Source: Command prompt to check TLS version required by a host
nmap --script ssl-enum-ciphers -p 443 www.google.comopenssl s_client -connect www.google.com:443 -tls1_2
openssl s_client -connect www.google.com:443 -tls1_1
openssl s_client -connect www.google.com:443 -tls1
Source: Stopping Brute-force Logins Against Wordpress
Here is an even shorter post on how to mitigate the attack using the mod_security Apache module. I won’t cover how to install it or configure it, but just show the rules I am using to detect and respond to a similar brute force attack.
Source: Brute Force Attacks
Unlike hacks that focus on vulnerabilities in software, a Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in. Often deemed 'inelegant', they can be very successful when people use passwords like '123456' and usernames like 'admin.'
They are, in short, an attack on the weakest link in any website's security: You.
Due to the nature of these attacks, you may find your server's memory goes through the roof, causing performance problems. This is because the number of http requests (that is the number of times someone visits your site) is so high that servers run out of memory.
Source: C 語言緩衝區溢位攻擊範例程式碼
本篇以 C 語言的實際範例,解釋緩衝區溢位攻擊的原理。
緩衝區溢位攻擊是一種典型的攻擊方式,雖然這種手法已經有一段的歷史,不過還是有可能因為程式設計者的疏忽,讓程式存在這樣的漏洞。
原文(source): 吳肯尼的黑箱子
原文(source): 吳肯尼的黑箱子: WebGoat
WebGoat 是OWASP所開發的元老級計劃之一,WebGoat是一個用於講解典型web漏洞的基於J2EE架構的web應用,他由著名的WEB應用安全研究組織OWASP精心設計並不斷更新,其中設計了大量的web缺陷,一步步的指導用戶如何去利用這些漏洞進行攻擊,同時也指出了如何在程式設計和編碼時避免這些漏洞。
Web應用程式的設計者和測試者都可以在WebGoat中找到自己感興趣的部分來try!
====================================================
http://www.configserver.com/free/mailscanner.html
http://www.configserver.com/cp/msfe.html