How to add L2ARC to Freenas pool from console

My Freenas box does not have CPU with AES-NI instructions. Freenas wizzard by default wants to add L2ARC with AES-XT 256 encryption, in my case that is huge performance downgrade. BUT! There is the workaround for that - add Cache device manually without encryption

gpart destroy -F "ada0"
gpart create -s gpt ada0
gpart add -l L2ARC -t freebsd-zfs -s 200G -a 4k -b 128 "ada0"
gpart list
zpool add DATA cache gptid/xxxxxxxxxxxxxxxxxxxxxxxxxxx

Read More

How to Pass EC-Council Certified Ethical Hacker (CEH)

Exam Overview:

• Number of Questions: 125
• Test Duration: 4 Hours

There is no easy way to pass it. I recommend to use safari books video course. https://www.safaribooksonline.com/library/view/learning-path-certified/9780134677552/

If you prefer reading, get a proper book (ISBN - 978-1119252245)
https://www.amazon.co.uk/CEHV-Certified-Ethical-Hacker-Version/dp/1119252245


I can guaranty, that there will be

• NMAP questions
• tcp/ip and tcpdump questions

And that is why as a t the last stage of your preparation familiarize yourself with the following:

https://www.sans.org/security-resources/tcpip.pdf

https://blogs.sans.org/pen-testing/files/2013/10/NmapCheatSheetv1.1.pdf


Good Luck!

Read More

Wine Staging soon with Gallium "Nine"

As a Linux enthusiast and a Gamer I can't be more happy. It seems that Gallium nine soon will be merged into wine-staging repository. More information can be found here: https://github.com/wine-compholio/wine-staging/pull/333



Fingers Crossed!

Read More

TOGAF 9.1 - Where to start?

Good place to start with TOGAF is not safaribooksonline.com nor the skillport but Youtube. Perfect jump start course can be found here: https://www.youtube.com/playlist?list=PL2FF5FCBA1AF9B8FA

From there you can switch to official documentation or books available on safaribooksonline.com
TOGAF 9.1 (90-Day Evaluation) can be found here - you must have an email verified account.
https://www2.opengroup.org/ogsys/jsp/publications/PublicationDetails.jsp?catalogno=I112

Read More

Zerodays Movie - Stuxnet

A documentary focused on Stuxnet, a piece of self-replicating computer malware that the U.S. and Israel unleashed to destroy a key part of an Iranian nuclear facility, and which ultimately spread beyond its intended target.

You can watch this movie for free!

Read More

WPScan Wordpress Vulnerability Scan - Installation and Usage

WPScan installation on Ubuntu

Install packages

apt-get install git
apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev
apt-get zliblg-dev liblzma-dev

Use git to clone branch of WPScan

git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install --without test development

Lunch it with ruby and check usage options

ruby wpscan.rb

To update WPSca

git pull

 

WPScan Scanning for Vulnerabilities

Quick Scan

ruby wpscan.rb --url http://wpsite.com

Vulnerable Plugins Scan

ruby wpscan.rb --url http://wpsite.com --enumerate vp

Vulnerable Themes Scan

ruby wpscan.rb --url http://wpsite.com --enumerate vt

User Enumeration Scan

ruby wpscan.rb --url http://wpsite.com --enumerate u

Password Scan

ruby wpscan.rb --url http://wpsite.com --wordlist passwords.txt threads 100

*password.txt is not part of the source, you can download dictionary file from many places.. for example: https://github.com/danielmiessler/SecLists/tree/master/Passwords

More information about the tool can be found here https://wpscan.org/.

Read More

Targeted Attack, The Game

The Game "Targeted Attack", puts you in the driving seat. You are the CIO of a global organization called "The Fugle", on the verge of making the first release of a biometrically authenticated mobile payment app. You will steer the project through its final stages, dealing with your internal security team, your colleagues in Marketing and PR and of course your CEO

I highly recommend it - just give it a shot.

http://targetedattacks.trendmicro.com/

Read More