Access Denied Information gathering thought

In today’s security aware age, it’s important to reflect on past mitigation’s and see if we can improve them.   Whilst doing recon on this WordPress install I realised that my nginx installation was returning very identifiable responses to directory traversal and directory fuzzing attack. In that it would respond …

ABS 2016 Australian Census Attack Problem

So when attempting to fill out the recent census this year, low and behold it’s non-responsive.   What was more aggravating was when checking social media sources, people were handing off the Bureau’s explanation, citing Abors LAYER 4 ATTACK MAP and criticising ABS for foul play…. Census is a layer …

Finding “live” NAT interface and broadcast address for a UDP LAN Chat Program

So I decided to do a simple Local Area Network based chat program that transmitted plaintext ASCII encoded text across UDP to all devices (listening on the port) on a network. Little did I know it’s much harder than that when not all system Route Tables point 255.255.255.255 to the …

Cloudflare Free SSL for everyone!

No, not as happy as it sounds. Recently cloudflare announced they would release free SSL certification for all their clients; paid and free.   Now, I’ve tested it on this site https://mcdonell.space and my browser’s client security settings hate it (Firefox Aurora Nightly Build). CSS isn’t protected under SSL unless …