(function(i,s,o,g,r,a,m){ i['GoogleAnalyticsObject']=r; i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)}, i[r].l=1*new Date(); a=s.createElement(o),m=s.getElementsByTagName(o)[0]; a.async=1; a.data-privacy-src=g; m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-132428928-1', 'auto'); ga('send', 'pageview');

Research

Apache brute: A simple brute force deterrent for Linux

By |2022-06-15T00:39:43-04:00May 31st, 2017|Categories: Defensive Methodology|Tags: , , , |

We published a simple script to help identify and block possible brute-force attempts on a Linux web-server. The script counts the amount of “bad-actions” an ip has logged in the Apache logs and blocks the ip on port 443. This script also displays top 20 visitor information using geoiplookup (which should be installed) and performs a [...]

Comments Off on Apache brute: A simple brute force deterrent for Linux

Judicial branch of Puerto Rico exposes sensitive court documents

By |2022-06-15T00:43:34-04:00May 31st, 2017|Categories: Hacking, Laws, Reports|Tags: , , , , , |

Problem CompSec Direct recently became aware of an information disclosure problem with the https://unired.ramajudicial.pr/lawyernotificationauthentication/ application used by the judicial branch of the Puerto Rico government. The application uses a weak sequential ID string that is provided to attorneys and clients in order to view sensitive legal documents. Manipulating the ID string with simple math, similar to the overturned [...]

Comments Off on Judicial branch of Puerto Rico exposes sensitive court documents
Go to Top