A Bash script I’ve used for many years got some love recently and I’ve uploaded it to Codeberg. The HTTP Limiter is my answer to the bots, scrapers, and pentest tools that constantly hammer on my public facing hosts. Though “hammer” might actually be an understatement. Read more

If you have an own PKI in your AD, you may stop reading and move on. Nothing to see here. My gut however tell me, many mid-sized companies don’t have one and are at the mercy of Alex Neff’s Python script. Wsuks2 positions itself as man-in-the-middle between a Windows Update Server (WSUS) and the various servers/clients. Read more

Security through obscurity1 is not working. This is not an allegation, it is a proven fact. Today’s proof has a particularly large impact on worldwide Microsoft Windows installations. The Windows Security Centre (WSC) API2 has been made to accept any program as an anti-virus solution. The WSC works as follows: If a manufacturer of an AV security solution wants to install his snakeoil, he/she first has to be able to switch off the anti-tempering mechanisms so that it is not identified as malware. Read more

Yes, I have a passion for exotic languages. This time I experimented with Purebasic1 and wanted to see how quickly a robust, multi-threaded HTTP REST API could be created. Cross-platform for Linux, Windows and OS X, free of additional dependencies as a single-file binary behind a reverse proxy that takes care of everything with TLS and load balancing. Read more