The Cybersecurity blog is a place where I can write about all topics relating to online security, web-based attacks, "hacking", exploits, vulnerabilities, penetration testing, etc.
In my work I operate many servers which are connected to the Internet, for myself, my company and my clients. Having a server connected to the Internet exposes it to a huge threat from online evildoers, and I see a fair share of this on a daily basis.
I realised recently that some of the attacks that I was seeing do not seem to be discussed online, so the hard work of analysing and undoing these attacks fell on my shoulders. I decided therefore to document these attacks in this blog, as well as other topics related to online security.
The main goals of this blog are: -
- Education: many people run into trouble online simply through a lack of knowledge of the risks involved. Providing a useful set of articles will hopefully prove to be a valuable resource. This also extends to service providers; by analysing existing and possible attacks we can build stronger and more secure services.
- Exploration: just as explorers map the world around us, we can discover a lot about a system simply by exploring it. The true essence of hacking is the exploration of the unknown in order to discover details of how a system works, and doing so can be both fun and interesting.
- Entertainment: yes I know, when somebody mentions "security" it hardly invokes excitement in most people. However investigating and analysing attacks, and trying to find new ones, can be great fun!
Disclaimer: this blog is intended to explore the ethical side of hacking, exploiting vulnerabilities and online attacks. This may seem a contradiction in terms, however the articles in this blog are meant to allow us to protect ourselves and to create stronger systems by understanding the possible risks. The information in this blog should under no circumstances be used for any illegal purposes. Whenever I use the term "hacking", I do not mean "cracking" or "black-hat hacking". Hacking means to explore and figure out a system, but this should only be done on systems where you have the permission to do so. Penetration testing is a vital tool for testing security, but doing so on a system for which permission has not been given is against the law. There is no harm in learning, however please be careful before acting on anything written within this blog.