Security Forem: Akuson Daniel

Linux Server Infrastructure Lab

Akuson Daniel — Fri, 23 Jan 2026 15:56:51 +0000

Project:Linux Server Infrastructure Lab

Environment: Ubuntu 24.04 LTS | VirtualBox | Windows 11 (Host)

Objective: From Bare Metal Installation to Remote Secure Management.

*Phase 1: Provisioning & OS Architecture *
The foundation was built by moving away from the "Desktop" mindset to a "Server" mindset.

Hypervisor Setup: Configured VirtualBox with optimized settings (2GB RAM, 2 CPUs) and enabled Hardware Virtualization (VT-x/SVM).

Minimalist OS Install: Deployed Ubuntu Server 24.04 LTS using LVM (Logical Volume Management) for flexible disk scaling.

The Shell Environment: Mastered the Linux Filesystem Hierarchy (/, /etc, /home).

Key Skills:

File CRUD operations (mkdir, touch, rm).

System updates and package management via apt.

Terminal navigation and text editing via nano.

*Phase 2: Networking & The Remote "Bridge" *
In this phase, I transitioned from local console access to a professional remote workflow.

Network Refactoring: Migrated from NAT to a Bridged Adapter to give the server a unique identity on the local network (LAN).

Remote Access (SSH): Established a secure encrypted tunnel from Windows PowerShell to the Linux server.

Network Troubleshooting: Used 'ip addr' for discovery and ping for connectivity verification.
*Phase 3: Hardening & Security *
A server is only as good as its defense. I implemented "Zero-Trust" principles for the lab.

Firewall Configuration (UFW): Implemented a "Deny-by-Default" policy.

Strategically allowed SSH traffic to prevent remote lockout.

Identity & Access Management (IAM): Created secondary user accounts (junior).

Managed administrative privileges via the sudo group.

The Linux Permissions Model: Deciphered the drwxrwxr-x permission strings.

Mastered Ownership Handover (chown) and Numerical Permissions (chmod).

Example: Utilized chmod 400 to create "Read-Only Vaults" for sensitive system files.

Phase 4: System Observability & Metrics (Current)
Monitoring the "Health" of the server to ensure uptime and performance.

Live Metrics: Utilized htop for real-time CPU and RAM visualization.

Storage Auditing: Used df -h to monitor disk consumption and prevent system crashes due to full volumes.

Session Auditing: Used last and history to track user activity and system changes.

Fintech Transaction Monitoring & Fraud Detection Using Splunk

Akuson Daniel — Wed, 21 Jan 2026 09:45:52 +0000

In this lab, I simulated a Nigerian fintech and Banks platform with 5,000+ realistic transaction events and use i Splunk to monitor transactions,detect fraud, and perform business analytics

N.B The Values used are randomized.

Splunk is widely used in:

*Security Operations (SOC)
*Business analytics
*Fintech monitoring

By completing this lab, I demonstrated:

Realistic data ingestion
Fraud detection & KPI tracking
Executive dashboard creation
SPL (Search Processing Language) skills.

DATASET OVERVIEW
I generated 5,000 events with 10 Financial Institutions event types

Event Type                Description

Fields included:
user_id, event_type, amount, bank, location, device, channel, status, `timestamp'

Step 1: Generate the Dataset

I used Python and VS Code to generate the dataset. Here’s the script:

`python
import json
import random
from datetime import datetime, timedelta

events = [
"PAYMENT_SUCCESS","PAYMENT_FAILED",
"LOGIN_SUCCESS","LOGIN_FAILED",
"OTP_SENT","OTP_FAILED",
"KYC_SUBMITTED","KYC_APPROVED","KYC_REJECTED",
"WALLET_FUNDED"
]

banks = ["GTB","Access","Zenith","UBA","Kuda","Opay"]
locations = ["Lagos","Abuja","Ibadan","PH","Benin"]
devices = ["Android","iPhone","Web"]
channels = ["MobileApp","USSD","Web"]

start_time = datetime(2025, 1, 1)

with open("fintech_5000.json", "w") as f:
for i in range(5000):
event = random.choice(events)
log = {
"event_type": event,
"user_id": f"U{random.randint(1000, 4000)}",
"amount": random.choice([0,5000,10000,20000,50000]),
"bank": random.choice(banks),
"location": random.choice(locations),
"device": random.choice(devices),
"channel": random.choice(channels),
"status": "FAILED" if "FAILED" in event else "SUCCESS",
"timestamp": (start_time + timedelta(seconds=i)).isoformat()
}
f.write(json.dumps(log) + "\n")
print("fintech_5000.json generated successfully")

step 2 : I Uploaded My Randomized Values using a Python Script in VS Code.

