Carlo Alberto Scola

MSc Student

My Personal Blog

That’s life, you know. We never end up where you thought you wanted to be. [M.E.]
10 Apr 2020

Autopsy - A Digital Forensic Lab

A quick walk-through the basic functions of the Autopsy framework for computer digital forensic and investigations.

categories: #security

18 Jan 2020

A secure, easy and encrypted cloud backup

How to setup the most simple remote backup solution for your needs. Rsync and EncFS will incrementally store only the encrypted files on your "cloud" providing complete privacy.

categories: #security #linux #network

29 Sep 2019

Full and Responsible disclosure, the debate.

The debate on the different vulnerability disclosure options is still running without a decisive winning answer. Cyber Security is not an option for companies but they often seem to not give it much attention.

categories: #security #vulnerability

05 Sep 2019

What is Subdomain Takeover and how to defend.

Subdomain takeover is a threat that comes down to a registration of an unused subdomain by an attacker which is then able to own a valid subdomain and launch different attacks.

categories: #web #security

19 Jul 2019

Network Function Virtualization, Middleboxes and Cloud Load Balancing

From Network Function Virtualization to Middleboxes outsourcing to the cloud, load balancing and in-data-plane connectivity recovery. Research papers summary.

categories: #network #sdn

05 Jul 2019

An introduction to Software Defined Networking

A walk-through from the beginning of SDN networks and applications, towards testing, model checking, scaling and SDN applied to Internet Exchange Point. Research papers summary.

categories: #network #sdn

28 May 2019

SDN & NFV with POX and Click Modular Router

A project experiencing Software Defined Networking and Network Function Virtualization using the popular POX controller platform in Python with OpenFlow and Click Modular Router.

categories: #network #sdn #python

26 Apr 2019

Fault-Tolerant IP routing with Cisco HSRP. [Part 2]

Here we are going to focus on how to set up HSRP fault tolerance to provide IP routing redundancy and availability between two routers and multiple networks.

categories: #notes #network #cisco

25 Feb 2019

How to configure FreeRADIUS 3 with MySQL and EAP-TTLS

Today we are going to explain how to set up a FreeRADIUS server for Authentication, Authorization and Accounting (AAA) along with a MySQL database for credentials storage accessed only through encrypted TLS connections.

categories: #network #security #linux

15 Jan 2019

Enabling SSL on NGINX reverse proxy towards non-SSL apache

The goal is to enable Prestashop SSL/TLS on a NGINX reverse proxy which is acting as SSL/TLS concentrator to an internal non-SSL apache web server.

categories: #web #security

02 Jan 2019

A Cisco routing lab network with GNS3. [Part 1]

Hello everybody, in this post we are going to learn step by step how to setup a fully functioning network environment with the help of Graphical Network Simulator-3 (GNS3). This exercise aims to be helpful...

categories: #notes #network #cisco

09 May 2018

TOR SSH Remote Reverse Tunnel - Raspberry Pi

How to use TOR hidden service with SSH remote tunnel. How to use hidden service as an anonymous SSH proxy. We will set a remote ssh tunnel from a raspi client towards a hidden service,...

categories: #linux #security

02 May 2018

SOCKS PROXY on Reverse SSH tunnel

How to set up a SOCKS proxy with SSH reverse tunnel. The tunnel will be ssh-encrypted and each traffic will pass through the tunnel, like in a VPN.

categories: #security #linux

26 Apr 2018

SameSite cookie security

SameSite cookies are only sent if the site the request originated from is in the same origin as the target site. They can be set as Strict or Lax..

categories: #notes

26 Apr 2018

HTTP Headers security

Summary of HTTP headers useful and fundamental for securing web pages, clients, and communication from malicious activities. HSTS, CORS, CSP, HPKP and many many others.

categories: #notes

26 Apr 2018

SOP and XSS introduction

Malicious scripts are executed by the victim's browser because the browser trusts the source of the content, even when it's not coming from where it seems to be coming from.

categories: #notes

23 Apr 2018

XSSI and XSS differences

During an XSS malicious code is placed into a victim’s page, during an XSSI victim’s code is included in a malicious page. In an XSSI the attacker wants to leak data cross-origin.

categories: #notes

13 Mar 2018

SSH Reverse Tunnel - Raspberry Pi

How to set up a persistent, always available, SSH remote tunnel (reverse SSH tunnel).

categories: #linux #security

18 Feb 2018

Netdata cluster - Monitoring multiple server.

How to set up a netdata cluster monitoring multiple servers. One dashboard, multiple server monitoring instances.

categories: #linux #web

15 Feb 2018

Configuring Netdata on Ubuntu + apache proxy + authentication

Configuring netdata on ubuntu with SSL/TLS and Apache web server.

categories: #linux #web