1/30/2016 Problem Restarting Apache2: Solutions

If you're using apache 2 as webserver maybe sometimes you'll have to deal with common problems like vhost, syntax errors,  bad configurations. Sometimes is when you edit a file inside  /etc/apache2/sites-enabled/file.conf and maybe your edition just didn't accomplish with the syntax so here  is how can you check :

1. Make sure that your Apache2 service is up and running.
user@~$sudo service apache2 status 
● apache2.service - LSB: Apache2 web server
   Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
   Active: active (running) since Fri 2016-01-29 14:05:16 EST; 14s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 31573 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
  Process: 17063 ExecReload=/etc/init.d/apache2 reload (code=exited, status=0/SUCCESS)
  Process: 30948 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS) 
  ... 

If this isn't the output, read carefully the error.
2. Check your systemctl status, this will give you a lot of information.
user@~$sudo systemctl status apache2.service
● apache2.service - LSB: Apache2 web server
   Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
   Active: failed (Result: exit-code) since Fri 2016-01-29 13:48:57 EST; 18s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 31573 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
  Process: 17063 ExecReload=/etc/init.d/apache2 reload (code=exited, status=0/SUCCESS)
  Process: 30467 ExecStart=/etc/init.d/apache2 start (code=exited, status=1/FAILURE)
3. Run the apache config test. It is always a good idea to run configtest everytime you make changes to the apache2 config file so that you won't accidentally stop apache2 service
user@~$ sudo apache2ctl configtest
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK
4. Restart the apache service
user@~$ sudo service apache2 stop && sudo service apache2 start

References:

[1]http://www.techrepublic.com/article/troubleshoot-apache-problems-with-these-tips/
[2]https://www.digitalocean.com/community/tutorials/how-to-troubleshoot-common-site-issues-on-a-linux-server
[3]https://www.linode.com/docs/troubleshooting/troubleshooting-common-apache-issues
Digg it StumbleUpon del.icio.us

1/29/2016 Video Writeup EFF-CTF 2016

For a while I've been trying to understand a little bit about reversing and low level stuff, sometimes it becomes a little difficult but if you want you can, so this post it is to highlight a youtube channel that I've been checking in this vacations it the Liveoverflow's great videos that solves a few reversing challenges. As you know the most recent security conference was  the Usenix enigma as it's commonly in this kind of Cons there was a Capture The Flag , The EFF was runing a hacking contest at Enigma!  The challenges included web hacking, binary analysis, cryptography challenges, and more.


So LiveOverflow solve this after a few hours and he posted this on his youtube channel, so here it is .

Digg it StumbleUpon del.icio.us

1/28/2016 NSA’s top hacking boss explains how to protect your network from his attack squads


True words have not been spoken at the Usenix enigma conference it seems that the Nsa's top hacking boss is explaining how they exploit your networks and he is giving free advices... I doubt it, I've seen a lot of  systems over the time and wherever I've been, security invariably sucks even in the places where they really know it does suck. So, it's not a non sequitir to state that they'd probably be more secure with someone else handling the data at rest part of the equation or data in transit within the cloud provider.

Data in transit and data at rest still on premises will remain key determiners of exactly how the overall security posture rates up or rates down. A proper provider will help the business to lock down the in transit data as well. Then only the on premises setup will be the only part that sucks.Security is a process and the number of people that actually can read and apply proper processes is vanishingly small if it's possible, to advance your systems security and understand it just do it, and the first step is to encrypt everything, and trying to mitigate adding more layers of security.

I respect all people working in US goverment but as you know according to the recent statistics of some resources [Check spiegel.de] say that USA is the largest invading privacy , because they don't respect the American rights over national security , also we know that MI6 and other intel agencies are reading alien code searching for explotaible bugs. This is a game where the number one player is USA , and that talk given by Roy Joice is strange because he is part of that exploiters team.
Digg it StumbleUpon del.icio.us

1/21/2016 What is Practice?

  • Practice is a habit.
    Practice is a routine.
    Practice does not need to remember.
    Practice comes by practicing.
    Practice needs dedication and commitment.

  • To become a successful devops-pentester you need lot of practice, dedication and commitment
Digg it StumbleUpon del.icio.us

1/16/2016 The Traveling Salesman Problem

This week when I was reading about Brute Force password attacks in a Ukranian Course that I'm taking I just see how a cool implementation done by Dr Michel Wermelinger's seems pretty cool and easy explanation about how you can achieve all the nodes, just click on the image below to interact.

Images taken from the online game, The Jewels of Heuro

Taken from
The Open University under Creative Commons BY-NC-SA 4.0 license

Digg it StumbleUpon del.icio.us