Topic: Information Security

Recent Tags

access-control account-security active-directory aes aircrack-ng android anonymity antimalware antivirus apache api appsec asp.net asp.net-core asp.net-mvc asymmetric attack-prevention attack-vector attacks authentication automation backup banks bash batch bcrypt biometrics bios bitcoin black-box bluetooth breach browser-extensions buffer-overflow c c++ caa career cdn centos certificate-authority certificate-transparency certificates chrome chromium ciphers client client-side cloud-computing code-review code-signing compiler compliance compression confidentiality configuration consumer-protection cookies countermeasure credit-card crossdomain cryptanalysis cryptography csr csrf ctf curl custom-scheme cvss dane data-recovery data-remanence databases ddos deauth-attack decryption defense deletion denial-of-service detection diffie-hellman digital-signature disk-encryption dkim dlp dmarc dns dns-domain dnssec documentation domain drm e-commerce email email-attachments email-spoofing encryption entropy enumeration epp eu-data-protection exploit exploit-development exploit-kits export exposure facebook facial-recognition fido file-encryption file-system file-types firewalls forensics freebsd ftp gdpr gmail gnupg google government gps gssapi hardening hardware hash heartbleed historical hmac hsts html html-5 http icloud identification identity-management image imap incident-response injection internet intrusion investigation iot ip ip-spoofing iphone ipsec iptables ipv6 isp java javascript john-the-ripper jwt k-anonymity kerberos key key-exchange key-generation key-management key-stretching keyloggers known-vulnerabilities krack lan ldap legal letsencrypt linux log4shell mac-address macos magnetic-stripe-card malware man-in-the-middle manual-review md5 metasploit mobile mod-security msfvenom multi-factor mysql network network-scanners nfc nfs nginx nonce oauth2 obfuscation objective-c ocsp offline openbsd openid-connect openpgp openssl openvpn operating-systems packet password-cracking password-management password-policy passwords payment-gateway pbkdf2 pci-dss peap penetration-test pepper permissions pfx pgp phishing phone php physical physical-access pkcs12 plugins ports postgresql pptp privacy professional-education protocols proxy proxychains public-key public-key-infrastructure python radius rails random ransomware rc4 rest risk-analysis risk-management rootkits routing rsa same-site-cookies scam scrypt sdl secret-sharing secure-renegotiation security-theater sensitive-data-exposure server session-management sha sha256 shellcode signal silverlight single-page-app skype smartcard smartphone smb smtp sniffing social-engineering social-media software-engineering source-code spam spf sql-injection sqlmap sqrl ssh sslstrip stack-overflow standards steganography storage system-compromise tcp threat-mitigation threat-modeling threema tls token tomcat tools tracking trojan trust ubuntu udp unicode unix url url-redirection usb usb-drive user-management user-names user-tracking validation vehicle video virtualhost virus virus-removal voip vpn vps vulnerability vulnerability-assessment vulnerability-scanners web web-application web-browser web-hosting web-of-trust web-scanners webserver websites websocket wep whatsapp whitelist whois wifi wifite wildcard windows windows-server wireless wireshark wordpress wpa2 wpa3 wps x.509 xampp xmlrpc xss xxe zap zero-day

Recent Articles

Is it bad practice to have a 'super admin' - so they effectively bypass security checks in your system?

Do CloudFront edges talk to custom origins over open (non-AWS) networks?

Why did WebAuthn beat PAKEs as the preferred password replacement?

What happens to malicious traffic in a scrubbing center during a DDoS attack?

What is the name of this concept involving hashes?

Can DMARC's SPF alignment be spoofed?

Content-Type and Code Execution

SQLMAP setting parameter

What is the purpose of the critical flag being enabled (128) on a CAA IODEF record?

Can static IP address be used as a component of MFA?

Why does anyone not use Let's Encrypt?

How do I keep Python Sockets secure for Multiplayer Games?

Any security concerns when importing self-signed certificate to Trusted Root certification Authorities store?

Malware file path

What is the reason why Microsoft decided not to provide updates when bypassing TPM requirements?

Can malware spread through HDMI, Display Port or USB

What are the methods to prevent and detect front-end behavior alterations in mobile apps?

Is a sha256 hash of a unix timestamp a strong password

Someone created a Disney+ account with my e-mail address. Are there any security concerns?

What is the best practice for relying parties to selectively trust certificates in a corporate pki hierarchy?

How is TouchID more secure than a simple password?

