Working with Nessus scan results is easy. How do I know that? Because I’ve worked with this tool for some time and although I do not know every corner of the things I’ve been doing some scans and solving quite a few deffects on systems that were labeled as ‘production ready’ when they clearly weren’t. […]

How to work with Nessus scan results

How to install OpenVAS on FreeBSD
Was ist das? OpenVAS is a vulnerability scanner. If you are unfamiliar to the vulnerability scanning world this can be an overwhelmingly experience but tools like this are what makes the matter more accessible, more manageable, easy to see and easy to fix. Before digging into the matter at hand here, that is how to […]

How to install ModSecurity 3 on FreeBSD
A couple of years ago I wrote a guide on how to install Modsecurity on FreeBSD. Now the program is on its third iteration so a new article is needed. Or so I think. In this article I’ll be covering Modsecurity 3 applied to protect Apache HTTP. If you find the articles in Adminbyaccident.com useful […]

Reasonable amount of enabled modules on Apache HTTP
CentOS Ubuntu FreeBSD core_module (static) core_module (static) core_module (static) so_module (static) so_module (static) so_module (static) http_module (static) watchdog_module (static) http_module (static) access_compat_module (shared) http_module (static) mpm_prefork_module (shared) actions_module (shared) log_config_module (static) authn_file_module (shared) alias_module (shared) logio_module (static) authn_core_module (shared) allowmethods_module (shared) version_module (static) authz_host_module (shared) auth_basic_module (shared) unixd_module (static) authz_groupfile_module (shared) auth_digest_module (shared) access_compat_module (shared) […]

Web credentials stealing
The theft of credentials has been occurring since almost the beginning of time. But of course when the web ‘happened’ and specially when e-commerce exploded stealing passwords also went on the rise. Emptying bank accounts, ordering stuff on behalf (and expenses) of others, spying, even impersonation was and is achieved by stealing credentials. Luckily for […]

How to detect a WAF – Web Application Firewall
From a penetration testing perspective to identify if a Web Application Firewall (WAF) is in place is essential. The next question is, does an administrator need to know this? My view is, anyone who is in charge of any system that has implemented some sort of WAF needs to verify this tool is working, at […]

List of Speculative Execution Vulnerabilities
Vulnerability CVE Exploit name Public vulnerability name Firmware changes Spectre 2017-5753 Variant 1 Bounds Check Bypass (BCB) No Spectre 2017-5715 Variant 2 Branch Target Injection (BTI) Yes Meltdown 2017-5754 Variant 3 Rogue Data Cache Load (RDCL) No Spectre-NG 2018-3640 Variant 3a Rogue System Register Read (RSRE) Yes Spectre-NG 2018-3639 Variant 4 Speculative Store Bypass (SSB) […]

A brief introduction to Regular Expressions
A regular expression is a set of characters, a string of characters if you will, that specify a pattern. Ever used the grep command? It makes use of them. The ‘grep’ command is very handful when one needs to look for certain things inside a text file, or looking for some specific pattern from another […]

How to install Drupal 8 on FreeBSD
NOTE: Drupal 8 will be soon oudated. A newer article to be released on October 24th on how to install Drupal 9 on FreeBSD can be found here. This is a quick, simple yet effective tutorial on how to install Drupal 8 on FreeBSD. Drupal is a robust, complete well stablished CMS used on many […]

How to install Webmin on FreeBSD 12
Webmin is a fantastic tool for those willing to administer UNIX or unix-like systems through a GUI interface. While the CLI interface lets any user to interact with these kind of systems to the very core and extract all the juice, there are tasks where the graphical interface makes sense and its visual and quick […]
