Aujourd’hui je vous présente un petit outil que j’ai écrit en Python. Il fait suite à diverses expériences autour du pentest web.

L’ARP est un protocole qui, de par sa conception, expose les réseaux informatiques et leurs composants à des vulnérabilités et des dangers qui sont faciles à exploiter lorsque l’on connaît bien son fonctionnement. Nous allons ici étudier le fonctionnement des attaques utilisant le protocole ARP puis essayer de donner des pistes pour s’en protéger.

This penetration testing tool allows an auditor to intercept SSH connections. A patch applied to the OpenSSH v7.5p1 source code causes it to act as a proxy between the victim and their intended SSH server; all plaintext passwords and sessions are logged to disk.

Back in September 26 2016, I posted an email in Spanish to the Hamnet.es mailing list detailing my proposal for an IPv6 Amateur radio network, and trying to engage people into some preliminary tests. In October 1 2016, I posted a summary (in English) of my message to the 44net mailing list.

List of DNS violations by implementations, software and/or systems

Yesterday I changed the SSL Labs rating criteria to stop penalizing sites that do not implement server-side mitigations for the BEAST attack. That means that we now consider this attack sufficiently mitigated client-side, but, there are still some things you should now.

A flaw was recently found in OpenSSL that allowed for an attacker to negotiate a lower version of TLS between the client and server (CVE-2014-3511). While this vulnerability was quickly patched, an attacker that has control of your traffic can still simulate this attack today. Let’s explore how this is possible through looking at man-in-the-middle attacks and how browsers handle SSL/TLS connections. In addition, we will see the implications of the attack on cryptographic security.

One of the main issues when an ISP is planning to deliver IPv6 services is to decide how to address the customers. In this second part we describe choices for numbering the WAN and customer LANs.

In this article, we discuss the factors that impact VPN speed and how VPN speed can be increased. We also cover the speed differences between different ProtonVPN plans.

Mise en oeuvre d'IPv6 au Cameroun

Border Gateway Protocol (BGP) is the routing protocol that keeps the Internet glued together. The public Internet is composed of some 58,000 component networks (BGP calls them “Autonomous Systems” [AS’s]), many of which are very small, while some are very large both in terms of geographical coverage and numbers of users.

When I first arrived at MIT in 2010, I was awed by how much computing infrastructure was readily available. Dorm rooms had 100 megabit internet connections, the at-the-time latest 802.11n Wi-Fi blanketed campus, and setting up a website took a few clicks.

Contrairement au routage statique (voir cours Ajouter une route statique sur un routeur Cisco), le routage dynamique permet d’avoir une plus grande flexibilité pour l’administrateur réseau, en cas de panne d’un lien, le calcul pour trouver un lien de secours se fera automatiquement entre les routeurs mais sa mise en œuvre est un peu plus complexe.

I’ve discovered 4 important security vulnerabilities in OpenVPN. Interestingly, these were not found by the two recently completed audits of OpenVPN code. Below you’ll find mostly technical information about the vulnerabilities and about how I found them, but also some commentary on why commissioning code audits isn’t always the best way to find vulnerabilities.

CloudLayar is a website security tool that allows you to protect any domain from DNS-related attacks completely Free. CloudLayar was built with simplicity in mind so that every user could use the powerful protection without the need to learn too many technical things.

Un peu daté mais toujours intéressant !

Ta passerelle mindfuck vers l'Internet drapée d'une serviette orange

Dés qu’on commence à avoir plusieurs appareils connectés chez soi et que l’on désire pouvoir y accéder de l’extérieur, cela peut vite devenir un casse tête.

MlDonkey est un client P2P bien particulier

Dans les exceptions à la neutralité du Net, il y a les services gérés. Le consensus actuel est que la télévision linéaire (celle de papa, avec de la pub entre et dans les émissions, par opposition à la télévision de rattrapage qui se fait en ligne, avec de la pub partout aussi et du flash) est forcément un service géré. Ce consensus s'appuie beaucoup plus sur des pratiques actuelles et sur des choix techniques douteux que sur une réalité intangible.