• Best VPN Service

    Top VPNs that Unlock Netflix, provide Secure Torrenting, Strong Encryption, Fast Downloads, DNS Leak Protection, Identity Protection and have Cheap VPN prices.

    read more

    Hyper-V Concepts

    It's time to get familiar with Hyper-V Virtualization, virtual servers, virtual switches, virtual CPUs, virtual deployment infrastructure (VDI) and more.
    Read more

Hot Downloads

Protecting Your Cookies from Cross Site Scripting (XSS) Vulnerabilities – How XSS Works

Posted in Web Application Vulnerability Scanners

Understanding XSS Vulnerability Attacks

protecting cookies from xss vulnerabilitiesThis article aims to help you understand how Cross Site Scripting (XSS) attacks work. Cross Site Scripting or XSS can happen in many ways. For example, an attacker may present you with a malicious website looking like its original and ask you to fill in your credentials. When your browser sends its cookies over to the malicious website, the attacker decodes your information and uses it to impersonate you at the original site. This is a targeted attack and is called non-persistent in technical terms.

Websites and web applications usually send a cookie to identify a user after he/she has logged in. For every action from the user on the site, the user's browser has to resend the cookie to the web application as identification. If an attacker is able to inject a Cross-site Scripting (XSS) payload on the web application, the malicious script could steal the user's cookie and send it to the attacker. The attacker can then use the cookie to impersonate the user in the web application. The most dangerous variation of XSS is persistent, or stored XSS. This is because the attacker’s XSS payload gets stored and served to each visitor accessing the website or web application without any user interaction.

By stealing a session cookie, an attacker can get full control over the user's web application session.

What Happens During An XSS Attack?

Although Cross-site Scripting (XSS) is one of the most common forms of attacks, most people underestimate its power to exploit. In an XSS attack, the attacker targets the scripts executed on the client-side rather than on the server-side. Mostly it is the internet security vulnerabilities of the client-side, because of JavaScript and HTML, which are the major victims for these kinds of exploits.

Discover if your website or web-based application is susceptible to thousands of vulnerabilities and attacks! Download Now!

In an XSS attack, the attacker manipulates the client-side scripts of the web application of the user to execute in a certain manner suitable to the attacker. With such a manipulation, the attacker can embed a script within a page such that it executes each time the page is loaded or whenever a certain associated event is performed.

Basic XSS attack. How malicious scripts are injected into web servers & victims browsers

Basic XSS attack. How malicious scripts are injected into web servers & victims browsers

In another variation of the XSS attack, the attacker has infected a legitimate web page with a malicious client-side script. When the user opens the web page in his browser, the script downloads and, from then on, executes whenever the user opens that specific page.

As an example of an XSS attack, a malicious user injects their script into a legitimate shopping site URL. This URL redirects a genuine user to an identical but fake site. The page on the fake site runs a script to capture the cookie of the genuine user who has landed on the page. Using the cookie the malicious user now hijacks the genuine user's session.

3CX’s Unified Communications IP PBX enhanced to includeNew Web Client, Rich CTI/IP Phone Control, Free Hotel Module & Fax over G.711 - Try it Today for Free!

Posted in IP PBX - Unified Communications

3CX has done it again! Working on its multi-platform, core v15 architecture, the UC solution developers have released the latest version of its PBX in Alpha, v15.5. The new build includes some incredibly useful features including a web client - a completely new concept for this product.

3CX has made a big efforts to ensure its IP PBX product remains one of the Best Free UC IP PBX systems available!

The new 3CX Intuitive web client that leaves competitors miles behind

The new 3CX Intuitive web client that leaves competitors miles behind

User-friendly & feature-rich

The 3CX Web Client, built on the latest web technology (angular 4), currently works in conjunction with the softphone client for calls, and allows users to communicate and collaborate straight from the browser. The modern, intuitive interface combines key 3CX features including video conferencing, chat, switchboard and more, improving overall usability.

Improved CTI/IP phone control

3CX IP PBX cti ip phone call

Desktop call control has been massively improved. Even if your phone system is running in the cloud, supported phones can be reliably controlled from the desktop client. This improvement follows the switch to uaCTSA technology. Moreover, a new Click 2 Call Chrome extension makes communication seamless across the client and browser.

Reintroduction of the Hotel Module into 3CX

The Hotel Module has been restored into 3CX and is now included free of charge for all PRO/Enterprise licenses - great news for those in the hospitality industry.

Additionally, 3CX now supports Google’s FIREBASE push, and fax over G711 has been added amongst various other improvements and features.

Cisco ASA Firepower Threat Defense (FTD): Download and Installation/Setup ASA 5500-X. FTD Management Options

Posted in Cisco Firewalls - ASA & PIX Firewall Configuration

One Appliance – One Image is what Cisco is targeting for its Next Generation Firewalls. With this vision, Cisco has created a unified software image named “Cisco Firepower Threat Defense”.  In this FirePOWER series article we’ll cover the installation of Firepower Threat Defense (FTD) on a Cisco ASA 5500-X series security appliance. We’ll also explain the management options available: Firepower Management Center (FMC) which is the old FireSIGHT and Firepower Device Manager (FDM).

