Posts

Common HTTP Status Codes (RFC 2616)

Some of the common HTTP Status codes taken from RFC 2616 which can help penetration testers / cybersecurity analysts / IT Admins are below :


Transaction/ErrorStatusDescriptionSuccessful Transactions200OKSuccessful Transactions201CreatedSuccessful Transactions202AcceptedRedirected Transactions301Moved PermanentlyRedirected Transactions302Moved TemporarilyRedirected Transactions304Not ModifiedClient Side Errors400Bad RequestClient Side Errors401UnauthorisedClient Side Errors403ForbiddenClient Side Errors404Not FoundServer Side Errors500Internal Server ErrorServer Side Errors501Not ImplementedServer Side Errors502Bad GatewayServer Side Errors503Service Unavailable





Encoded Characters Map to Standard Characters

%3c = <    %20 = (a space character)    %22 = “    %3a = :    %27 = ‘    %2e = .    %2f = /    %3e = >    %5c = \

Cyber Security - In Reality

Recently I came to know about an incident which forced me to draft my thoughts here on my blog about Attack Surfaces and Attack Vectors. This will also talk about some preventive measures which are basics and should be taken care in the organisation. That said, we should also understand that if someone tells us that his tool/ or he can make our organisations security posture unbreakable and hack proof, please ignore them to start with. Our focus should always be to perform internal assessments and to apply best practices as much as possible to reduce the attack vectors and surfaces, and to have processes to deal with such security incidents. There will always be a new way which the hackers will work out to penetrate the network.
The IT space currently has been under pressure due to cyber attacks and viruses / malware being released leading to huge losses and creating a panic specially for the IT support teams as they were not ready for it. We all should accept that this is now a new …

Azure Storage Service

Azure storage is a cloud storage solution for applications which provides applications additional scalability, durability and highly available storage for their data.

The 4 different types of Azure storage service are :

Blob Storage : This supports any type of text or binary data, such as application installers, documents, media files etc. It stores unstructured object data hence also referred as object storage.Table Storage : It is for No-SQL key attribute datastore, which is useful for rapid development and provides quick access to huge amount of data.Queue Storage : User for communication between cloud services by providing reliable messaging for workflow processingFile Storage : Used for shared storage for applications using SMB Protocol. Mounted shares are used to share files between Azure VM's and applications, to share files with the on-premises applications we can use file services Rest API.

Azure Single sign-on (SSO)

We all know that SSO (Single Sign-On) means that we can access all the required applications and resources by signing in only once. This saves us time and effort and also keeps it easy for the users that they just have to remember one password for accessing the resources.

Talking about Azure cloud, Azure supports 3 different ways of SSO for applications :

Federated Single Sign-On : This enables the applications to be redirected to Azure AD instead of prompting the users for a password. This is supported by applications which support SAML 2.0, WS-Federation and OpenID connect.Password Based Single Sign-On : Provides secure application based password storage, which is replayed with the help of web browser extensions or mobile apps. This method leverages the existing sign on process of the applicationExisting Single Sign-On : If you already have a SSO deployed for an application, this method extends the SSO capability to Office 365 or Azure AD access panel portals and also enables additi…

Puppet Client Installation Steps

I am sharing the steps to be followed to install Puppet on CentOS.
I will not cover the steps to followed to CentOS.

Install CentOSEdit the /etc/ssh/sshd_config file, ensure Permit Root Login is YESInstall Yum Repo for Puppet  $rpm -ivh http://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm ]          [ Please validate the arch of the Linux distribution you are using ]
Now install puppet using Yum   $yum install puppet Edit the puppet.conf file to add the puppet server. Also add puppet server in the /etc/hosts to make sure it points to the right server node.[main]     # The Puppet log directory.     # The default value is '$vardir/log'.     logdir = /var/log/puppet
    # Where Puppet PID files are kept.     # The default value is '$vardir/run'.     rundir = /var/run/puppet
    # Where SSL certificates are kept.     # The default value is '$confdir/ssl'.     ssldir = $vardir/ssl
[agent]     # The file in which puppetd stores a list of the classes     # associated with …

Flush / Reset DNS Cache in a Mac OS

You can use the below commands in the terminal to flush DNS / Reset DNS Cache on your macbook / Mac OS :

OS X Yosemite and later ( OS X v10.10.4 or later ):
sudo killall -HUP mDNSResponder
OS X v10.10 through v10.10.3:
sudo discoveryutil mdnsflushcache
OS X Mavericks, Mountain Lion, and Lion (OS X v10.9.5 and earlier):
sudo killall -HUP mDNSResponder
Mac OS X Snow Leopard (OS X v10.6 through v10.6.8):
sudo dscacheutil -flushcache