Open in app

Sign In

Write

Sign In

Shea Polansky
Shea Polansky

84 Followers

Home

About

Published in

Independent Security Evaluators

·Jun 30, 2020

eLearnSecurity Pen Test Professional (PTP) Review

An excellent certification with realistic labs, but not yet as widely recognized by employers. — I recently took the eLearnSecurity Penetration Testing Professional (PTP) course and passed the associated eLearnSecurity Certified Professional Penetration Tester (eCPPTv2) exam. As a security professional, I'm always on the lookout for new opportunities to improve my skillset and learn new techniques for attacking and defending networks, so I was excited…

Security

8 min read

eLearnSecurity Pen Test Professional (PTP) Review
eLearnSecurity Pen Test Professional (PTP) Review
Security

8 min read


Published in

Independent Security Evaluators

·Jun 26, 2020

How to Harden OpenVPN in 2020 — Part 2

“Extra credit” hardening options to maximize the security of your OpenVPN installation — How to Harden OpenVPN in 2020 This guide will help you configure and secure OpenVPN using the latest best practices.blog.securityevaluators.com In my previous article, I laid out a framework for building a modern, hardened OpenVPN server/client configuration. At the end, I noted there were some additional hardening steps that would be nice to take for extra security. In particular:

Security

15 min read

Security

15 min read


Published in

Independent Security Evaluators

·May 5, 2020

How to Harden OpenVPN in 2020

This guide will help you configure and secure OpenVPN using the latest best practices. — Since everyone is working from home for the foreseeable future, corporate IT departments are scrambling to bolster existing VPN solutions or deploy new ones as fast as possible. One of the most popular VPN solutions is OpenVPN, either used directly, or through appliances like the commercial OpenVPN Access Server or…

Security

16 min read

How to Harden OpenVPN in 2020
How to Harden OpenVPN in 2020
Security

16 min read


Published in

Independent Security Evaluators

·Jan 15, 2020

A Better Windows 10+WSL SSH Experience

Windows 10 ships with two awesome features for users and developers who still work in Linux land. The first is the Windows Subsystem for Linux, which implements a subset of the Linux Kernel’s system calls to allow you to run native Linux userland utilities such as bash and friends, and…

Git

5 min read

Git

5 min read


Published in

Independent Security Evaluators

·Jan 13, 2020

Creating TPM-Backed Certificates on Windows

I’ve started experimenting with exposing some of my home lab services to the world without needing a VPN. Instead, I use Caddy (which is an excellent web server, and much easier to work with than Nginx) as a reverse proxy with TLS client certificates for authentication. Caddy’s built-in Let’s Encrypt…

Security

5 min read

Security

5 min read


Published in

Independent Security Evaluators

·Mar 19, 2019

PSA: Don’t Store 2FA Codes in Password Managers

It seems convenient, but it’s a trap! — Two-Factor Authentication (2FA, also known as Multi-Factor Authentication, or MFA) is all the rage these days, and for good reason. Accounts secured by 2FA are much, much harder to compromise than accounts using only a single factor — so much more so that you can — sometimes — get away…

Security

3 min read

PSA: Don’t Store 2FA Codes in Password Managers
PSA: Don’t Store 2FA Codes in Password Managers
Security

3 min read


Published in

Independent Security Evaluators

·Mar 1, 2019

2FA: Not All Factors Are Created Equal

Why Your Second Factor Isn’t Always as Trustworthy as a Password — The security of a 2FA-protected account is much greater than the security of an account protected by only one factor — in theory. In practice, there is more nuance to it than that. For 2FA, you are trusting the server to enforce the 2FA and not be compromised by hackers…

Security

5 min read

2FA: Not All Factors Are Created Equal
2FA: Not All Factors Are Created Equal
Security

5 min read


Published in

Independent Security Evaluators

·Oct 10, 2018

Powerful Hardware Backdoor in Supermicro Motherboards

Apple and Amazon Web Services allegedly affected, but issued strong denials. — Bloomberg published an article claiming that the US Government uncovered a hardware backdoor planted by the Chinese People’s Liberation Army in server motherboards produced by Supermicro, the world’s largest manufacturer of computer motherboards. The boards then made their way into the datacenters of US tech companies, including Apple, Amazon Web…

Security

5 min read

Bloomberg Alleges Powerful Hardware Backdoor in Supermicro Motherboards
Bloomberg Alleges Powerful Hardware Backdoor in Supermicro Motherboards
Security

5 min read


Published in

Independent Security Evaluators

·Oct 9, 2018

Critical Unauthenticated Remote Code Execution in Mikrotik RouterOS (CVE-2018–14847)

Tenable Security disclosed a proof-of-concept of a critical vulnerability in the Mikrotik RouterOS software, which powers their popular low-cost routers and wireless networking products. The vulnerability leverages a path traversal issue into full unauthenticated remote code execution; vulnerable routers can have their credential database stolen and a backdoor installed with…

Security

2 min read

Critical Unauthenticated Remote Code Execution in Mikrotik RouterOS (CVE-2018–14847)
Critical Unauthenticated Remote Code Execution in Mikrotik RouterOS (CVE-2018–14847)
Security

2 min read


Published in

Independent Security Evaluators

·Jul 19, 2018

What is the Industrial Internet of Things?

…and how do we secure it? — The world of consumer electronics is all abuzz about the Internet of Things (IoT) — from smart kettles to smart refrigerators, it can almost seem like everything with an electrical socket is also getting WiFi connectivity and a smartphone app. The demand for computerized appliances has flooded the market with…

Internet Of Things

9 min read

The Industrial Internet of Things
The Industrial Internet of Things
Internet Of Things

9 min read

Shea Polansky

Shea Polansky

84 Followers

Security Analyst for Independent Security Evaluators

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams