Topic: Information Security

Recent Tags

.net access-control account-security active-directory aes aircrack-ng android anonymity antimalware antivirus apache api appsec asp.net asp.net-core asp.net-mvc asymmetric attack-prevention attack-vector attacks audit authentication authorization aws backdoor backup banks bash biometrics boot bot breach brute-force buffer-overflow burp-suite c++ cdn centos certificate-authority certificates certification challenge-response chrome ciphers cissp clickjacking client client-side cloud-computing cloud-storage cloudflare compression confidentiality configuration cookies countermeasure crl crossdomain cryptography csrf css ctf curl custom-scheme data-leakage databases ddos debian decryption denial-of-service destruction detection dhcp diffie-hellman digital-signature directory-traversal dlp dns dns-domain documentation domain drm e-commerce ecc email email-attachments email-spoofing emv encoding encryption entropy epp ethernet exploit exploit-development export exposure facebook file-access file-encryption file-system fingerprint firefox firewalls forensics freebsd ftp fuzzing gaming geolocation git gmail gnupg google gpg4win gps gssapi handshake hardening hardware hash hashicorp-vault have-i-been-pwned historical html html-5 http http-proxy http2 icloud identity-management ids iis image imap infection-vector injection integrity internet intrusion investigation ios ip ip-spoofing iphone ipsec isp java javascript john-the-ripper kali-linux kerberos key key-exchange key-generation key-management key-server keyloggers kleopatra known-vulnerabilities krack lan legal letsencrypt license-enforcement linux logging macos malware man-in-the-middle manual-review md5 memory metasploit mimikatz mobile mod-security modem mongodb multi-factor mysql network network-access-control network-scanners nfs nginx node.js nsa oauth2 objective-c obscurity one-time-password openbsd openid-connect openpgp openssl operating-systems owasp owasp-top-ten packet password-cracking password-management password-policy password-reset passwords pci-dss pem penetration-test pepper performance perl permissions pfx pgp phishing phone php phpmyadmin physical-access physical-signature ports postgresql pptp privacy process professional-education programming protection protocols proxychains public-key public-key-infrastructure python random remote-desktop remote-server requirements reverse-engineering risk router rsa salt saml secret-sharing secrets-management secure-coding secure-renegotiation sensitive-data-exposure sha sha2 sha256 shellcode shellshock shodan signal silverlight single-page-app smartphone sms sniffing snooping social-engineering social-media software-engineering sql-injection sqrl ssd ssh sso stack-overflow stagefright standards storage tamper-resistance tcp tcpdump terminology third-party threat-mitigation threat-modeling threats tls tls-downgrade token tomcat tools tor torrent totp tracking trojan trust tunneling uac ubuntu unicode url usb-drive user-management user-names user-tracking validation virtualhost virtualization virus virus-removal voip vpn vulnerability vulnerability-assessment vulnerability-scanners web-application web-authentication web-browser web-of-trust web-scanners web-service webauthn webserver websites websocket wep white-hat whitelist whois wifi wifite windows windows-10 windows-server wireless wireshark wpa2 wpa3 x.509 xmlrpc xss zap

Recent Articles

Solved by user38418 (516 ) Aug 31, 2022 at 12:07	Is it bad practice to have a 'super admin' - so they effectively bypass security checks in your system?
	#account-security

Solved by user172108 (3,571 ) Aug 28, 2022 at 05:15	Do CloudFront edges talk to custom origins over open (non-AWS) networks?
	#tls#aws#cdn

Solved by user86735 (5,409 ) Aug 25, 2022 at 18:39	Why did WebAuthn beat PAKEs as the preferred password replacement?
	#passwords#cryptography#webauthn

Solved by user242928 (7,863 ) Aug 21, 2022 at 15:15	What happens to malicious traffic in a scrubbing center during a DDoS attack?
	#ddos#cloud-computing

Solved by user175727 (598 ) Aug 18, 2022 at 21:33	What is the name of this concept involving hashes?
	#hash

