Clik here to view.
Illegal OpCode Red Screen of Death while booting a HP Proliant server from an...
A couple of weeks ago I was updating a few HP Proliant DL360p Gen8 servers running ESXi on a local SD card with ESXi patches via VUM, so business as usual. Almost, because on one of the servers I ran...
View ArticleClik here to view.
TMG “502 Proxy Error. The data is invalid” while downloading Windows...
Recently I ran into an odd issue when trying to download the KB2919355 Update bundle from Microsoft. The problem affected WSUS and local Windows Update clients that used TMG as their explicit proxy and...
View ArticleClik here to view.
SSL POODLE Attack – What is SCSV and how does it help?
The POODLE vulnerability is currently the hot topic in the security world. Here is a nice technical overview by the Google SSL Guru. POODLE relies on SSLv3, but today nearly every server and client...
View ArticleClik here to view.
MS14-066 / CVE-2014-6321
sup. (shamelessly stolen) After all the (well, partly justified) rage and criticism openssl or free/open source software in general received recently with fuckups like the heartbleed, changecipherspec...
View ArticleClik here to view.
THC SSL Renegotiation DoS Tool for SMTP STARTTLS
The so called Secure Client-Initiated Renegotiation function of SSL/TLS suffers from a possible DoS danger because it burdens the server’s CPU orders of magnitude more than the client’s, who initiates...
View ArticleClik here to view.
Script to extend LVM partitions
Here’s a script I wrote a while a go to extend LVM partitions on Linux machines. The script assumes that you have extended the existing underlying physical (or “virtual” if it’s a VM) storage device...
View ArticleClik here to view.
Secure Cipher-Suites for Qualys SSL Labs server test A/A+ rating
There are many possible ways to configure your server to support only secure cipher-suites and get an A/A+ rating from the SSL Labs SSL Test, some are more restrictive than others, some are more...
View ArticleClik here to view.
Replacing the IWSVA Admin Web Interface SSL Certificate
Since documentation on this by Trend Micro is pretty sparse and I’ve had to do this on a number of systems recently, I’ll document the process of replacing the certificate of the IWSVA Web Console with...
View ArticleClik here to view.
RC4 officially deprecated by RFC 7465
A new RFC 7465 has now been published that effectively calls for disabling RC4 everywhere: o TLS clients MUST NOT include RC4 cipher suites in the ClientHello message. o TLS servers MUST NOT...
View ArticleClik here to view.
Analyzing and coping with a SSDP amplification DDoS attack
A while ago we were hit by an amplification/reflection DDoS attack against our public-facing network. I was familiar with NTP and DNS based reflection DDoS attacks, but this one employed the Simple...
View ArticleClik here to view.
Decoding and analyzing obfuscated JavaScript for fun and profit
Take a short peek at the following JavaScript file (“ccard.js”): // Credit Card Validation Javascript // copyright 12th May 2003, by Stephen Chapman, Felgall Pty Ltd...
View ArticleClik here to view.
Renamed VMware Tools components and automatic installation
With the release of vSphere 6.0 and a recent update for the 5.5 VMware Tools on May 8th 2015 (9.4.12 build 2627939), VMware also changed the Windows VMware Tools installer slightly by renaming some...
View ArticleClik here to view.
[Script] Network routing/failover topology change detection
A while ago I wrote a simple but useful script which I’m sharing here to detect upstream provider HSRP failover events via traceroute. It can be used for all kinds of virtual IP routing failover like...
View ArticleClik here to view.
THC SSL Renegotiation DoS Tool for ESXi authd (port 902)
I had written about the Client-initiated SSL renegotiation DoS tool by THC and how to exploit SMTP STARTTLS mail servers with some modifications some time ago. At the time I’ve also noticed that to my...
View Article