Would Encrypted FEK, IV, actual MIME type and file size metadata stored unencrypted affect the security of encrypted files?

Do git commit signatures reveal key uid if different from git email?

Can an ISO file be harmful if opened as an archive?

What makes TPM "trusted"?

Does S/MIME encryption encrypt with each recipient's key?

Is any client-sided password just security by obscurity?

Why is it not possible to override password hashes

Can attacker gain access to my private network application through pivoting and/or lateral movement?

What exactly happens when I "validate" a digital signature?

What exactly happens when I "validate" a digital signature?

Cryptographic hash functions and personal password management

SSH strict "pubkey with a password" required for login?

Is it possible to get "real" IP from a host machine which is using a SSL-VPN connection?

How to securely use `pass`, `sudo`, and `npm` on the same machine

Zap: How to export Fuzzer results/report with the Request and Response?

How can I recover the full certificate chain knowing the final X.509 certificate?

How dangerous can an anti-cheat software be, on Linux operating systems?

Risk of injecting a malicious script/code?

DNS reverse lookup not finding domain name during enumeration

Guardrails Around Logs For Devs

firewalld rules that will block traffic from internet but allow internal traffic

No antiviruses scan graphics cards VRAM for malware?

Is there software on Windows that will protect myself from devices like the "USB Rubber Ducky"?

Is it still possible to embed executables in PDF in 2022?

TLSv1: should DHE be enabled?

How is RDP through VPN safer?

Does knowing how an encrypted file changed make it vulnerable?

How to know if an Amazon AWS server is safe or not?

Can a plain text email contain XSS injection?

Is an HMAC of an email address with a permanent secret key a good way to generate security tokens for unsubscribing from an email list?

KB Patches not taking effect for CVE-2022-26832: .NET Framework Denial of Service Vulnerability

What is CA response after giving them the CSR?

Crack JWT HS256 with hashcat

Can DDNS provider perform a MITM attack?

ssh-keygen fingerprint format is different between RSA+ECDSA and ED25519

Security advanatages to running a webapp inside a container, which is ALSO inside a vm?

Is having a seperate server to handle encryption operations a secure way to protect a private key for a web application?

can these encryption methods for a text file protect against physical access to machine by adversary?

Identification of weak and anonymous ciphers with openssl

How do I compare a signed .exe file with the unsigned version of the same .exe file?

Why certain sites don't send newsletters to "anonymous" mail addresses?

EAP-TLS for securing internal local WLAN?

deleted a subkey and can now no longer decrypt

Is Blaster worm still dangerous on Windows 10?

What exactly is the sense of DoT with respect to privacy, given that my provider can log my destination IP addresses?

How to deal with targeted attacks from publisher when verifying the integrity of native applications and validating their source code?

Client IP spoofing to carry out a TLS conversation, when the server only accepts connections from that client IP?

Is a very long and random password theoretically immune to password cracking?

Open-Source Hardware Security Modules (HSM)

Is there any security benefit from emailing a "secure link"?

Altering requests after authenticating

Most secure way to use a Raspberry Pi as a security cam

Best practices for verifying authenticity of public key

Gzip only request body of HTTPS request security BREACH?

How to hunt for phishing websites?

Why does this Windows process run with High integrity?

OpenVPN algorithms configuration to allow only TLS 1.3

Is is safe to pass an API key in a HMAC hash?

How would you counter an email/honeypot mischief scenario?

Is OTP an acceptable alternative to a password in single-factor authentication?

Hosting the certificates from CSP in Windows Store to be visible for other applications

Why are key IDs typically the *last* digits of the key hash?

How risky is it to let someone know the name of your Windows PC?

Is it acceptable to exclude folders in antivirus?

Should I worry about compromised firmware when reinstalling an OS?

Should I worry about compromised firmware when reinstalling an OS?

nonce generation based on php session id

How do I prevent this PHP/Apache exploit?

Flashdrive data confidentiality when disconnecting flashdrive from machine abruptly

Interaction of a Code Signature and a Timestamp token from a TSA

How is Paypal spying on my incognito browsing?

Can I bypass SSL pinning If I found the certificate hardcoded in the application

Validating CSRF state with an OAuth2 POST Callback

Can packets on one home wifi network be sniffed by a computer on a different home wifi network?

Is this really a way to filter LFI?

Bots learn about a new web site as soon as I open it in Chrome. How do I look for leaks?

Another browser opens URL without logging in

Hashing email addresses using scrypt

Is application layer DoS dangerous?