Most of the WordPress theme comes with built-in support for sliders. This slider is shown at the home page as a slider for features post. It looks nice and puts a good impact on visitors. As I already wrote, most of the themes come with a slider, but what if your theme does not have […]
The post 10 Best WordPress Slider Plugins appeared first on UseThisTip.
We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration.Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defenses of their Linux and UNIX-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.Supported operating systemsThe tool has almost no dependencies, therefore it runs on almost all Unix-based systems and versions, including:AIXFreeBSDHP-UXLinuxMac OSNetBSDOpenBSDSolarisand othersIt even runs on systems like the Raspberry Pi and several storage devices!Installation optionalLynis is light-weight and easy to use. Installation is optional: just copy it to a system, and use “./lynis audit system" to start the security scan. It is written in shell script and released as open source software (GPL). How it worksLynis performs hundreds of individual tests, to determine the security state of the system. The security scan itself consists of performing a set of steps, from initialization the program, up to the report.StepsDetermine operating systemSearch for available tools and utilitiesCheck for Lynis updateRun tests from enabled pluginsRun security tests per categoryReport status of security scanBesides the data displayed on the screen, all technical details about the scan are stored in a log file. Any findings (warnings, suggestions, data collection) are stored in a report file.Opportunistic ScanningLynis scanning is opportunistic: it uses what it can find.For example, if it sees you are running Apache, it will perform an initial round of Apache related tests. When during the Apache scan it also discovers an SSL/TLS configuration, it will perform additional auditing steps on that. While doing that, it then will collect discovered certificates so they can be scanned later as well.In-depth security scansBy performing opportunistic scanning, the tool can run with almost no dependencies. The more it finds, the deeper the audit will be. In other words, Lynis will always perform scans which are customized to your system. No audit will be the same!Use casesSince Lynis is flexible, it is used for several different purposes. Typical use cases for Lynis include:Security auditingCompliance testing (e.g. PCI, HIPAA, SOx)Vulnerability detection and scanningSystem hardeningResources used for testingMany other tools use the same data files for performing tests. Since Lynis is not limited to a few common Linux distributions, it uses tests from standards and many custom ones not found in any other tool.Best practicesCISNISTNSAOpenSCAP dataVendor guides and recommendations (e.g. Debian Gentoo, Red Hat)Lynis PluginsPlugins enable the tool to perform additional tests. They can be seen as an extension (or add-on) to Lynis, enhancing its functionality. One example is the compliance checking plugin, which performs specific tests only applicable to some standard.ChangelogUpgrade note## Lynis 2.7.3 (2019-03-21)### Added- Detection for Lynis being scheduled (e.g. cronjob)### Changed- HTTP-6624 – Improved logging for test- KRNL-5820 – Changed color for default fs.suid_dumpable value- LOGG-2154 – Adjusted test to search in configuration file correctly- NETW-3015 – Added support for ip binary- SQD-3610 – Description of test changed- SQD-3613 – Corrected description in code- SSH-7408 – Increased values for MaxAuthRetries- Improvements to allow tailored tool tips in future- Corrected detection of blkid binary- Minor textual changes and cleanupsDownload Lynis 2.7.2
Topic: WordPress 3.4.2 The-CL-Amazon-Thingy Plugins 1.0 Open Redirection Risk: Low Text: ## # Exploit Title : WordPress 3.4.2 The-CL-Amazon-Thingy Plugins 1.0 Open Redirection # Auth…
Topic: Wehelp ticket support system v1.5 XSS Vulnerability Risk: Low Text: | # Title : Wehelp ticket support system v1.5 XSS Vulnerability …
PenTestIT RSS Feed
I wrote about AutoSploit in a post titled AutoSploit = Shodan/Censys/Zoomeye + Metasploit and it’s subsequent update to AutoSploit 2.2. Recently, AutoSploit 3.0 was released. This post tries to describe the changes between the last release and the newest version as this release adds a number of features and bug fixes. This release is codeRead more about UPDATE: AutoSploit 3.0 – The New Year’s edition
The post UPDATE: AutoSploit 3.0 – The New Year’s edition appeared first on PenTestIT.
What if you could easily visualize which access point every Wi-Fi device nearby is connected to in a matter of seconds? While programs like Airodump-ng can intercept this wireless information, making it easy for hackers to use and understand is another challenge. Fortunately, a tool called Airgraph-ng can visualize the relationships between Wi-Fi devices from only a few seconds of wireless observation.
Signals Intelligence with Wi-Fi Devices
Signals intelligence is the science of understanding human behavior and systems behind intercepted radio signals. To understand how to attack a target… more