Solved by user42391 (9,718 ) Aug 15, 2022 at 16:25	Can DMARC's SPF alignment be spoofed?
	#email#email-spoofing#spf#dmarc

Solved by user106285 (64,666 ) Aug 12, 2022 at 01:40	ThinkShield secure wipe - SSD does it forbid data recovering?
	#encryption#deletion#key#ssd

Solved by user53333 (40,283 ) Aug 10, 2022 at 11:14	Content-Type and Code Execution
	#asp.net#iis#asp.net-mvc

Solved by user195165 (397 ) Aug 08, 2022 at 21:14	SQLMAP setting parameter
	#sql-injection#sqlmap

Solved by user195165 (397 ) Aug 07, 2022 at 14:34	What is the purpose of the critical flag being enabled (128) on a CAA IODEF record?
	#tls#dns#caa

Solved by user264855 (4,664 ) Aug 04, 2022 at 07:24	Can static IP address be used as a component of MFA?
	#multi-factor#sftp

Solved by user280357 (722 ) Jul 30, 2022 at 23:02	Why does anyone not use Let's Encrypt?
	#tls#letsencrypt

Solved by user49489 (17,608 ) Jul 30, 2022 at 02:08	How do I keep Python Sockets secure for Multiplayer Games?
	#network#python#programming

Solved by user7311 (1,056 ) Jul 28, 2022 at 22:50	Any security concerns when importing self-signed certificate to Trusted Root certification Authorities store?
	#certificates#windows

Solved by user163295 (248 ) Jul 28, 2022 at 14:40	Malware file path
	#malware#windows

Solved by user280357 (722 ) Jul 27, 2022 at 21:05	What is the reason why Microsoft decided not to provide updates when bypassing TPM requirements?
	#windows#tpm

Solved by user110686 (3,277 ) Jul 26, 2022 at 11:27	Can malware spread through HDMI, Display Port or USB
	#malware#usb#video

Solved by user54284 (50,502 ) Jul 25, 2022 at 23:01	What are the methods to prevent and detect front-end behavior alterations in mobile apps?
	#mobile#client-side

Solved by user92213 (7,527 ) Jul 24, 2022 at 06:09	Is a sha256 hash of a unix timestamp a strong password
	#passwords#databases#entropy#sha256#postgresql

Solved by user280357 (692 ) Jul 23, 2022 at 18:19	Someone created a Disney+ account with my e-mail address. Are there any security concerns?
	#account-security#icloud

Solved by user64135 (1,392 ) Jul 22, 2022 at 19:22	What is the best practice for relying parties to selectively trust certificates in a corporate pki hierarchy?
	#public-key-infrastructure#certificate-authority#x.509#trust#certificate-pinning

Solved by user134095 (710 ) Jul 22, 2022 at 08:35	How is TouchID more secure than a simple password?
	#encryption#authentication#biometrics

Solved by user53333 (40,323 ) Jul 22, 2022 at 00:04	Would Encrypted FEK, IV, actual MIME type and file size metadata stored unencrypted affect the security of encrypted files?
	#encryption

Solved by user280696 (1 ) Jul 21, 2022 at 16:32	Do git commit signatures reveal key uid if different from git email?
	#digital-signature#gnupg#git#github

Solved by user127837 (10,056 ) Jul 20, 2022 at 14:00	Can an ISO file be harmful if opened as an archive?
	#malware#windows#virus#windows-10

Solved by user41093 (176 ) Jul 20, 2022 at 03:17	What makes TPM "trusted"?
	#tpm

Solved by user117761 (5,759 ) Jul 19, 2022 at 09:21	Is the certificate of this Windows EXE really invalid?
	#certificates

Solved by user53333 (40,293 ) Jul 18, 2022 at 23:54	Does S/MIME encryption encrypt with each recipient's key?
	#encryption#email#smime

Solved by user69717 (19,813 ) Jul 18, 2022 at 17:59	Is any client-sided password just security by obscurity?
	#cryptography#hash#javascript#client-side

