Cain & Abel Windows only password recovery tool Sniffs the network cracking encrypted passwords, brute force cracking NMAP Detect remote OS running on host(s) nmap -O 192.168.1.0/24 nmap -O 192.168.1.1 nmap -v -O –osscan-guess 192.168.1.1 https://highon.coffee/blog/nmap-cheat-sheet/#host-discovery THC Hydra Brute force attack tool used to show the ease to gain unauthorized access remotely Performs dictionary attacks against more than...

Security >> Application Security: Sessions and Logins: Session Tracking Session Awareness (disabled by default) Configure login page to detect username and associate it with the HTTP session None (default) Allows the use of Violation Detection Actions only User APM Usernames and Session ID Use Login Pages Select the custom login page Properties Authentication type (HTML Form, HTTP Basic/Digest Auth and NTLM) Username/Password Parameters Access...

Data Guard Data Guard will block (by default) or will mask (transparent) the sensitive information for the responses sent by the application server to the client Settings Location General Security -> Application Security: Data Guard Policy Security -> Application Security: Blocking: Settings – Negative Security Violations Data Guard: Information leakage detected Modes of Operation Data Guard in Transparent (Mask Data) Default Learn/Alarm...

Buffer Overflow Security -> Options: Application Security: Advanced Configuration: System Variables long_request_buffer_size – specifies the longest request length supported by the system (default is 10Mb) request_buffer_size – specifies the common request length supported by the system (default is 10Kb) https://support.f5.com/csp/article/K7935 File Uploads Once the new parameter that the application uses for the file upload...

Security -> Application Security: Anomaly Detection: Brute Force Attack Prevention Login Page IP Address Whitelist (IP Address/Subnet Mask) Session-based Brute Force Protection (Blocking Settings – Input Violations/Brute Force: Maximum login attempts are exceeded) Login Attempts from The Same client (5) Re-enable Login After (600) seconds – 10 minutes Dynamic Brute Force Protection (uses statistical analysis) Operation Mode...

Overview APM 11.3 and beyond offers iFrame Clickjacking protections via the apm.xframeoptions db key Clickjacking, also known as a “UI redress attack”, is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to clock on the top level page. Thus, the attacker is “hijacking” clicks meant for their webpage and routing them to another page, most likely...

Packet Processing Order Processing order when AFM/LTM/ASM modules are running in the same appliance: The packet is first evaluated by the packet filter (LTM) Next, it is evaluated by AFM. Keep in mind that AFM has its own order of operations and will work down that as well: global, route domain, virtual server, And self IP. LTM comes next Processes the 3 way handshake on the client side of the proxy ASM processes the traffic after LTM, and then...