Archive for the ‘Uncategorized’ Category

Security Matters: How To Protect Yourself Online

November 17, 2016 Leave a comment

The internet is a wide open space and, much like the real world, contains the greatest and the darkest of things. This blog will focus on the best browsing practices to protect yourself on the internet.

There are a thousand and one products out there that promise to keep you safe online, and they all work to varying extents, but the best protection is situational awareness and best practices. Much like you wouldn’t walk down a dark alley at midnight in the highest crime area of a city, you shouldn’t go wandering into the dark depths of the internet.

Be Safe On Social Media

Let’s start with best social media practices. It is best practice to not publicly post your information, but if you do, following these guidelines will help keep you safe:

  • Double check your privacy settings. Are you sharing more than you think?
  • Think before you post: Would you be embarrassed if this picture or post was viewed by your mother or your boss? If so, you probably shouldn’t post it.
  • If you are going to be leaving on vacation, don’t post this type of information publicly. Criminals have been known to search social media to find targets to burglarize.
  • Don’t “friend” strangers. Criminals have been known to friend people so they can view the information they post on social media. This information can help them steal accounts with easily guessed password-recovery questions.
  • Be guarded with the information you post. If you see a survey full of personal questions like your mother’s maiden name, first pet, first car, street you grew up on, first job, etc., don’t fill these out. These are all common questions used for password resets.
  • If you are doing online dating, pick a random handle, not one you use anyplace else – and not your real name. You should also not post pictures with identifiable places where you commonly hang out. The internet has its share of creeps and this information can help them find you, especially in smaller communities.
  • Talk to your kids about the safe use of social media. In this day and age it is important that they know how to stay safe online.

Avoid Downloads

Another big one is, don’t download software from peer-to-peer or other dodgy sites. Software can be expensive but illegally downloading is not only illegal, it’s dangerous.

It is easy to add Trojan virus and malware to seemingly legitimate software. Sure, the latest version of Photoshop may work just fine when you install it after downloading it off the Pirate Bay but it is very likely you also just installed ransomware, and it will cost you more in the long run. Only purchase your software from legitimate sources.

Don’t open documents in an email, instant messenger or text message, unless you are expecting them, even if it is from someone you know. This is another large vector for malware infection.

Word documents, Excel files, PDFs and other files can contain what is called a macro virus. These are programs inside the files that can be used to install malware on your computer. Once an attacker infects a computer they will send out messages to everyone in the person’s contact list with a virus attached. These have even been seen on mobile phones, mainly on Android devices, which for a variety of reasons tend to be the least secure.

Browse Safely

Keep your browsing software up to date. Browsers have become much better at this, with Firefox and Chrome automatically updating themselves. To be on the safe side, go into the menu option and check to see if your browser is up to date. If you are an Internet Explorer or Safari user, be sure that you are installing all the latest patches from Apple and Microsoft. Older browsers often have vulnerabilities that can be exploited just by visiting a malicious website.

Use an ad blocker. There is a large overlap with ad networks and malware. This is often called malvertising. Malicious code finds its way into ad sites on a regular basis because criminals know that by compromising an ad site they will be able to infect a large number of browsers. If you block these sites you avoid the ads, and the risk.

Virtual Host Enumeration for fun and profit

April 15, 2016 Leave a comment

The following will allow you do virtual host discovery using the bing API

Step 1: Find the web servers you are interested in using NMAP

nmap -PN -p 80 –open -oG – | awk ‘$NF~/http/{print $2}’ > webservers

Subsitute the IP address range you want in the above command and whatever you want the file name to be

Step 2: If you don’t already have a bing API key get one. The free API key allows you to do 5,000 transactions per month. If you need to do more there are paid tiers.

Step 3: I found a python script that works, its usage is a little bit funky, so I will be modifing it when I find some time.

Step 4: Create a text file and put your API key into it. IE VI key.txt

Step 5: Run the following command to search bing for the IP addresses in the file you created in step 1, this will output a text file called URLS that can then be used with eyewitness

cat webservers | python -b key.txt | awk ‘{ print $3 }’ > URLS

Step 6: If you don’t already have Eyewitness to capture screen shots down load it

git clone

Step 6: Run eyewitness to get screen captures of all the virtual hosts
./ –web -f URLS

Categories: Uncategorized


June 16, 2003 Comments off

I passed the RHCE exam, and I might add I did it without installing X, damn I rock.
Dear Jeffrey B. Holden:
The results of your RHCE Certification Exam are reported below. The
RHCE Certification Exam allows candidates to qualify for the
Red Hat Certified Engineer (RHCE) and Red Hat Certified Technician
(RHCT) certificates. Please note that the RHCE designation is
understood to both include and supersede the RHCT designation.
RHCE requirements: completion of compulsory items (50 points)
RHCT requirements: completion of compulsory items (50 points)
Compulsory troubleshooting score: 50.0
Non-compulsory troubleshooting score: 50.0
Total troubleshooting score: 100
RHCE minimum requirement: 50 percent
RHCT minimum requirement: none
Multiple choice score: 90.0%
RHCE minimum requirements: total section score of 50 percent
70 percent on RHCT components
70 percent on RHCE-specific components
RHCT minimum requirement: 70 percent on RHCT components
Installation and Configuration score: 85.9
RHCT score: 81.8%
RHCE score: 87.5%
RHCE overall requirement: average of 80 for Sections I, II, and III
Your average: 91.97%
RHCE Certification: PASS
Congratulations — you are now certified as a Red Hat Certified
Engineer! Your RHCE Certificate number is 809003516308049.
The attached file is your personal print-ready certificate.
Please reply to this email address if your name does not appear
correctly, and we will send a modified version of the certificate.
You are entitled to print this document and use it to demonstrate
that you are an RHCE, provided you remain an RHCE in good standing.
You may not modify or change the document’s contents in any way, nor
may you appropriate any elements of this document for use in other
electronic documents or printed materials. You may only print the
document in its entirety. Any other use of the document must be
approved by Red Hat, Inc.
Your RHCE number should be available for verification at Red Hat
Certification Central:
You can verify the certificates of other RHCEs and RHCTs at
Please visit RHCE Connection, our web site exclusively for RHCEs:
There you will find special offers from Red Hat, logo art, job
listings, and more. You can also use the site to manage your contact
information. In order to access the site, you will need a PIN number.
You can have the PIN sent to the email address we have on file at
Certification in Red Hat Linux opens up new opportunities. We hope
you will keep Red Hat updated with your experiences and successes
with Red Hat Linux.
Please feel free to call or email with ideas and suggestions as to ways
we can enhance our Red Hat Linux training and certification programs.
Thank you very much for your interest in Red Hat Linux!
Red Hat Certification Central <>

Categories: Geeky stuff, Uncategorized