Upload Data to Splunk
Go to Splunk Home → Add Data → Upload
Select fintech_5000.json
Configure:
_Sourcetype: _json
_Index: main (or allowed index)
_Timestamp extraction: timestamp

`
index=main | stats count

That Harmless QR Code Could Be Your Next Breach.

Akuson Daniel — Fri, 10 Oct 2025 13:13:07 +0000

The Silent Cyber Threat Hiding in Plain Sight
What is Quishing?

Quishing(QR Code + Phishing) is a sophisticated social engineering attack where cybercriminals use malicious QR codes to trick victims into revealing sensitive information, downloading malware, or accessing fraudulent websites.

How Quishing Works: The Attack Lifecycle

Attackers distribute malicious QR codes through various channels:
Email campaigns: Fake invoices, package delivery notifications, or urgent security alerts
Physical locations: Parking meters, restaurant tables, posters, or stickers placed over legitimate QR codes
Social media: Promotional offers, event registrations, or cryptocurrency giveaways

Urgency: "Your account will be locked in 24 hours—scan to verify"
Greed: "Exclusive discount—scan for 50% off!"
Fear: "Parking violation—scan to avoid fine"
Curiosity: "Scan to reveal your surprise gift"

Once the victim scans the malicious QR code:

Credential Harvesting: Redirects to fake login pages mimicking legitimate services (Microsoft 365, banking portals, corporate SSO) 2.Malware Download: Initiates automatic download of spyware, ransomware, or remote access trojans 3.Payment Fraud Redirects to fraudulent payment portals or cryptocurrency wallets 4.Session Hijacking Steals authentication tokens or session cookies
MFA Bypass Uses real-time phishing to intercept multi-factor authentication codes

How to Protect Yourself and Your Organization

Before Scanning:

Verify the source—is the QR code from a legitimate sender?
Check for tampering on physical QR codes (stickers over originals)
Be skeptical of urgent or unexpected QR codes
Never scan QR codes from unsolicited emails or texts

After Scanning:

Preview the URL before proceeding
Verify the domain matches the expected organization
Look for HTTPS and valid certificates
Never enter credentials if something feels off
Use QR scanner apps that show URLs before opening

General Practices:

Keep mobile devices updated with latest security patches
Install reputable mobile security software
Enable device encryption and screen locks
Avoid scanning QR codes on public WiFi
Manually type URLs for sensitive transactions

For Organizations:

Technical Controls:

Email Security Enhancement
- Deploy advanced email security solutions with image analysis capabilities
- Enable QR code detection and sandboxing
- Quarantine emails containing QR codes from external senders
- Implement zero-trust architecture for mobile devices
Endpoint Protection
- Enforce mobile device management (MDM) policies
- Require mobile threat defense (MTD) solutions
- Implement mobile application management (MAM)
- Block access from jailbroken/rooted devices
Network Security
- Monitor for suspicious mobile device connections
- Implement DNS filtering to block known malicious domains
- Use network access control (NAC) for mobile devices
- Segment networks to limit mobile device access

As we increasingly rely on QR codes for convenience, we must remain vigilant about their security implications. Quishing represents a perfect storm: a trusted technology, minimal security awareness, and sophisticated attack techniques.

Remember: Convenience should never come at the cost of security. A two-second pause to verify a QR code could save you from a devastating breach.

Directory Brute Force (Discovering hidden directories and files in a web application)

Akuson Daniel — Wed, 23 Jul 2025 09:36:35 +0000

Objective: Discover hidden directories and files in a web application.
Target: Vulnweb

I made use of Dirb tool to run a Directory Brute force on Vulneweb.

