In this post we'll be focusing on a certain kind of malware: Linux/Xor.DDoS (also known as DDoS.XOR or Xorddos).

A regular expression is a sequence of characters used for parsing and manipulating strings. They are often used to perform searches, replace substrings and validate string data. This article provides tips, tricks, resources and steps for going through intricate regular expressions.

Own-Mailbox est une solution se présentant comme « La boîte mail 100% confidentielle ». Surf sur la vague de la vie privée, quitte à faire du bullshit ou vraie solution de protection, une petite analyse rapide de ce nouveau projet.

As of nginx 1.9.5, there is experimental support for HTTP/2. This article will show you how to enable HTTP/2 support in your Nginx configuration. This can be enabled or disabled per vhost, it does not have to be enabled server-wide.

Whenever we ask curl users what they lack in our project and what we should improve, the response is always clear: documentation.

ZFS compression results in workload starvation, partially ameliorated by async_write_max_active

HAProxy Starter Guide

No matter how tightly you restrict outbound access from your network, you probably allow DNS queries to at least one server.

This is a collection of thoughts on securing a modern Apple Mac computer using OS X 10.11 "El Capitan", as well as steps to improving online privacy.

Lynis est un outil d’audit de sécurité pour les systèmes UNIX. Il vérifie le système ainsi que les logiciels installés et crée un rapport sur les éventuels risques de sécurité.

Modern Windows versions add headaches to active VPN users. DNS resolver in earlier versions up to Windows 7 was predictable and made DNS requests in order according to DNS servers preference, just as all other OS. This could lead to DNS Leak only if the DNS server inside the tunnel didn’t reply in time or sent en error, which wasn’t that horrible.

Grsecurity has existed for over 14 years now. During this time it has been the premier solution for hardening Linux against security exploits and served as a role model for many mainstream commercial applications elsewhere. All modern OSes took our lead and implemented to varying degrees a number of security defenses we pioneered; some have even been burned into silicon in newer processors. Over the past decade, these defenses (a small portion of those we've created and have yet to release) have single-handedly caused the greatest increase in security for users worldwide.

Probably one of the smallest SSL MITM proxies you can make. Only using openssl, netcat and a couple of other standard command line tools.

Securing your IT infrastructure bysecuring your team

During Positive Hack Days V, I made a fast track presentation about eCryptfs and password cracking. The idea came to me after using one feature of Ubuntu which consists in encrypting the home folder directory. This option can be selected during installation or activated later.

Lorsque l’on vends ou qu’on donne son ordinateur on omet généralement d’effacer le disque dur. Cela peut poser un problème si votre disque dur contient des documents confidentiel ou des mots de passes ou un profil Firefox avec des cookies de session. La personne qui récupère votre PC peut alors utiliser vos profils ou consulter vos courriels...

SSH Tipps & Tricks - RMLL 2015

Elasticsearch: The Definitive Guide

systemd controls the world... and sends your DNS requests to Google if there are no other servers via @bortzmeyer. Systemd and pulse-audio sucks !

La plaie de DNSSEC, comme celle de tous les systèmes de cryptographie, est la gestion des clés. Avec DNSSEC, la clé de signature des autres clés, la KSK (Key Signing Key) est censée être remplacée (rolled over) régulièrement. Si un résolveur a une KSK dans sa configuration, cela oblige l'administrateur du résolveur à effectuer le remplacement à la main, ce qui peut être contraignant. Notre RFC 5011 propose une autre solution : le domaine signe la nouvelle KSK avec l'ancienne et le résolveur accepte alors automatiquement cette nouvelle clé.