Cisco Firepower Threat Defense (FTD) is a unified software image, which is a combination of Cisco ASA and Cisco FirePOWER services features that can be deployed on Cisco Firepower 4100 and the Firepower 9300 Series appliances as well as on the ASA 5506-X,ASA 5506H-X, ASA 5506W-X, ASA 5508-XASA 5512-X, ASA 5515-X, ASA 5516-X, ASA 5525-X, ASA 5545-X, and ASA 5555-X. However, at the time of writing, the Cisco Firepower Threat Defense (FTD) unified software cannot be deployed on Cisco ASA 5505 and 5585-X Series appliances. 

Understanding Cisco Firepower Threat Defense Management & Capabilities

Simplifying management and operation of Cisco’s Next Generation Firewalls is one of the primary reasons Cisco is moving to a unified image across its firewall appliances.

Currently the Firepower Threat Defense can be managed through the Firepower Device Management (similar to Cisco’s ASDM) and Firepower Management Center (analyzed below).

Managing Options for FirePOWER Services and Firepower Threat Defense (FTD)

Managing Options for FirePOWER Services and Firepower Threat Defense (FTD)

It should be noted that the Firepower Device Management software is under extensive development and is not currently capable of supporting all configuration options. For this reason it’s best to rely on the Firepower Management Center to manage the Cisco Firepower Threat Defense system.

The Firepower Management Center, also known as FMC or FireSIGHT, is available as a dedicated server or virtual image appliance (Linux based VM server) that connects to the FirePOWER or Firepower Threat Defense and allows you to fully manage either system. Organizations with multiple Firepower Threat Defense systems or FirePOWER Services would register and manage them from the FMC.

Alternatively, users can manage the Firepower Threat Defense (FTD) device using the Firepower Device Manager (FDM) – the concept is similar to ASDM.

Currently the latestCisco Firepower Threat Defense (FTD) unified software image available is version 6.2.x .

The Cisco Firepower Threat Defense is continually expanding the Next-Generation Firewall Servicesit supports which currently includes:

  • Stateful Firewall Capabilities
  • Static and Dynamic Routing. Supports RIP, OSPF, BGP, Static Routing
  • Next-Generation Intrusion Prevention Systems (NGIPS)
  • URL Filtering
  • Application Visibility and Control (AVC)
  • Advance Malware Protection (AMP)
  • Cisco Identity Service Engine (Cisco ISE) Integration
  • SSL Decryption
  • Captive Portal (Guest Web Portal)
  • Multi-Domain Management
  • Rate Limiting
  • Tunnelled Traffic Policies
  • Site-to-Site VPN. Only supports Site-to-Site VPN between FTD appliances and FTD to ASA
  • Multicast Routing Shared NAT
  • Limited Configuration Migration (ASA to Firepower TD)

While the Cisco Firepower Threat Defense is being actively developed and populated with some great features, we feel that it’s too early to place it in a production environment. There are some stability issues, at least with the FTD image on the ASA platform, which should be ironed out with the newer software releases.

If you are already in the process of installing FTD on your ASA then you should heavily test it before rolling it out to production.

Due to the issues encountered, we were forced to remove the FTD installation by reimaging our ASA 5555-X Appliance with Cisco ASA and FirePOWER Services images. We believe the “Cisco Firepower Threat Defense” unified software image is very promising but requires some more time to reach a more mature and stable version.

Problems/Limitations Encountered with Cisco Firepower Threat Defense

While small deployments might be able to overcome the absence of many desired features (e.g IPSec VPN support), enterprise environments will certainly find it more challenging.

Depending on the environment and installation requirements customers will stumble into different limitations or issues. For example, on our ASA 5555-X we had major delays trying to push new policies from the Firepower Management Centre (FMC) to the newly imaged FTD ASA. With a total of just 5 policies implemented it took over 2 minutes to deploy them from the FMC to the FTD.

We also found that we were unable to configure any EtherChannel interfaces. This is considered a major drawback especially for organizations with multiple DMZ zones and high-bandwidth traffic requirements. Cisco has an official announcement for this right here.

In addition to the above, when we completed the conversion of our ASA to the FTD software we needed to open a TAC Service Request in order to get transfer our ASA License to the FTD image, adding additional unnecessary overhead and confusion. We believe this should have been automatically done during the installation process.

Cisco ASA Firepower Threat Defense (FTD) Installation – Quick Overview

Reimaging the Cisco ASA 5555-X Appliance to install the Cisco Firepower Threat Defense image is fairly simple once you understand what needs to be done. Here are the steps in the order they must be executed:

How to Get a Free Fully Functional Cloud-Based Unified Communications PBX with Free Trial Hosting on Google Cloud, Amazon or OVH!

