Skip to content

Instantly share code, notes, and snippets.

View nbeguier's full-sized avatar

Nicolas Béguier nbeguier

34 followers · 5 following
View GitHub Profile
@nbeguier
nbeguier / nginx.conf
Last active March 3, 2024 16:01
Nginx: TLS Security Configuration 2023
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name __REDACTED__;
ssl_certificate __REDACTED__ ;
ssl_certificate_key __REDACTED__;
# Only return Nginx in server header
server_tokens off;
@nbeguier
nbeguier / apache2.conf
Last active January 2, 2024 15:06
Apache : Secure configuration
# Hide server version on error pages
ServerSignature Off
# Only return Apache in server header
ServerTokens Prod
<VirtualHost *:443>
 ServerName mywebserver.domain.net
 DocumentRoot /var/www/web
 SSLEngine on
 SSLCertificateFile /etc/apache2/ssl/server.pem
@nbeguier
nbeguier / mobsfscan.config
Created December 2, 2022 17:09
mobsfscan configuration file
---
- ignore-paths:
- test
ignore-rules:
- android_kotlin_md5
- android_kotlin_insecure_random
- android_kotlin_hardcoded
- android_kotlin_hiddenui
- android_hidden_ui
@nbeguier
nbeguier / nginx.conf
Last active June 22, 2022 10:21
Nginx : Cipher Suite
# Updated 04/01/2021
# Best ratio Security/Accessibility
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA;
# Most secured
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384;
@nbeguier
nbeguier / shhgit_output.log
Created October 28, 2021 19:36
shhgit output
$ shhgit -local . -config-path ~/some_directory/shhgit/
_ _ _ _
| | | | (_) |
___| |__ | |__ __ _ _| |_
/ __| '_ \| '_ \ / _` | | __|
\__ \ | | | | | | (_| | | |_
|___/_| |_|_| |_|\__, |_|\__|
__/ |
v0.4 |___/
@nbeguier
nbeguier / nginx.conf
Last active May 2, 2021 13:58
[DEPRECATED] Nginx : BREACH protection
# Disable gzip compression
gzip off;
@nbeguier
nbeguier / volatility_gimp_helper.sh
Created March 8, 2021 13:06
volatility_gimp_helper.sh
# Observe process memory dump
function volatility_screenshot {
OS=$1
PID=$2
if ! [ -f "/tmp/${PID}.memdump/${PID}.data" ]; then
mkdir -p "/tmp/${PID}.memdump/"
if [ "$OS" == "windows" ]; then
volatility -f dump.raw --profile=Win7SP1x86_23418 memdump -p "${PID}" --dump-dir "/tmp/${PID}.memdump/"
mv "/tmp/${PID}.memdump/${PID}.dmp" "/tmp/${PID}.memdump/${PID}.data"
elif [ "$OS" == "mac" ]; then
@nbeguier
nbeguier / nginx.conf
Last active January 4, 2021 13:51
Nginx : Full configuration
# Updated 04/01/2021
server {
listen 443 default_server;
root /var/www/web;
# Only return Nginx in server header
server_tokens off;
ssl on;
ssl_certificate /etc/nginx/ssl/server.pem;
@nbeguier
nbeguier / nginx.conf
Last active January 4, 2021 13:47
[DEPRECATED] Nginx : BEAST & RC4
# BEAST protection
## Remove TLSv1.0
ssl_protocols TLSv1.1 TLSv1.2;
# BEAST protection, NO RC4 protection
## Allow TLSv1.0 and force RC4
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:RC4:!SEED;
# NO BEAST protection, RC4 protection
@nbeguier
nbeguier / nginx.conf
Last active January 4, 2021 13:43
Nginx : Logjam protection
# LOGJAM protection ## All TLS accepted, EECDH/EDH key exchange ciphers, force cipher order and use of 4096-bits group DH
# Updated 04/01/2021
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;