Skip to content

Jitendra Patro

The more you learn, the more you realize how little you know.

Menu
  • Home
  • Blog
  • Status
  • Projects
  • Writeups
    • CVEs and Not CVEs
      • CVE writeups
      • Not CVE writeups
    • Secure Code Warrior
      • PHP Basic

Tag: Linux

Posted onJanuary 20, 2023January 27, 2023ModSecurity

ModSecurity with OWASP CRS – Part 1: Installation

by PhoenixLeave a comment on ModSecurity with OWASP CRS – Part 1: Installation

ModSecurity is an open source, cross platform Web Application Firewall (WAF) developed by Trustwave’s SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks…

Read More
Posted onJuly 17, 2022November 2, 2022CVEs and Not CVEs

Microsxxt Azure Global Admin MFA Bypass

by PhoenixLeave a comment on Microsxxt Azure Global Admin MFA Bypass

Introduction First of all, you might be getting curious about the post title, especially the “xx” in Microsxxt. Well, I leave it to the reader’s imagination to fill those “xx”…

Read More
Posted onJune 27, 2022January 20, 2023Tutorials

Deploying a Shadowsocks Server to GCP using Terraform

by PhoenixLeave a comment on Deploying a Shadowsocks Server to GCP using Terraform

Introduction Terraform is the most popular Infrastructure as code (IaC) tool available in the market. It supports more than a 1000 cloud providers and has some serious documentation for getting…

Read More
Posted onApril 16, 2022November 2, 2022PHP Basic

OWASP A6:2017 – Security Misconfiguration

by PhoenixLeave a comment on OWASP A6:2017 – Security Misconfiguration

If you stumble across this post and are wondering what this is all about, then I recommend reading this post before following this guide. TL; DR, this post is about solving Secure Code…

Read More
Posted onApril 15, 2022November 2, 2022PHP Basic

OWASP A5:2017 – Broken Access Control

by PhoenixLeave a comment on OWASP A5:2017 – Broken Access Control

If you stumble across this post and are wondering what this is all about, then I recommend reading this post before following this guide. TL; DR, this post is about…

Read More
Posted onApril 3, 2022November 2, 2022PHP Basic

OWASP A1:2017 – Injection

by PhoenixLeave a comment on OWASP A1:2017 – Injection

If you think this post’s titles sounds a bit weird for SEO, then know that it’s intentional. I did this to prevent blog posts under my PHP Basic category to…

Read More
Posted onMarch 21, 2022January 20, 2023Tutorials

Installing Vaultwarden server with Apache and SSLH proxy

by Phoenix2 Comments on Installing Vaultwarden server with Apache and SSLH proxy

Introduction Vaultwarden is a lightweight, single-process, rust based alternate implementation of the Bitwarden Server API which is compatible with bitwarden password manager clients. In short, Vaultwarden is an open source…

Read More
Posted onMarch 20, 2022October 16, 2022Tutorials

Migrating Rootful Docker containers to Rootless Docker

by PhoenixLeave a comment on Migrating Rootful Docker containers to Rootless Docker

Introduction Rootless mode of docker allows a non-root user to run Docker daemon and containers. This helps in preventing potential vulnerabilities, like privilege escalation to root, in the Docker daemon…

Read More
Posted onFebruary 28, 2022January 20, 2023Tutorials

Setting up a send-only mail server with Postfix

by PhoenixLeave a comment on Setting up a send-only mail server with Postfix

Introduction As I’ve mentioned in my First Blog Post, setting up a mail server is optional but recommended to monitor events and security incidents in our server. In this article,…

Read More
Posted onJanuary 28, 2022August 20, 2022Tutorials

Configuring Two Factor Authentication for ‘su’ and ‘sudo’

by PhoenixLeave a comment on Configuring Two Factor Authentication for ‘su’ and ‘sudo’

Linux security is a constantly evolving topic. One of the biggest security related headaches for Administrators is granting Sudo privileges to users. Sudo privilege when unchecked can become the primary…

Read More

Posts navigation

Page 1 Page 2 Next Page

About The Blog

I created this blog to share the knowledge I've gained over the years and things that I'm yet to learn. Presently, my posts will be mainly focused on Open Source software, Information Security and Hacking. Happy Learning!

Recent Posts

  • ModSecurity with OWASP CRS – Part 1: Installation
  • CVE-2022-33012:- Account Takeover Through Password Reset Poisoning
  • CVE-2022-33994:- Stored XSS in WordPress
  • Microsxxt Azure Global Admin MFA Bypass
  • Multiple Vulnerabilities in Idno – Known PHP CMS software
  • Deploying a Shadowsocks Server to GCP using Terraform
  • Installing Vaultwarden server with Apache and SSLH proxy

Archives

  • January 2023
  • October 2022
  • July 2022
  • June 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021

Categories

  • CVE writeups
  • CVEs and Not CVEs
  • ModSecurity
  • Not CVE writeups
  • PHP Basic
  • Projects
  • Secure Code Warrior
  • Tutorials
  • Writeups

Tags

access control Account Takeover algorithm apache Azure Bitwarden broken auth CMS code Core Rule Set CVE dns docker Email first post gcloud cli git Google Cloud HCL HTTP Headers IDOR injection installing-openvpn-as iptables Linode Linux mail MFA Microsxxt MITRE mysql nextcloud Open Source openvpn OpenVPN 3 ovpn-dco OWASP pagespeed password manager path traversal performance php php-fpm postfix proxy restricting-ssh rootless docker securing-ssh security security misconfig sensitive data exposure Shadowsocks SMIL sql ssh ssl sslh sslh-proxy su sudo SVG Terraform transparent-sslh two-factor-auth ubuntu vulnerability WAF webserver WordPress XSS

Contact Me

  • GitHub
  • LinkedIn
  • Mail
  • GitHub
© 2023 Jitendra Patro.