Terminal escape injection techniques

It’s interesting in that shell scripts (small one’s) seem just like friendly bits of code that you can run. That’s not always the case, it’s probably never a good idea to just download a script and run it (esp using curl or wget). I discovered this very interesting article the other day about terminal escape injection and it works on pretty much every platform – mac, windows linux and even within python!

When in dought use cat -v in fact cat -v may be my new default for viewing code!

https://www.infosecmatter.com/terminal-escape-injection/

Beta testers needed!

Hi I’m very proud to announce that my application (which I still haven’t found a name for!) is ready for beta release. It’s a very light command line app that uses log data for security hardening, so if you use Ubuntu, debian or linux (and or nginx or apache2) and are comfortable with the command line then please do get in touch. At this stage it’s a fairly simple app and in effect a security tool for those of us who can not afford thousands of dollars towards their own IDS.

This application will probably be most useful for smb running their own sites (small aws installs for example) for people who want extra security, and to stop a lot of the “noise” that hits the average web server.
If you want more information, have a look at the intro vid I made that is put up on youtube..
All I ask is that you supply the version of ubuntu / linux that you’re using and that after looking at the app take the time to fill in a short survey.

Look forward to hearing from you
Regards Steve Abrahall
PS if your interested email me at

steveabrahall AT gmail DOT comm

To find out what version of the os your using
lsb_release -a

Your machine and it’s code

So I’ve been thinking a lot of late about machines, exploits and how to stop this sort of thing. I’ve been in situations where developers have created “stuff” on production machines and then left the company. The problem then becomes interesting if that code does not work with an up dated version of the software say wordpress, drupal or the operating system.

Urban dross

Your then in a situation (if the machine is a web server or open and available on the net) where about the only thing you can do is lock down the firewall and harden the old un patched OS and hope that no one finds a way in / attacks the machine.

It’s always good to have at least 2 people who understand custom code in any company especially if you have a number of web servers to mange. But even then re building something and re creating that functionality is not always easy – and management need to be aware of the fact that this will take time and cost money.


So if that keen shiny developer comes along one day promising you a widget that will sell your own grandmother and only cost you a few hundred bucks worth of con-sultan fees, my advice is to run screaming from the room.

The up shot I’m trying to put to you? Have the ability to own your own code – because if you don’t and if it gets hacked or is found to be vulnerable it’s going to cost you!

A simple approach is best – easier management and long term savings.

Pushing your boundaries and learning

The authors inner sprit animal when it comes to warm calling people…

So that was it – a week at Cyrise cyber boot camp for entrepreneurs of Australian cyber security. In a nut shell it was mind blowing! If your an Australian and you think you might have a great cyber security based idea, then this is a gig you must get in on.

Be prepared as your going to learn stuff, real important stuff, like being sat down in front of an excel spread sheet. Asked to crank on some initial financial projections by an experienced accountant (who has put some of his own money into startups).

Your going to have to get up in front of people and be able to talk about your product. Explain what it does and why it’s valuable, your going to learn to pitch and why it’s bloody important!

Calling industry people you don’t know on the phone to talk about your product (this really pushed my inner introvert I can tell you). I probably stunk like an old goat at the end of it (I could feel the sweat dripping off me) but hay that’s pushing your boundaries and learning.

If you have a great idea and have been thinking about it. Get into the next round you won’t regret it.

In closing I’d like to offer a big heart felt thanks to all the people who participated and contributed to our boot camp. But especially those on the coal front…

KIRSTIN MCINTOSH – Multitasker and social networker supreme (also the person who had faith in my idea).

CHLOÉ DUTSCHKE – Creative, marketing and brand guru who also kept us all very well fed (She also does a mean pod cast).

SCOTT HANDSAKER – The quiet guy at the back doing all the email stuff.

ALLEN JONES – (Not the bad one) Mr cool calm and collected who taught us all how to stand like gun slingers!