DIRB (short for Directory Buster) is a command-line web content scanner used to brute-force directories and files on web servers. It helps you discover hidden content that’s not linked on the site.

I used the command prompt sudo apt install Dirb on my Virtual Machine.
After Brute Forcing, I discovered 8 Directories.

I used the command prompt “sudo apt install Dirb” on my Virtual Machine.
Ran this basic scan dirb http://testphp.vulnweb.com/ This uses the default wordlist included with dirb.

Mitigation:
A. Avoid Predictable Directory Names: Avoid using guessable paths e.g / admin12/
B. Use Authentication and Authorization to protect sensitive directories (like /admin, /config) using: Basic Authentication JWT or session-based authentication.
C. Rate Limiting & IP Blocking
Prevent brute force by limiting how fast clients can send requests using a WAF for example Cloudflare.
D. Custom 403/404 Responses
Don’t reveal what exists or not Return the same error page and response time whether the directory exists or not, avoid error messages that say "Directory listing for /admin found"

While trying to Brute Force the Directory, I encountered a few error(RECV ERROR) which wasn’t letting me view the Admin Directory in Vulnweb. I Had to create an admin Directory in order to query my Target(Vulnweb) Directory. When working sometimes you encounter errors along the line.

Discover hidden directories and files in a web application.

Akuson Daniel — Wed, 25 Jun 2025 14:04:52 +0000

Directory enumeration is a technique used during reconnaissance to discover hidden files and folders on a web server. It helps identify entry points, backup files, configuration folders or vulnerable scripts.
As part of a basic penetration testing reconnaissance phase, I conducted a content discovery scan on the publicly available web application hosted at http://testphp.vulnweb.com. The purpose of this test was to identify hidden directories and files that may not be linked directly within the application but could be accessed if known. Such content often includes administrative panels, backup folders, development files, or version control systems that may pose security risks if improperly configured.

Using the DIRB tool on Kali Linux, I executed the scan with the standard common.txt wordlist provided by the tool. The command used was: "scan dirb http://testphp.vulnweb.com/"

The scan successfully identified several directories and files that could be of interest from a security standpoint. Notably, the /admin/ directory exists but returns a 403 Forbidden response, suggesting that it may be protected or restricted, but its presence alone may invite further brute-force or access control testing.

Key Security Findings

Presence of /admin/ directory (403 Forbidden): Suggests an administrative interface which, if brute-forced or misconfigured, could allow unauthorized access to sensitive functionality.

Version control leak in /CVS/ folder: Reveals internal project structure and versioning information. These folders should not be publicly exposed in any live web environment.

Access to /secured/ folder: Despite the name implying restricted access, the directory is accessible and may require a deeper review to verify the sensitivity of its contents.

Exposed /vendor/ folder: Could reveal application dependencies and open up supply-chain or known-vulnerability exploits if directory listing is enabled.

Mitigations:

1-Avoid Predictable Directory Names: Avoid using guessable paths e.g / admin12/
2-Use Authentication and Authorization to protect sensitive directories (like /admin, /config) using: Basic Authentication JWT or session-based authentication.
3-Rate Limiting & IP Blocking: Prevent brute force by limiting how fast clients can send requests using a WAF for example Cloudflare.Custom 403/404 Responses
4-Don’t reveal what exists or not Return the same error page and response time whether the directory exists or not, avoid error messages that say "Directory listing for /admin found"

Perform basic reconnaissance to gather domain-related information using Vulnerable Web.

Akuson Daniel — Wed, 25 Jun 2025 13:42:27 +0000

Perform basic reconnaissance to gather domain-related information using Vulnerable Web.

Akuson Daniel — Sun, 22 Jun 2025 16:30:42 +0000

Reconnaissance is discovering and collecting information on the system and the victim. The reconnaissance phase is the planning phase for the adversaries.
In Ethical Hacking, Information gathering whereby Black Hat hackers, Hacktivists or white Hat Hackers gather Information about a web service. Even SOC analyst make use of this tool for either active or passive attacks surface level like open ports, services running, software versions, domain info, and network structure, used to spot potential Loopholes in a domain name system.

Objectives;

1-Identify Vulnerabilities
2-Get Footprints for Social Engineering
3-Planning Attack or Defenses.

