Category: Cyber
Lock It Down: The Complete Guide to Securing Your WhatsApp
Your WhatsApp account is not just a chat app. It is your identity, your contacts, your banking OTPs, your family photos, and your most private conversations. When criminals take it over, they use it immediately to impersonate you and defraud everyone you know. This guide walks through every meaningful control available to you, explains what […]
Read more →
XZ Utils Backdoor: How One Engineer Saved the Internet
On a quiet Friday evening in late March 2024, a Microsoft engineer named Andres Freund was running some routine benchmarks on his Debian development box when he noticed something strange. SSH logins were taking about 500 milliseconds longer than they should have. Failed login attempts from automated bots were chewing through an unusual amount of […]
Read more →
Quantum Computing Threat to Encryption: What You Must Know
Published on andrewbaker.ninja | Enterprise Architecture & Banking Technology There is a quiet revolution happening in physics laboratories around the world, and most of the people who should be worried about it are not paying attention yet. That is about to change. Quantum computing is advancing faster than anyone predicted five years ago, and when […]
Read more →
Cloudflare Free Tier Review: Why It Works for Enterprise
By Andrew Baker, CIO at Capitec Bank There is a truth that most technology vendors either do not understand or choose to ignore: the best sales pitch you will ever make is letting someone use your product for free. Not a watered-down demo, not a 14-day trial that expires before anyone has figured out the […]
Read more →WordPress XMLRPC.PHP Brute Force Testing Guide for macOS
A Comprehensive Security Testing Guide for Mac Users 1. Introduction WordPress xmlrpc.php is a legacy XML-RPC interface that enables remote connections to your WordPress site. While designed for legitimate integrations, this endpoint has become a major security concern due to its susceptibility to brute force attacks and amplification attacks. Understanding how to test your WordPress […]
Read more →
Rubrik Architecture: Why Restore, Not Backup, Is the Product
1. Backups Should Be Boring (and That Is the Point) Backups are boring. They should be boring. A backup system that generates excitement is usually signalling failure. The only time backups become interesting is when they are missing, and that interest level is lethal. Emergency bridges. Frozen change windows. Executive escalation. Media briefings. Regulatory apology […]
Read more →CVE-2024-3094: Detecting the XZ Utils SSH Backdoor
Executive Summary CVE-2024-3094 represents one of the most sophisticated supply chain attacks in recent history. Discovered in March 2024, this vulnerability embedded a backdoor into XZ Utils versions 5.6.0 and 5.6.1, allowing attackers to compromise SSH authentication on Linux systems. With a CVSS score of 10.0 (Critical), this attack demonstrates the extreme risks inherent in […]
Read more →HTTP/2 Rapid Reset CVE-2023-44487: Test Your Server on macOS
Introduction In August 2023, a critical zero day vulnerability in the HTTP/2 protocol was disclosed that affected virtually every HTTP/2 capable web server and proxy. Known as HTTP/2 Rapid Reset (CVE 2023 44487), this vulnerability enabled attackers to launch devastating Distributed Denial of Service (DDoS) attacks with minimal resources. Google reported mitigating the largest DDoS […]
Read more →NMAP + Claude MCP: 20 Vulnerability Scans on macOS
Introduction NMAP (Network Mapper) is one of the most powerful and versatile network scanning tools available for security professionals, system administrators, and ethical hackers. When combined with Claude through the Model Context Protocol (MCP), it becomes an even more powerful tool, allowing you to leverage AI to intelligently analyze scan results, suggest scanning strategies, and […]
Read more →macOS Passive Domain Vulnerability Scanner: Full Guide
Below is a fairly comprehensive passive penetration testing script with vulnerability scanning, API testing, and detailed reporting. Features Installation Required Dependencies Optional Dependencies Usage Basic Syntax Options Examples: Network Configuration Default Interface: en0 (bypasses Zscaler) To change the interface, edit line 24: The script automatically falls back to default routing if the interface is unavailable. Debug Mode […]
Read more →