Posted in IP PBX - Unified Communications

3cx ip pbx client consoleCrazy as it might sound there is one Unified Communications provider who is giving out free fully functional cloud-based PBX systems without obligation from its users/customers.

3CX, a leader in Unified Communications, has just announced the availability of its new PBX Express online wizard designed to easily deploy a PBX in your own cloud account

3CX’s Advanced Unified Communications features were recently covered in our article The Ultimate Guide to IP PBX and VoIP Systems - The Best Free IP PBXs For Businesses. In the article we examined the common components of a modern Unified Communications platform and how they are all configured to work together enabling free real-time communications and presence for its users no matter where they are in the world.

Now Free Cloud-based services are added to the list and the features are second to none plus they provide completely Free Trial Hosting, Domain Name, associated SSL certificates and much more!

3CX’s intuitive dashboard allows quick & easy administration with zero prior experience!

3CX’s intuitive dashboard allows quick & easy administration with zero prior experience!

Here’s what the Free Unified Communications PBX includes:

  • Free fully-functional Unified Communications PBX
  • Up to 8 simultaneous calls
  • Ability to make/receive calls on your SIP phones or mobile devices via IP
  • Full Support for iPhone and Android devices
  • Full support for iPads and Tablet devices
  • Presence Services (See who’s online, availability, status etc.)
  • Instant Messaging
  • Video conferencing
  • Desktop Sharing
  • Zero Maintenance – Everything is taken care of for you!
  • Free Domain Name selection (over 20 countries to select from!)
  • Free Trial Hosting on Google Cloud – Amazon Web Services or OVH!
  • SSL Certificate
  • Fast deployment- no previous experience required
  • Super-easy administration
  • …and much more!

3CX’s Unified Communications PBX system is an advanced, flexible PBX that can be run locally in your office at no cost which is why thousands of companies are switching to 3CX. With the choice of an on-premises solution that supports Windows and Linux operating systems and now the free cloud-based hosting – it has become a one-way solution for companies seeking to move to an advanced Unified Communications system but at the same time seeking to dramatically cut telecommunication costs.

3cx ip pbx smartphone iphone clientThanks to its support for any SIP-based IP phone and mobile device (iPhone, Android, iPad, Tablet etc.) the 3CX IP PBX has quickly become the No.1 preferred solution.

3CX’s commitment to its customers and product is outstanding with regular updates covering its main UC PBX product but also mobile device clients - ensuring customers are not left with long outstanding problems or bugs. 3CX recently announced a number of bug fixes and enhancements for the 3CX Client for Android but also the 3CX Client for Mac confirming once again that it’s determined not to leave customers in the dark and continually improve its services and product’s quality.

Read The Ultimate Guide to IP PBX and VoIP Systems - The Best Free IP PBXs For Businesses article for more information on the 3CX UC solution.


Best VPN Review: Private Internet Access (PIA) Features, Pricing, User Experience, Benchmarking & Torrenting

Posted in Best VPN Reviews

Private Internet Access PIA VPN ReviewThe market for Virtual Private Networks has exploded over the past few years. A wealth of new providers has appeared, promising logless browsing, true anonymity, and fast speeds. Through all that noise, it’s becoming increasingly difficult to find the Best VPN for your needs.

Thankfully, there are some established brands that stand above the rest. One of these is Private Internet Access (PIA), launched by London Trust Media in 2010. PIA is very popular for P2P downloads, allowing torrents on every server via secondary VPNs.

In addition, PIA keeps no logs and eliminates DNS leaks, IPv6 leaks, web tracking and malware. It boasts over 3200 servers across 24 countries, as well as a free SOCKS5 proxy.

PIA’s VPN Gateways provide thousands of servers across the globe

PIA’s VPN Gateways provide thousands of servers across the globe

It’s a fast VPN and quite wide-reaching. All of this comes at a price of only $3.33 (US) a month, though there are a few caveats.

PIA VPN represents an amazing value for money

At only $3.33/month US, PIA represents an amazing value for money

Primarily, there is a slightly limited ability to bypass region blocks. PIA might require logging into a few VPN servers to find one that successfully unblocks Netflix or Hulu, but does work without a problem with BBC and other geo-restricted content. Additionally, its popularity means users are more likely to be incorrectly blacklisted from sites.

While the desktop VPN client seems fairly simple, the iOS and Android clients are have a more pleasing look and interface. Despite the simplified desktop interface PIA still remains one of the Best VPNs around offering great value for money.

Quick overview of VPN features offered by Private Internet Access

Quick overview of VPN features offered by Private Internet Access

PIA VPN Client Installation

Although it may not be the most beautiful VPN client out there, the sign-up and install process for PIA is simple, and the website is nice enough to make the signup and client installation an easy-to-follow process even for novice users. Registration requires only a couple of clicks and an email address. PIA takes care of the password for you, sending your user and login details via those details. You’re also given a link to the client installer for each platform, guides, and a dedicated new user support thread. It’s all fairly fool-proof.


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup