Proof of History ( POH ) is a sequence of computation that when checked can provide a way to verify passage of time between two events in a cryptographic way by using hash.
In this example we are going to use MD5 but that can also be sha256 or any other hash mechanism. the idea would be to have 2 functions one that generate the next hash in line and another one that can validate the hash provided is the correct hash.
The function gen-proof-of-history , get only one parameter and and that is the hash of the previous. the output of this function is the hash construct out of the previous hash and the timestamp. The function check-proof-of-history, get 2 parameters : the first is the timestamp and the second is the prior hash. the output is the next hash that the previous gen had provided.
Use this simple tool to test the performance of your regular expression. the test will run the regex against the given text and provide a number that tells you how fast it could run the regex for 10,000 times.
We all know browsers are notifiing clients of none secure connection, they also alert when there is mix content of secure and none secure objects on the same page. we will list here the simplest yet most efective way to fix that issue with and without modifying the pages.
Server side settings :
On the server side you should set to respond with the header that will tell the browser to send all requests over secure connection eg. TLS
Docker-compose is a wonderful tool, I use it all day. I fire up containers attach to them and do stuff. the short manual will show how to run a container and connect to it. I am not using Dockerfile in this example but that may be use as well if needed.
What we need is text editor to edit a simple fle called docker-compose.yaml this file will have all instructions ( minimal ones ) in order to run a basic cntainer orcastraded by docker-compose.
On this small script you can get list of all TLS versions and ciphers availble connecting a remore destination . the chalange on that script is that sometimes the number of supported ciphers is great and that consumes time. the main tool used here is openssl along with parallel . I also added timeout and custom port that can be set during the run
The script is build around two loops, one that loop the TLS version , and one that loop the TLS ciphers on each verison. the main command is generating a file that later will be called using parallel command . feel free to copy and modify
How to write a one liner if statement in Bash. Although I think code should be clear and easy to follow by anyone who reads it. however, I also love the simplicity and my code as short as possible, if statement that usually tends to be long, can also be one line in Bash
“Good things last long”, my mama use to say.
and just like that netcat is no exception
Using netcat for security testing is fun simple, and you do not need to
install applications you know nothing about .
here are some fun examples from tests I use :
Simple HTTP GET
Here is how to lock a file from write/delete in a dirty way .
this trick will work this file system ext2-4 XFS, ReiserFS, JFS and OCFS2.
and the trick is to use the command chattr for changing file extended attribute .
A file with the ‘i’ attribute cannot be modified: it cannot be deleted or renamed,
no link can be created to this file and no data can be written to the file.
Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.