This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 443 ssl http2; | |
listen [::]:443 ssl http2; | |
server_name __REDACTED__; | |
ssl_certificate __REDACTED__ ; | |
ssl_certificate_key __REDACTED__; | |
# Only return Nginx in server header | |
server_tokens off; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Hide server version on error pages | |
ServerSignature Off | |
# Only return Apache in server header | |
ServerTokens Prod | |
<VirtualHost *:443> | |
ServerName mywebserver.domain.net | |
DocumentRoot /var/www/web | |
SSLEngine on | |
SSLCertificateFile /etc/apache2/ssl/server.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- ignore-paths: | |
- test | |
ignore-rules: | |
- android_kotlin_md5 | |
- android_kotlin_insecure_random | |
- android_kotlin_hardcoded | |
- android_kotlin_hiddenui | |
- android_hidden_ui |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Updated 04/01/2021 | |
# Best ratio Security/Accessibility | |
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA; | |
# Most secured | |
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ shhgit -local . -config-path ~/some_directory/shhgit/ | |
_ _ _ _ | |
| | | | (_) | | |
___| |__ | |__ __ _ _| |_ | |
/ __| '_ \| '_ \ / _` | | __| | |
\__ \ | | | | | | (_| | | |_ | |
|___/_| |_|_| |_|\__, |_|\__| | |
__/ | | |
v0.4 |___/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Disable gzip compression | |
gzip off; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Observe process memory dump | |
function volatility_screenshot { | |
OS=$1 | |
PID=$2 | |
if ! [ -f "/tmp/${PID}.memdump/${PID}.data" ]; then | |
mkdir -p "/tmp/${PID}.memdump/" | |
if [ "$OS" == "windows" ]; then | |
volatility -f dump.raw --profile=Win7SP1x86_23418 memdump -p "${PID}" --dump-dir "/tmp/${PID}.memdump/" | |
mv "/tmp/${PID}.memdump/${PID}.dmp" "/tmp/${PID}.memdump/${PID}.data" | |
elif [ "$OS" == "mac" ]; then |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Updated 04/01/2021 | |
server { | |
listen 443 default_server; | |
root /var/www/web; | |
# Only return Nginx in server header | |
server_tokens off; | |
ssl on; | |
ssl_certificate /etc/nginx/ssl/server.pem; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# BEAST protection | |
## Remove TLSv1.0 | |
ssl_protocols TLSv1.1 TLSv1.2; | |
# BEAST protection, NO RC4 protection | |
## Allow TLSv1.0 and force RC4 | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:RC4:!SEED; | |
# NO BEAST protection, RC4 protection |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# LOGJAM protection ## All TLS accepted, EECDH/EDH key exchange ciphers, force cipher order and use of 4096-bits group DH | |
# Updated 04/01/2021 | |
ssl_protocols TLSv1.2 TLSv1.3; | |
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA; | |
ssl_prefer_server_ciphers on; | |
ssl_dhparam /etc/ssl/certs/dhparam.pem; |
NewerOlder