Clik here to view.
Basic OS X Hardening & DMA
In the course of a recent endpoint assessment, we also had a OS X 10.8 client system as a target. While we still rely on the Firewire “capability” of unlocking systems on a regular base (using this...
View ArticleSLES 11 Hardening Guide
SUSE Linux Enterprise Server (SLES) has been around since 2000. As it is designed to be used in an enterprise environment the security of these systems must be kept at a high level. SLES implements a...
View ArticleTomcat 7 Hardening Guide
Hi, continuing our tradition from last year (see here and here), we summarized more of our hardening recommendations for you. This guide is covering Tomcat 7 and is supposed to provide a solid base of...
View ArticleClik here to view.
IPv6 Hardening Guide for Linux Servers
We were recently approached by a customer asking us for support along the lines of “do you have any recommendations as for strict hardening of IPv6 parameters on Linux systems?”. It turned out that the...
View ArticleClik here to view.
IPv6 Hardening Guide for Windows Servers
After we recently released the “Linux IPv6 Hardening Guide” we got a number of suggestions “could you pls provide a similar document for $OS?” (btw: thanks to you all for the overwhelming interest in...
View ArticleClik here to view.
Hardening Against Local PrivEsc: Protecting Your Links
Following up on this post, we want to provide some details on two rather new (well, compared to its lifespan) Linux kernel parameters — and emphasize the need to enable those: fs.protected_hardlinks...
View ArticleIPv6 Hardening Guide for OS X
Similar to the documents we released for Linux and Windows (and actually inspired by a comment to the post on the Linux guide) Antonios wrote another guide, this time for Mac OS X. It can be found...
View ArticleInternet Information Service 7.5 Hardening Guide
Internet Information Services (IIS) contains several components that perform important functions for the application and Web server roles in Windows Server. As it is designed to be used in an...
View ArticleERNW Hardening Repository
Today we started publishing several of our hardening documents to a dedicated GitHub repository — and we’re quite excited about it! It took a while to develop a suitable markdown template to support...
View ArticleClik here to view.
Files Your Webserver Shouldn’t Deliver
During penetration tests, we often find interesting files on web servers. Almost as often, those files enable us to carry out further attacks with much higher impact. Inspired by Chris Gate’s great...
View ArticlemacOS Mojave Hardening Guide
Due to the new release of macOS Mojave in September we updated the El Capitan hardening guide. The hardening guide received a little revamp on some chapters which are now obsolete or had to be changed...
View Article
