Web-Performance Blog
Working on Azure, most application directly interact with Redis. However, for debugging or handling incidents, visibility into Redis and its storage can be beneficial. The Azure portal seems to be constantly adding more features in this area. If this is insufficient, a Redis Client can be beneficial. I personally like this client.
There is a high chance of a Distributed Denial of Service (DDoS) attack around and during the “Summit on Peace in Ukraine” conference at the Bürgenstock Switzerland on the upcoming weekend of June 15th and June 16th, 2024. Find a complete breakdown of technical details of what happened over the entire weekend in the article.
Attacks on Swiss web properties were seen during the World Economic Forum in January 2024, the visit of the Ukrainian President Wolodymyr Selenskyj to Switzerland in January 2024, and in June 2023 when the Ukrainian President Wolodymyr Selenskyj was speaking in front of the Swiss Parliament in the form of a remote conference.
Fast and customizable vulnerability scanner based on a simple YAML-based DSL.
I took my first steps with Nuclei. The plan was to verify if my Atlassian Confluence instance was vulnerable both before and after patching. Also, on June 7, 2024, a new PHP vulnerability emerged, and I wanted to use Nuclei to review the security posture of some PHP installations I manage.
I used to have a YubiKey, but it never fully caught on with me. Now, finally, I want to start using a YubiKey to reduce the risk of phishing attacks and strengthen my overall personal IT security.
A hardware security token never goes alone; always add two. One is for use, and the second is for backup.
I used to always reach for DSL-reports for speed testing.
But I ran into issues where testing didn’t always work, and there are so many advertisements that I’m fed up. A nice, currently ad-free experience is with Cloudflare.
The BLP_bbot/0.1 user agent is associated with Bloomberg Financial Market and is referred to as “BLP” within their own internal naming conventions. It’s likely used by Bloomberg for web crawling purposes, potentially related to financial data aggregation and analysis.
I recently had a lot of contact with ASNs and I was looking for a full list of ASNs. There is an official and public list from RIPE.
https://ftp.ripe.net/ripe/asnames/asn.txt
This PowerShell script can be used to check the status of a plain list of web links that you have copied to your clipboard.
During a DDoS attack, I found a large amount of a HTTP request parameter “_sm_byp=” in my logs. However, this parameter is not native to my app.
_sm_byp=
Modified example:
https://www.example.com:443/manifest.json?_sm_byp=iVVt9H5dRMP8Lb3F
https://www.example.com:443/test.html?_sm_byp=iVVc8ZT1kQFvX6Nr
MyIP.is, a handy online tool designed to instantly provide users with their public IP address and additional related information.
One of the cool features of this website is that they are actively involved in managing larger pages, collecting and analyzing IP data, and then compiling a list of malicious players on the web, which is available for free download.