures to secure the Typo3 instance. Beside the use of secure passwords, always current versions etc. there is also a great area about permissions and access restriction. Let’s hope people are following…
Leave a Comment
I installed the Pi-hole on a Raspberry Pi. Pi-hole is a DNS server for your home network. I have it running on a Raspberry Pi 1, so it’s nice to have a use for my old Raspberry here. It also runs on a Raspberry Zero. Pi-hole is a DNS sinkhole (/blackhole) and is used to block unwanted domains without installing…
2 Comments
Two months ago I found a security issue in the Firefox integrated Password Manager and reported it. It was so obvious that I was really surprised. Of course, I was not the first to find this vulnerability. After I reported it, I was informed that it was known and that a bugfix for Firefox 73 was already available in beta.…
Leave a Comment
Mit dem Raspberry Pi 4 hat die Raspberry Foundation einen leistungsstarken Computer auf den Markt gebracht. Wer sich mit seinem Raspberry Pi beschäftigt, wird mit hoher Wahrscheinlichkeit die von der Raspberry Foundation bereitgestellte Linux Distribution Raspbian bereits einmal installiert haben. Hier gab es über die Jahre immer wieder verschiedene Versionen im zugrundeliegendem Debian-System. Daher trägt das Raspbian-System je nach Versionsstand…
Leave a Comment