Solved by user42391 (9,743 ) Jul 18, 2022 at 16:58	Why is it not possible to override password hashes
	#passwords#hash

Solved by user69717 (19,868 ) Jul 17, 2022 at 13:32	Can attacker gain access to my private network application through pivoting and/or lateral movement?
	#android#webserver#router#routing#pivoting

Solved by user37315 (184,197 ) Jul 17, 2022 at 08:05	What exactly happens when I "validate" a digital signature?
	#digital-signature

Solved by user37315 (183,424 ) Jul 17, 2022 at 08:05	What exactly happens when I "validate" a digital signature?
	#digital-signature

Solved by user242928 (7,863 ) Jul 16, 2022 at 21:18	Cryptographic hash functions and personal password management
	#passwords#cryptography#password-management#password-cracking

Solved by user71850 (2,235 ) Jul 16, 2022 at 18:35	SSH strict "pubkey with a password" required for login?
	#ssh#openssh

Solved by user37315 (184,972 ) Jul 16, 2022 at 08:42	Does showing the permission level of an account to all users a bad security practice?
	#account-security

Solved by user6253 (2,172 ) Jul 15, 2022 at 07:44	Is it possible to get "real" IP from a host machine which is using a SSL-VPN connection?
	#tls#vpn#javascript#ip

Solved by user414 (50,592 ) Jul 14, 2022 at 10:10	How to securely use `pass`, `sudo`, and `npm` on the same machine
	#password-management#gnupg#sudo#npm

Solved by user142657 (574 ) Jul 13, 2022 at 12:48	Zap: How to export Fuzzer results/report with the Request and Response?
	#fuzzing#zap

Solved by user64135 (1,427 ) Jul 11, 2022 at 17:15	How can I recover the full certificate chain knowing the final X.509 certificate?
	#public-key-infrastructure#x.509

Solved by user238799 (1,389 ) Jul 09, 2022 at 12:17	How dangerous can an anti-cheat software be, on Linux operating systems?
	#linux#gaming

Solved by user68078 (527 ) Jul 06, 2022 at 10:26	Risk of injecting a malicious script/code?
	#xss#vulnerability#html

Solved by user137710 (1,738 ) Jul 05, 2022 at 19:15	DNS reverse lookup not finding domain name during enumeration
	#dns#dns-domain#enumeration

Solved by user1898 (4,783 ) Jul 05, 2022 at 10:09	Guardrails Around Logs For Devs
	#logging

Solved by user256475 (1,227 ) Jul 04, 2022 at 11:32	firewalld rules that will block traffic from internet but allow internal traffic
	#firewalls

Solved by user238799 (1,389 ) Jul 03, 2022 at 11:09	No antiviruses scan graphics cards VRAM for malware?
	#malware#antivirus#antimalware

Solved by user279966 (46 ) Jul 02, 2022 at 19:10	Is there software on Windows that will protect myself from devices like the "USB Rubber Ducky"?
	#usb#badusb

Solved by user37315 (184,332 ) Jul 02, 2022 at 04:48	Is it still possible to embed executables in PDF in 2022?
	#malware#metasploit#pdf

Solved by user279857 (141 ) Jun 29, 2022 at 19:07	TLSv1: should DHE be enabled?
	#tls#diffie-hellman

Solved by user216298 (305 ) Jun 29, 2022 at 07:39	How is RDP through VPN safer?
	#vpn#remote-desktop#rdp

Solved by user81442 (871 ) Jun 28, 2022 at 16:43	What exactly is Application.Hacktool.AMZ?
	#antivirus#tools#threats

Solved by user414 (50,862 ) Jun 27, 2022 at 22:32	Does knowing how an encrypted file changed make it vulnerable?
	#file-encryption

Solved by user37315 (184,197 ) Jun 26, 2022 at 05:24	How to know if an Amazon AWS server is safe or not?
	#aws

Solved by user42391 (9,301 ) Jun 24, 2022 at 15:05	Can a plain text email contain XSS injection?
	#email#xss

