How artificall intelligence will replace human knowledge

Service desk and It demandes will be replaced by human intelligence robotically optimized (hiro product)

Posted in Artifical Intelligence | Leave a comment

How to backup & update Drupal using command line

  1. backup core files:
    tar vcfz backup/pre-dup-update-7xx.tar.gz

tar -czvf name-of-archive.tar.gz /path/to/directory-or-file

  1. backup drupal database (Mysql)
    mysqldump -uusername -p databasename > backup/folder/file.sql
  2. backup drupal database (Mysql)
    mysqldump -uusername -p databasename > backup/folder/file.sql
  3. backup drupal database (Mysql)
Posted in CMS, Drupal | Leave a comment

The most security risks on the web

1) Sql injection

– Try to simulate sql injection with very known tool HaviJ

2) Transport Layer attacks (http/https)

– Typically Man in the middle attack that sniffs the no secured traffic by injecting   javascript  keylogger on the webpage specially in login page.
Cookies are source of this kind of attacks too.

3) Insecure password storage

– Password are stored either in plain text either encrypted or cryptographically hashed mode (one way process)
Password storage on the DB has to be always hashed with the right algorithm rather that just encrypted them and enforce a strong password policy
Try hashcat combined with password dictionary downloaded on sites such as  “hashkiller.co.uk”

4) Cross Site Scripting (XSS)

– Technique of distributing a link with xss payload , victims follows the link , page  returned to browser (reflected) and victim’s data sent to attacker
– Encode correctly HTML / HTML attributes/ CSS / JavaScript
– Protect the cookies not to be accessible by client script

5) Weak Account Management

– Poor password tools, lack to brute force protection, remember password option of web browsers, password change mechanism, account enumeration list ( the page answer to a request to confirm or not the existence of an account on the system).

Posted in Uncategorized | Leave a comment

Free fonts from google

Google offers a solution for pic’s fonts called  noto download link

Posted in Uncategorized | Leave a comment

What is gartner saying about trends in the last 10 years

Loooking from the Gartner point of view trends

Hype_Cycle_for_Emerging_Technologies_2000

Hype_Cycle_for_Emerging_Technologies_2003

Hype_Cycle_for_Emerging_Technologies_2006

Hype_Cycle_for_Emerging_Technologies_2007

Hype_Cycle_for_Emerging_Technologies_2008

Hype_Cycle_for_Emerging_Technologies_2010

Hype_Cycle_for_Emerging_Technologies_2012

Hype_Cycle_for_Emerging_Technologies_2013

Hype_Cycle_for_Emerging_Technologies_2014

Hype_Cycle_for_Emerging_Technologies_2015

Posted in Uncategorized | Leave a comment

.NET 3.5 installation error 80244022

Error Code 0x80244022 le trying to install .Net Framework 3.5 in Windows 10 version

Error Code 0x80244022 while trying to install .Net Framework 3.5 in Windows 10 version

 

  1. gpedit.msc in RUN. It’ll open Group Policy Editor.
  2. Go to : Computer Configuration -> Administrative Templates -> System
  3. Under Specify settings for optional component installation and component repair,  option set to Enabled and select Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS) option  as shown in the picture

Specify settings for optional component installation and component

Posted in Windows 10 | Leave a comment

Radia Perlman penned this poem while she developed Spanning Tree

Posted in Network | Leave a comment

SSL Apache configuration under *Nix distribution

In this case you will deal with 3 types of files :

*.csr => file contains the CSR code that you need to submit to the authority that will issue the certificate . During certificate activation specially for wildcard please define  under Common Name (eg, your name or your server’s hostname) []:*.domain.tdl
*.key => file is the Private Key which is generated during the request of the crs file. This key will be used for decryption during communication between Client and Server (please keep safe you private key and never make it public)
*.crt => The authority that is issuing the certificate will send you different files such as ServerCA, TrustedCA, CARoot etc. This is you certificate and is used for validation. This can be bundle in one file if needed or can be downloaded from the registrar.
Hashing algorithm SH1 is obsolete and SHA-2  up to 2048 is strongly recommend.
3 steps to install the certificate:

  1. Generate a CSR run the command below in terminal: openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
  2. Submit the request  (contet of server.csr genreated at step 1)to the issuer of the certificate
  3. Once the code you need to edit the Appache Virtual Host files as follows

Fedora/CentOS/RHEL: /etc/httpd/conf/httpd.conf

Debian and Debian based: /etc/apache2/apache2.conf

 

Listen 443

<VirtualHost _default_:443>

DocumentRoot “/var/www”

ServerName *your_domain_name*

SSLEngine on

SSLCertificateFile “/ssl/*your_domain_name*.crt”

SSLCertificateKeyFile “/ssl/*your_private_key*.key”

SSLCACertificateFile “/ssl/bundle.crt”

</VirtualHost>

 

Posted in Uncategorized | Leave a comment

Nginx configuration files

The way nginx and its modules work is determined in the configuration file. By default, the configuration file is named nginx.conf and placed in the directory /usr/local/nginx/conf, /etc/nginx, or /usr/local/etc/nginx.

Strucuture of files and thier extention are prensented like this ( attention, private key shouldn’t be copy on any other certificate )

my certificate: mydomain.crt
intermediate certificate: AuthorityIssuer.pem

my private key : mydomain.key
and signing request: mydomain.csr

SSL configurations to come

 

Posted in Apache, Ngninx, WebServers | Leave a comment

Ethical hacking tools

1) collect information on the target

readnotify.com make sure if you email get to the destionation

maltego on https://www.paterva.com inorder to get all the information on personal data in the web

netcraft.org Whois information on the website

archive.org Historical information on the website

database exploit https://www.exploit-db.com/

2) Scanning tools

Nmap https://nmap.org/ for visual interface

Nessus scanning network for exploits

Cain & Abel can be downloaded on oxid.it

hping3 tool  Active Network Security Tool

 

 

 

 

Posted in Uncategorized | Leave a comment