Category: Old Posts – History

Posts archive till up to December 2025.

The Art of Operational Security: How to Stay Invisible in a Connected World

~ Tom's IT Cafe ~ Leave a comment

In a world where every action, every communication, and every step online leaves a trace, the art of operational security (OpSec) becomes not just important – it becomes survival. In a connected digital landscape, where anonymity is increasingly hard to come by, mastering OpSec isn’t just about avoiding danger; it’s about staying invisible. It’s about making sure that you leave no footprints behind, whether you’re traversing the deep web or simply logging into your bank account.

Continue reading “The Art of Operational Security: How to Stay Invisible in a Connected World”

The Importance of Using a Client-Side Firewall on Linux: A Comparison of iptables and UFW

~ Tom's IT Cafe ~ Leave a comment

Linux-based systems are widely known for their security and flexibility, but no system is immune to cyber threats. A client-side firewall plays a crucial role in enhancing security by controlling inbound and outbound network traffic. While Linux offers various firewall solutions, iptables and UFW (Uncomplicated Firewall) are two of the most commonly used.

Continue reading “The Importance of Using a Client-Side Firewall on Linux: A Comparison of iptables and UFW”

Why Everyone Should Use a Secure and Trustworthy VPN Connection

~ Tom's IT Cafe ~ Leave a comment

In today’s digital age, where cyber threats are increasing in complexity and frequency, protecting one’s online privacy and security has become a necessity. Whether browsing the internet from a home network, a public Wi-Fi hotspot, or a corporate environment, using a secure and trustworthy Virtual Private Network (VPN) is critical. A VPN ensures that users can maintain confidentiality, protect their data from cyber criminals, and access the internet securely.

Continue reading “Why Everyone Should Use a Secure and Trustworthy VPN Connection”

How to Locate the Dashboard in OWASP Juice Shop

~ Tom's IT Cafe ~ Leave a comment

The OWASP Juice Shop is a widely used platform in cyber security education and penetration testing, simulating a vulnerable web application where users can practice identifying and mitigating security flaws in a controlled environment. One core challenge in Juice Shop is finding hidden functionality, such as the admin dashboard, which often includes sensitive operations and insights into an application’s internal workings. This guide will walk you through finding the Juice Shop dashboard, highlighting techniques that improve your penetration testing skills in real-world scenarios.

Note: This article is intended for educational and authorized penetration testing purposes only. Always obtain explicit permission before testing any live system.

Continue reading “How to Locate the Dashboard in OWASP Juice Shop”

Why Do Attackers Prefer Social Engineering Over Brute-Forcing?

~ Tom's IT Cafe ~ Leave a comment

Imagine a would-be intruder outside a locked door. They could try every key in existence, hoping one fits (the brute force method), or simply knock and claim they’re a friend, tricking someone into letting them in (social engineering). Most attackers prefer the latter for good reason. Brute-forcing is time-consuming, suspicious, and often ineffective, while social engineering is like slipping a skeleton key into human trust. Why social engineering is the favored strategy?

Continue reading “Why Do Attackers Prefer Social Engineering Over Brute-Forcing?”

Using John the Ripper to Find Weak Passwords in Linux Systems (Penetration Testing)

~ Tom's IT Cafe ~ Leave a comment

Disclaimer: This article is intended solely for educational and cyber security purposes, intended to help cyber security professionals and learners understand how passwords can be exposed and how to prevent such vulnerabilities. Unauthorized access to computer systems is illegal and unethical. Always obtain proper authorization before conducting penetration testing on any network or system.

In penetration testing, understanding potential vulnerabilities within Linux-based systems is essential for both offensive and defensive strategies. Linux systems store user account information in two files: the /etc/passwd file and the /etc/shadow file. Together, these files contain details that can help penetration testers uncover weak password policies and determine how secure a system’s authentication process is.

Continue reading “Using John the Ripper to Find Weak Passwords in Linux Systems (Penetration Testing)”

OSINT for Social Media Investigations: Gathering Information about Individuals

~ Tom's IT Cafe ~ Leave a comment

Open Source Intelligence (OSINT) has become an essential technique in cyber security, investigation, and research due to its non-invasive, publicly accessible nature. Social media platforms, with their wealth of publicly available information, are prime OSINT resources for understanding a person’s online footprint, behavior, interests, and connections.

Continue reading “OSINT for Social Media Investigations: Gathering Information about Individuals”

How to Set Up and Host a Chat on the Dark Web

~ Tom's IT Cafe ~ 2 Comments

Setting up a PHP-based chat application like Le Chat on a Linux virtual machine (VM) with MySQL and Apache, specifically configured to run over the Tor network, involves several steps. Even if you don’t want to run an entire .onion empire, it is good to know the basic rules of such systems, how to set it up and what are the limits of Tor’s privacy. After some research in the topic I found dozens of very different chats on the Onion network that run Le Chat, some are very friendly and legal, the other are dark and hostile. Let’s take a look at how can you host your own instance from the comfort of your chair!

Continue reading “How to Set Up and Host a Chat on the Dark Web”

Why Business Owners Need Strong Passwords and Two-Factor Authentication (2FA)

~ Tom's IT Cafe ~ Leave a comment

In today’s increasingly digital world, cyber security has become an essential component of business operations. Many business owners and stakeholders may assume that cyber threats only affect large corporations or high-profile companies. However, small and medium-sized businesses are often even more vulnerable, as cyber criminals know they may lack robust security measures. Implementing strong passwords and two-factor authentication (2FA) is a straightforward yet crucial step that can help protect business assets and maintain trust with clients and partners. Here’s why these practices should be a priority for every business owner.

Continue reading “Why Business Owners Need Strong Passwords and Two-Factor Authentication (2FA)”

Penetration Testing Linux Servers with Hydra for SSH Login

~ Tom's IT Cafe ~ Leave a comment

Disclaimer: This article is intended solely for educational and authorized penetration testing purposes. Unauthorized access to systems is illegal and punishable by law. Always have explicit permission before attempting any form of testing on a system.

Linux servers are a backbone of today’s internet infrastructure, supporting critical operations for countless organizations. While Linux is known for its robust security features, misconfigurations and weak credentials can still leave servers vulnerable to unauthorized access. Hydra, a powerful network login cracker, is commonly used by penetration testers to assess the strength of SSH login credentials on Linux servers.

Continue reading “Penetration Testing Linux Servers with Hydra for SSH Login”

Why Hiring an OSINT Professional is a Smart Move for Online Investigations and Background Checks

~ Tom's IT Cafe ~ Leave a comment

In today’s digital age, vast amounts of data lie scattered across the internet, waiting to be unearthed. For companies seeking to protect their interests, ensure compliance, or conduct thorough background checks, this data can be invaluable – if they know how to access it. This is where hiring an OSINT (Open Source Intelligence) professional becomes a game-changer. Let’s break down why bringing in an OSINT expert is a strategic investment for any organization.

Continue reading “Why Hiring an OSINT Professional is a Smart Move for Online Investigations and Background Checks”

The Art of OSINT: Locating Where a Photo Was Taken

~ Tom's IT Cafe ~ Leave a comment

When doing Open Source Intelligence (OSINT), the first step can often be as thrilling as detective work – for example determining where a photo was taken. Imagine you have a single photograph: it could be of a building, a beach, a street corner, or a mysterious landmark. How do you peel back the layers of pixels and find out where this place exists in the real world? Let’s go step-by-step into this fascinating process and explore the tools and tricks that can help you uncover the story behind an image’s location.

Continue reading “The Art of OSINT: Locating Where a Photo Was Taken”