Solved by user42391 (9,618 ) Jun 22, 2022 at 16:37	Is an HMAC of an email address with a permanent secret key a good way to generate security tokens for unsubscribing from an email list?
	#email#hmac

Solved by user279596 (26 ) Jun 22, 2022 at 12:12	KB Patches not taking effect for CVE-2022-26832: .NET Framework Denial of Service Vulnerability
	#microsoft#patching

Solved by user117761 (5,720 ) Jun 22, 2022 at 09:20	What is CA response after giving them the CSR?
	#tls#certificates#certificate-authority#csr

Solved by user167377 (1,414 ) Jun 21, 2022 at 06:22	Crack JWT HS256 with hashcat
	#brute-force#jwt#hashcat

Solved by user117761 (5,370 ) Jun 20, 2022 at 13:30	Can DDNS provider perform a MITM attack?
	#tls#man-in-the-middle#dns

Solved by user242928 (7,828 ) Jun 19, 2022 at 17:56	ssh-keygen fingerprint format is different between RSA+ECDSA and ED25519
	#openssh

Solved by user106285 (64,507 ) Jun 18, 2022 at 23:25	Security advanatages to running a webapp inside a container, which is ALSO inside a vm?
	#virtualization

Solved by user15761 (1,068 ) Jun 18, 2022 at 19:18	Is having a seperate server to handle encryption operations a secure way to protect a private key for a web application?
	#encryption#aes#web

Solved by user156661 (1,173 ) Jun 18, 2022 at 18:25	How does this PortSwigger lab's XSS work?
	#xss#injection#burp-suite#ctf

Solved by user37315 (184,342 ) Jun 16, 2022 at 10:20	can these encryption methods for a text file protect against physical access to machine by adversary?
	#encryption#cryptography#attacks#gnupg#file-encryption

Solved by user37315 (184,457 ) Jun 16, 2022 at 04:20	Identification of weak and anonymous ciphers with openssl
	#certificates#openssl#ciphers

Solved by user278575 (41 ) Jun 15, 2022 at 17:19	How do I compare a signed .exe file with the unsigned version of the same .exe file?
	#windows#code-signing

Solved by user35450 (153 ) Jun 15, 2022 at 14:18	Why certain sites don't send newsletters to "anonymous" mail addresses?
	#privacy#email#anonymity#user-tracking

Solved by user4028 (851 ) Jun 15, 2022 at 07:10	EAP-TLS for securing internal local WLAN?
	#windows#linux#radius#802.1x#wpa2-eap

Solved by user129919 (101 ) Jun 13, 2022 at 21:17	SSL certificate not standards compliance in Safari
	#tls#openssl#macos

Solved by user17035 (6,238 ) Jun 13, 2022 at 15:36	deleted a subkey and can now no longer decrypt
	#gnupg#pgp#decryption#key

Solved by user54284 (50,657 ) Jun 13, 2022 at 00:05	Is Blaster worm still dangerous on Windows 10?
	#worm

Solved by user37315 (183,594 ) Jun 12, 2022 at 21:26	What exactly is the sense of DoT with respect to privacy, given that my provider can log my destination IP addresses?
	#dns#dot

Solved by user235964 (11,162 ) Jun 12, 2022 at 09:52	How to deal with targeted attacks from publisher when verifying the integrity of native applications and validating their source code?
	#man-in-the-middle#source-code#code-signing#end-to-end-encryption#mobile-app

Solved by user37315 (183,758 ) Jun 12, 2022 at 06:46	Client IP spoofing to carry out a TLS conversation, when the server only accepts connections from that client IP?
	#tls#man-in-the-middle#ip-spoofing

Solved by user242928 (7,638 ) Jun 10, 2022 at 21:27	Is a very long and random password theoretically immune to password cracking?
	#passwords#hash#password-cracking

Solved by user213165 (826 ) Jun 10, 2022 at 09:34	Open-Source Hardware Security Modules (HSM)
	#hardware#integrity#opensource#hsm

