In this brief blog post I will discuss what I believe to be good practices to follow during the set-up and day-to-day usage of a Cryptocurrency hardware wallet; specifically the Ledger Nano S because it’s the one I use. This advice should still be useful for other hardware wallets as they’re all quite similar.
Late last year I decided to see how many misconfigured CI/CD (continuous integration and deployment) installations I could find on the internet. I decided to focus my research on one of the most popular CI/CD applications – Jenkins. This article isn’t an attack on Jenkins in any way shape or form – any piece of software and/or hardware can be configured incorrectly… it just so happens to be that CI/CD servers often host some very sensitive configurations – some of which I will come on to in a bit.
This is a quick blog about a bug I found in a private bounty program on Bugcrowd. The reason for me writing about it is to increase awareness around these issues and implementation flaws so that fellow bug bounty hunters/people in Infosec/developers can use the information in this article for the betterment of security.
In this article I will go through my findings and analysis on the Safe Links feature of Microsoft’s Office 365 Exchange Online Advanced Threat Protection.
Ninite has long been my number one tool for deploying, updating and removing popular 3rd party applications… I especially enjoy the feeling of removing Flash and Java from any where I can get my hands on 🙂
Up until now, Ninite has been completely agentless. You get a simple light-weight .exe which you can either run by double clicking or by using switches in the CLI (NinitePro.exe).
To automate the process of deploying or updating applications you previously had to script something together and schedule the .exe to run at a schedule. I don’t mean to make it sound like scripting it to make it work in your environment is difficult – it really isn’t but sometimes it can be tricky to implement for machines that are either not on the domain or simply not on the premises to receive those updates.
Please note that these new features are designed for business/enterprise environments so only available for Ninite Pro users.
So the title is a bit misleading but I figured it’s what most people will search if they want to get active call stats from their Cisco Unified Communications infrastructure – it’s certainly what I searched when I wanted to achieve the same thing. Turns out you can only get active call stats via SNMP from the Cisco Unified Border Element (CUBE).
I will show you how you can get the active incoming/outgoing and total external calls and how you can use these in PRTG to get a nice graph going of Active Calls Vs Bandwidth.
What you won’t see is the number of internal calls as we are only monitoring the CUBE. Internal calls don’t touch the CUBE and as far as my research went, the CUCM server doesn’t keep track of active calls… at least not without some manipulation of OIDs.
This is my first in, I hope, a series of posts about the ‘state of things on the internet’ along with my findings and anything interesting I may have come across along the way.
This post will be about the state of Telnet (Port 23) on the internet from the perspective of a single internet-scanning host (read more in the methodologies section below). I’ll be going through some statistics including: top countries, top brands and/or firmware and lastly, an analysis on banner responses.