RSA 3072-bit vs ECC Certificates What’s Happening The Problem with RSA 3072 The Better Solution: ECC P-256 Security Equivalence Recommendation ✅ Use ECC P-256 for new deployments ⚠️ Use RSA 3072 only if: Bottom Line ECC P-256 gives you the same security as RSA 3072 with significantly better performance. Unless you have specific legacy requirements,...

When you visit a secure website (HTTPS), your browser needs to verify that the website’s security certificate is legitimate and hasn’t been compromised. This is like checking if an ID card is still valid and hasn’t been reported stolen. There are three main methods websites use to prove their certificates are trustworthy: Why This Matters...

As you know my servers are hosted at hetzner.de – use this Link to get a 20€ start credit for your first servers. Now we will install a new virtual server with preparations for BunkerWeb WAF on Hetzner server. Preparations Select Debian 12 as your system! Use the FQDN as servername! We will check the...

As you know my servers are hosted at hetzner.de – use this Link to get a 20€ start credit for your first servers. Now we will install a new virtual server with preparations for SafeLine WAF on Hetzner server. Preparations Select Debian 12 as your system! Follow the steps in the Article How to install...

If you want to install the SafeLine WAF, here are some scripts to speed up your deployment. You must run the script as root as we need to install some packages from the official docker repository. I know – the official SafeLine installer already will install the needed packages. But this script helps in setting...

What is a WAF A Web Application Firewall (WAF) is a security tool that monitors, filters, and blocks HTTP/HTTPS traffic between web applications and the internet. It acts as a protective barrier specifically designed to defend web applications from various cyber attacks. When should I use a WAF – is it something I should use?...

this is an installation instruction to set up your virtual private server at hetzner.de

As part of our commitment to building a more robust, resilient and diverse cybersecurity workforce, ISC2 is offering FREE Certified in Cybersecurity (CC) Online Self-Paced Training and exams to one million people. Source: ISC2 The CC is an entry level cybersecurity certification. What does this mean for me? How can I join for the free...

here is a workflow to install fail2ban with a basic ruleset in a new debian server Now copy the following template restart the service

Take a look at https://github.com/Free-GPGMail/Free-GPGMail You can install it using homebrew:

# Temporarily set the execution policy to bypass for this session Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass -Force # Check for the ExchangeOnlineManagement module and update or install as necessary $module = Get-Module -Name ExchangeOnlineManagement -ListAvailable if ($module -ne $null) { # Module is installed, attempt to update it Write-Host "ExchangeOnlineManagement module is installed. Checking for...

# Requires administrative privileges # Disable SSL 2.0 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server' -Name 'Enabled' -Value 0 -Type DWord # Disable SSL 3.0 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server' -Name 'Enabled' -Value 0 -Type DWord # Disable TLS 1.0 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server' -Name 'Enabled' -Value 0 -Type DWord # Disable TLS 1.1 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server' -Name...

If you need to find the available content-caching-servers on your network look out for the following lines of output for AssetCacheLocatorUtil:

Insert an USB-stick Open a terminal and sudo su 🙂 Next: Create the USB-stick – replace the name of your USB-stick

First of all list the available installers – Look for the Version-String you will need it in the next step Next download the installer you need

This is the silent installation for the silnite9 installer found at https://eclecticlight.co/downloads/ run the binary to get information on the current state of updates: Here is the zip file just in case the original is not available anymore: Download Just in case you wonder:Here is the explanation on “Why is my Mac’s Gatekeeper data so...

#!/bin/bash set -x # Define variables SMART_PATH="/usr/local/sbin" SMARTCTL_PATH="$SMART_PATH/smartctl" SMARTUPDATEDB_PATH="$SMART_PATH/update-smart-drivedb" VERSION="7.4-1" BASE_URL="https://sourceforge.net/projects/smartmontools/files/smartmontools/7.4" DMG_FILE="smartmontools-${VERSION}.dmg" MD5_FILE="smartmontools-${VERSION}.dmg.md5" ASC_FILE="smartmontools-${VERSION}.dmg.asc" GPG_KEY="0C9577FD2C4CFCB4B9A599640A30812EFF3AEFF5" KEYSERVER="hkps://keys.openpgp.org" KEY_URL="https://www.smartmontools.org/browser/trunk/www/SmartmontoolsSigningKey_2021.txt?format=txt" KEY_DIR=$(dirname "$0") GPG_KEYFILE="$KEY_DIR/smartmontools_key.txt" DRIVE_DB="https://svn.code.sf.net/p/smartmontools/code/branches/RELEASE_7_3_DRIVEDB/smartmontools/drivedb.h" # Ensure running as root if [ "$(whoami)" != "root" ]; then echo "Error: This script must be run with superuser privileges." exit 1 fi # Check if smartmontools is already installed if command...

This is the silent installation for the silnite7 installer found at https://eclecticlight.co/downloads/ run the binary to get information on the current state of updates: Here is the zip file just in case the original is not available anymore: Download Just in case you wonder:Here is the explanation on “Why is my Mac’s Gatekeeper data so...

If you want to add the PVSCSI-driver to your windows ISO Image for installation follow this link https://kb.vmware.com/s/article/84200 Here is the offline PDF https://blog.koeckeis-fresel.net/wp-content/uploads/How-to-add-PVSCSI-Driver-to-an-offline-Windows-Image-using-DISM-84200.pdf

@echo off @echo Start: %date% %time% echo This is a scan using Malicious Software Removal Tool echo see %windir%\debug\mrt.log for details of the scan REM use Start /wait Mrt.exe /Q /F for an extended scan -- this takes quite long on bigger systems Start /wait Mrt.exe /Q If errorlevel 0 goto error0 If errorlevel 1...

See https://docs.microsoft.com/en-us/exchange/troubleshoot/user-and-shared-mailboxes/sent-mail-is-not-saved Connect to Exchange-Online (Office 365) and set mailbox-features for single mailbox with option to update all mailboxes

When you have an internal Veeam-backup-server and you want to backup external linux-servers you need to create a destination NAT on the linux-server. Remember to add that line after every reboot if you do not save/restore iptables-rules during boot. You can choose the line with port-definition or just translate everything. Replace 127.0.0.1 with your external...

REM we want to know our external IP nslookup -type=txt whoami.Cloudflare.com ns3.Cloudflare.com exit dig @ns3.Cloudflare.com whoami.Cloudflare.com txt +short curl -k http://ipinfo.io/json

echo offsetlocal ENABLEDELAYEDEXPANSIONif exist "C:\Program Files\ESET\ESET Security\ekrn.exe" (GOTO IS_INSTALLED) else (GOTO INSTALL)GOTO INSTALL :IS_INSTALLEDecho is installedeventcreate /L APPLICATION /T INFORMATION /SO %~n0%~x0 /ID 208 /D "%~0 -- eset is already installed"GOTO DONE :INSTALLecho installing softwareeventcreate /L APPLICATION /T INFORMATION /SO %~n0%~x0 /ID 404 /D "%~0 -- eset is not installed -- installing now…" if not...

(Get-ItemProperty "HKLM:\SOFTWARE\Wow6432Node\TeamViewer").ClientID