Solved by user264855 (1 ) Jun 10, 2022 at 08:18	Is there any security benefit from emailing a "secure link"?
	#email#url#email-attachments

Solved by user61443 (57,662 ) Jun 09, 2022 at 19:16	Altering requests after authenticating
	#authentication#web-application#http#sql-injection#burp-suite

Solved by user54284 (50,562 ) Jun 08, 2022 at 20:34	Most secure way to use a Raspberry Pi as a security cam
	#web-browser#raspberry-pi

Solved by user69717 (19,733 ) Jun 08, 2022 at 17:50	Best practices for verifying authenticity of public key
	#digital-signature#gnupg#pgp

Solved by user47524 (8,517 ) Jun 08, 2022 at 15:57	Gzip only request body of HTTPS request security BREACH?
	#tls#http#vulnerability#server#compression

Solved by user49741 (4,910 ) Jun 07, 2022 at 22:18	TLS1.3 handshake encryption
	#encryption#tls#network#handshake

Solved by user162855 (36 ) Jun 07, 2022 at 20:20	How to hunt for phishing websites?
	#phishing

Solved by user53333 (40,153 ) Jun 07, 2022 at 10:19	Why does this Windows process run with High integrity?
	#windows-10#uac#mandatory-access-control

Solved by user4028 (851 ) Jun 06, 2022 at 22:35	OpenVPN algorithms configuration to allow only TLS 1.3
	#openvpn

Solved by user47524 (8,536 ) Jun 06, 2022 at 20:28	Is is safe to pass an API key in a HMAC hash?
	#hmac#sso#sha-3

Solved by user42391 (9,311 ) Jun 06, 2022 at 15:32	How would you counter an email/honeypot mischief scenario?
	#email#attack-prevention#denial-of-service#honeypot

Solved by user70406 (16,090 ) Jun 05, 2022 at 06:34	Is OTP an acceptable alternative to a password in single-factor authentication?
	#authentication#one-time-password

Solved by user253338 (11 ) Jun 03, 2022 at 21:19	Hosting the certificates from CSP in Windows Store to be visible for other applications
	#certificates#cryptography

Solved by user242928 (7,828 ) Jun 03, 2022 at 20:37	Why are key IDs typically the *last* digits of the key hash?
	#hash#key-management#gnupg#pgp

Solved by user70738 (25,586 ) Jun 03, 2022 at 07:11	How risky is it to let someone know the name of your Windows PC?
	#network#windows#attacks#ip#windows-10

Solved by user61443 (57,447 ) Jun 02, 2022 at 19:24	Is it acceptable to exclude folders in antivirus?
	#antivirus#defense

Solved by user73113 (117 ) Jun 02, 2022 at 12:11	Should I worry about compromised firmware when reinstalling an OS?
	#malware#operating-systems#firmware

Solved by user73113 (117 ) Jun 02, 2022 at 12:11	Should I worry about compromised firmware when reinstalling an OS?
	#malware#operating-systems#firmware

Solved by user47524 (8,556 ) Jun 01, 2022 at 21:44	nonce generation based on php session id
	#php#content-security-policy

Solved by user153494 (12,570 ) Jun 01, 2022 at 21:20	How do I prevent this PHP/Apache exploit?
	#php#apache

Solved by user256475 (1,227 ) Jun 01, 2022 at 04:27	Flashdrive data confidentiality when disconnecting flashdrive from machine abruptly
	#disk-encryption#file-encryption#data-leakage#usb-drive

Solved by user53333 (39,973 ) May 31, 2022 at 10:32	Interaction of a Code Signature and a Timestamp token from a TSA
	#openssl#code-signing#timestamp

Solved by user264577 (176 ) May 30, 2022 at 18:21	How is Paypal spying on my incognito browsing?
	#web-browser#spyware

Solved by user37315 (183,748 ) May 30, 2022 at 15:20	Can I bypass SSL pinning If I found the certificate hardcoded in the application
	#tls#android#certificate-pinning