Perform a Nessus scan via port forwarding rules only

This post will be a bit different from the usual technical stuff, mostly because I was not able to find any reliable solution on Internet and I would like to help other people having the same doubt/question, it's nothing advanced, it's just something useful that I didn't see posted before. During a recent engagement I found myself in a strange network position. I had to perform a Nessus credentialed and patch checks on some Windows server, I was in a vLAN...

VPN Leak

(Edited on 06/04: in order to reflect the actual situation)

TL:DR: VPN leaks users’ IPs via WebRTC. I’ve tested hundred VPN and Proxy providers and 19 of them leaks users’ IPs via WebRTC (16%)

You can check if your VPN leaks visiting: http://ip.voidsec.com Here you can find the complete list of the VPN providers that I’ve tested: https://docs.google.com/spreadsheets/d/1Nm7mxfFvmdn-3Az-BtE5O0BIdbJiIAWUnkoAF_v_0ug/edit#gid=0 Add a comment or send me a tweet if you have updated results for any of the VPN which I am missing...

Heartbleed Bug

Pochi giorni fa è stato divulgato il bug Heartbleed, vulnerabilità che affligge la libreria OpenSSL; da quel giorno molte parole sono state spese per cercare di spiegare la falla anche al personale non tecnico, ma molte volte su grandi testate giornalistiche sono state scritte, passatemi il termine, idiozie (“virus scassinatore della rete”). Scriviamo pertanto questo articolo cercando di analizzare tutta la questione Heartbleed da un punto di vista tecnico. OpenSSL, libreria utilizzata per criptare le comunicazioni in internet, è il cuore...