Target: vulnweb.com

Tools Used: Whois, Nslookup.

Steps to Reproduce

Run Basic whois Lookup using Linux Operating System with the command “whois vulneweb.com" The Following were outputted;

i-Domain Name Registration
ii-Date the target website (Vulnweb) was created and its Expiry date
iii- Domain Headers
iv- DNS points to a live server.

I went further to query Vulnweb. Using Command “nslookup vulnweb.com”
Server: The query was sent to 8.8.8.8 (Google's public DNS server) on port 53.
Non-authoritative Answer:
Name: vulnweb.com
Address: 44.228.249.3 (IPv4 address)

Observations:
Primary source for vulnweb.com but is providing a cached or forwarded answer.
The IP address 44.228.249.3 is a valid IPv4 address, indicating vulnweb.com is resolvable and likely hosted on a server at this address.
The use of Google's DNS server suggests the system is configured to use a public DNS resolver rather than a local or ISP-provided one.
This output confirms that vulnweb.com was successfully resolved to an IP address at the time of the query, which could be part of network diagnostics or testing. The domain vulnweb.com is often associated with security testing.

Here are some few

Here are some Mitigation strategies:

Limit Publicly Available Information (OSINT) to mitigate Reconnaissance.
Block unnecessary ports, use firewalls, and apply network segmentation and Deploy Intrusion Detection Systems.
Use WHOIS privacy protection with domain registrar
Banner grabbing reveals Apache/nginx version to mitigate and turn off or obfuscate version banners.

How Browsers & Servers Communicate.

Akuson Daniel — Thu, 05 Jun 2025 11:06:31 +0000

HTTP headers are the control Language i.e. a medium or channel in which communications happen between BROWSERS & SERVERS on the internet. When you make a request using a Browser. for example www.example.com. The Http Header sends a GET request to the server asking for DATA. The Http now queries the Whole of the internet through DNS(Domain Name System) to find WWW.example.com. Http Headers are General, Client Request, Server Response and Entity headers.

In Security,Headers are used to Block Malicious Request from Threat actors through the help of Web Application Firewall.

Web Application Threat Hunting!

Akuson Daniel — Thu, 29 May 2025 13:54:06 +0000

In web application security, I’ve been exploring Burp Suite Community Edition to understand how attackers think — and how we, as defenders, can protect our systems.
This week, I learned how brute force attacks work using Burp Suite's Intruder tool. In simple terms, brute forcing is when an attacker tries many different username/password combinations until one works.
Here are my Takeaways from This Lab session.
Brute force can flood a server with repeated login attempts — this is dangerous if misused.
It doesn’t harm your own system directly, but it can get your IP blocked if done on live websites.
Testing without permission is illegal and can lead to serious consequences. That's why I used a legal environment (PortSwigger Lab).
I am super excited for the Task ahead in Finding Bugs in a web application
****

Phising "Most underated but sophisticated form of attacks of all Time"

Akuson Daniel — Tue, 06 May 2025 09:23:57 +0000

Warm greetings everyone! My day has been quite long, filled with extensive workouts, brainstorming sessions, navigating traffic, and contemplating effective ways to teach non-technical individuals about best practices for protecting their digital assets. Before drafting this post, I envisioned myself addressing a group of people. I got up at 11:30 p.m. and switched to presentation mode. I told them, "Imagine we are in a room together and I enter with a ShihTzu puppy. Each of you would smile and want to play with it because it’s a friendly, playful puppy. However, if I come into the same room with a non-venomous snake, everyone immediately goes on guard. Why? because It’s a snake (an inherent threat to humanity). Every single one of you should always keep in mind the idea of being in a room with “snakes” since, with technology evolving at a constant pace, even the smallest details (footprints on the web) automatically turn into threats. During Events like Black Friday most people have untrained eyes even 'devs' at some point fall for this trick which has been the most efficient form of entry point which can lead to back doors in a targeted system than most people think. Phishing has also been a form of Privilege escalation in recent times where Threat Actors visibly make use of 'Traffic surge' as a major factor when dealing with Non Technical users on the web. These has led to many incidents in the past years.