Account compromised in a data breach

• https://haveibeenpwned.com/
• https://haveibeenpwned.com/api/v2/breachedaccount/user@example.com
• https://breachalarm.com/
• https://sec.hpi.uni-potsdam.de/ilc/search

Incident (abuse) reporting

https://www.csirt.cz/en/incident-reporting/how-report/ and https://aws.amazon.com/forms/report-abuse

Subject should contain the IP address and case type

• Sending email spam
• Spamming online forums or other websites
• Hosting a site advertised in spam
• Excessive web crawling
• Intrusion attempts (ssh, FTP, etc)
• Exploit attacks (SQL injections, remote file inclusions, etc)
• Hosting unlicensed copyright-protected material
• Phishing website
• Pharming website
• Website hosting viruses/malware
• Credit card fraud
• Open proxy
• Port scanning
• IRC botnet activity
• Denial of Service attack (DoS/DDoS)
• Alleged misuse of copyrighted work

Details

• URL
• Source and destination IP addresses
• Source and destination ports
• Time zone

Security audit

@TODO https://github.com/CISOfy/lynis/

HTTP CSP - Content Security Policy

• https://securityheaders.io/
• https://report-uri.io/
• https://report-uri.io/home/generate

Malware analysis

https://www.hybrid-analysis.com/ malware analysis (file upload) by Payload Security

Store secret data in shares

gfshare

apt-get install -y libgfshare-bin

http://www.digital-scurf.org/software/libgfshare

Cipher names correspondence table @Mozilla

Cipher names correspondence table

TLS Names table generator

Detect supported SSL ciphersuites

nmap --script ssl-cert,ssl-enum-ciphers -p 443 <TARGET>

Mozilla (online)

Observatory

Cryptosense

https://discovery.cryptosense.com/

Qualys SSL Labs (online)

SSL Server Test

DigiCert (online)

DigiCert® SSL Installation Diagnostics Tool

Sectigo (was Commodo)

• Certificate Search

HTTP response security headers

https://securityheaders.io/

OWASP Testing Guide

Testing for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection

SSLyze

SSLyze, Fast and full-featured SSL scanner

cipherscan

cipherscan also analyzes configurations

SSL Breacher

SSL Breacher - Yet Another SSL Test Tool

Settings

Strong Ciphers TLS and SSH

Strong Ciphers for Apache, nginx and Lighttpd and OpenSSH server settings

Queries for supported algorithms

for Q in key kex cipher cipher-auth mac; do echo "--- ${Q} ---"; ssh -Q "$Q"; done

Mozilla Server side TLS Tools

Server side TLS Tools, doc: Server Side TLS Document

CloudFlare IP ranges

• https://www.cloudflare.com/ips-v4
• https://www.cloudflare.com/ips-v6

CloudFlare API v4 IP banning

mode: block | challenge | whitelist
target: country | ip

Value would be an IP, /16 /24 or a 2-letter country code. The notes field can be left empty or removed if you don't want to add any. To block for a specific zone only, just change the API URL to:

https://api.cloudflare.com/client/v4/zones/YOUR-ZONE-ID/firewall/packages/access_rules/rules

Replace YOUR-ZONE-ID with the zone identifier for the zone retrieved via an API GET to https://api.cloudflare.com/client/v4/zones/ with your API details.

curl --data-binary '{"mode":"block","notes":"","configuration":{"value":"1.2.3.4","target":"ip"}}' \
    --compressed -H 'Content-Type: application/json' \
    --header "X-Auth-Key: $API_KEY" --header "X-Auth-Email: $API_EMAIL" --verbose \
    'https://api.cloudflare.com/client/v4/user/firewall/packages/access_rules/rules'

Incapsula IP ranges

https://docs.imperva.com/bundle/z-kb-articles-km/page/c85245b7.html

Difference between “BEGIN RSA PRIVATE KEY” and “BEGIN PRIVATE KEY”

http://stackoverflow.com/questions/20065304/what-is-the-differences-between-begin-rsa-private-key-and-begin-private-key/20065522#20065522

OpenVPN in Linux console

sudo openvpn --ca /abs/path/unsigned-ca.crt --config /abs/path/config.ovpn --auth-user-pass /abs/path/userpass --daemon