Need help on deciding which cyber security certificates to pursue in the future

I want to know which cyber security certificates I should pursue. I am currently majoring in a cyber security degree and still have 2 years to go. Is it worth to pair it up with an entry - intermediate certificate to increase my job chances once I graduat ...

Why is this shellcode not working? Writing to code/text segment possible culprit?

I've been looking more into the techniques behind stack/buffer overflow lately, and after much investigation, found myself learning assembly and writing my own shellcode. It has been a educational experience so far, especially with figuring everything out ...

What's the point in a proxy server authorizing/authenticatin
g clients?

I've implemented a SOCKS5 proxy library, but I just don't get the point of authenticating (or encrypting) connections, which the RFC (1928) seemed pretty adamant about. Isn't anonymity the whole idea of a proxy? I also understand that encrypting traffic ...

Chrome extension: what permissions usually make privacy leakage happen?

I am studying how privacy leakage happens by Chrome extensions. First, "privacy leakage" I mean, for example, the extension sends host users browsing history/behaviors to 3rd party. Second, I found the permissions are defined in "manifest.json" of exten ...

How do you test buffer overflows in the lab?

I'm doing a lot of learning about buffer overflows, and BROP. My problem is how can I test against real software in the lab? I can find a lot of CVE's that contain sever bugs that are open to a buffer overflow attack but no way of testing. By default inst ...

Cracking SHA512CRYPT hashes John The Ripper ISSUE !!

I have this list of 5 hashes: $6$MkbPcknS$NTOz5a7Szv2ad
xHpoPb55jnhBZkKezFWcoPMuZ
GDbxnHHY5fUO9BRfy6i/eeYZy
.06wrQTgBoXPluvgtWnZY0 $6$Xgo.WFop$/5PCIZnvSCwri
TQUu/6ajx8vRl408dLxRm2boK
fngDahUuTKXuf/XZVnQVI.3tC
HhxLb02hFZQhfI.gmpko1 $6$RlU5WC6D$mLE3iogAqS ...

Is it possible to obtain PHP source code via SQL Injection?

Recently discovered a breach into my website, trying to determine how the breach occurred. Can't go into too much detail but actor was able to obtain PHP variable names and values from an SQL config file (*.php). File system has no FTP access, only SSH an ...

Mitigation of Spectre and Meltdown affecting host OS from guest OS (Virtualbox)

I don't know all the details of Spectre and Meltdown, but the way I understand it is that they allow reading from memory, not writing to it. Also, I read that at least Spectre can get out of the virtual machine and therefore also affect the host OS. Final ...

How can meta tags be considered as information leakage?

I was studying the standard OWASP testing guide and and the book suggests to review meta files to check if there is an information leakage flaw. By meta files the author means robots.txt and meta tags am unable to understand what author means and how ac ...

OWASP Testing Guide Equivalent for Desktop Applications

I was wondering if any of you know of a guide similar to the OWASP Testing Guide but meant specifically for desktop applications? I had no luck searching the Internet. I am looking for something that focuses on or includes blackbox testing, and preferab ...

What does Frank Abagnale mean by "Level 4 security" in his talk at Google?

During his talk at Google, Frank Abagnale mentioned the following: ...we will be doing away with passwords in the next 24 months. Passwords will leave the world, there will be no more passwords. There is a new technology called Trusona...it is a compa ...

gpg-zip using secret key sign a zip

I have the following problem. I created a Key-Pair with Thunderbird (Engimail), then I exported the asc file, and importet it in the git bash to gpg. Now I need to sign a zip. Using the command: gpg-zip --sign abc.txt def.txt I get the message: gpg ...

How is revoking a CA cert possible?

From what I understand, the cert is created using a private key ONLY ONCE, and once it's issued to a website, it stays on that website's server. As a retrospective measure, how can a CA make this cert invalid again if it can't remove the cert from someone ...

Delete pictures forever?

I sent some sensitive images from my personal phone to my personal laptop on school WiFi. I have already shredded the files on my laptop and I believe from my iPhone as well (I deleted them on my phone and then went to recently deleted files and deleted t ...

Accessing sensitive database through public analysis to preserve privacy

I'm exploring a solution that would allow large technology companies to allow access to their database for analysis, in a way that would protect the privacy of its users. I would love feedback on the idea. The problem Many large companies, especially soc ...

How to prevent TLS downgrade on client side?

Today I noticed by experiment that Google Chrome (69.0.3497.100) and Firefox (62.0.3) both were willing to connect to a server which only supported TLS 1.0, even though the corresponding support was removed in the browser settings. In Wireshark I could ...

Disable Google API key without access to google account

I was trying the new google api - I created anonymous account - added there my debit card, set up the API key for google maps. Tried API and pushed my API key to shared repository (yes I know - my fault). Then I forgot my credentials to the google account ...

Dns spoofing and ssl site

Can anybody explain what happens in this situation Lets assume we hijack dns server and rediret users form goodsite.com to badsite.com and also goodsite.com use ssl so when user redirect to badsite.com the browser shows alarm and users find they are in w ...

Blind SQL Injection on Amazon RDS

I found a vulnerability which allows me to run any query on an Amazon RDS server. I was able to extract the user hashes by using the --passwords parameter of sqlmap, and one of the hashes was cracked before. The thing is, I'm not sure that first the Amazo ...

What are the dangers of "style-src: 'unsafe-inline'
"?

This is a common sight in content security policies: style-src 'unsafe-inline'
I know that this "UI redressing attacks" that can be use for phishing or just defamation. But are there other threats as well? In particular, I am interested in: Script exe ...

What a malicious user could do with a refresh token that cannot be revoked and has 1 year expiry time?

In ADFS 4.0 a refresh token cannot be renowed without passing through an authorization request flow (asking the user again for credentials) and cannot be revoked. I'm forced to put a 1 year lifetime for the refresh token to avoid forcing the user to ente ...

I'm hacked without telling anyone my ip

I have a pc with static IP bought from my ISP and RDP enabled. I was using this PC for development and didn't tell or use it for any communication purpose so it's not possible that someone knew about it. But I got hacked with a ransomware and all my files ...

SSLSPLIT not working with WSS

Is there a way in sslsplit through which we can bypass WSS over 443. Slack and a lot other websites are not working correctly

Is possible to attack a Wordpress website if someone know username and password of admin account?

I have a small question about the security for my Wordpress website. Currently, I prevented accessing my wp-admin by htaccess as well as use functions.php to create a function to prevent accessing admin panel if user is Admin. I want to know, if someone ...

Timing Attacks: Against PHP Server - Prevention/Tutorials

What is the most simple and effective way to Prevent the Timing attacks for the programmers who use PHP? I'm a high school student, I'm new to programming and I've been learning Security since few weeks. I know Blind SQL Injection attacks and I know how ...

Lowering Firefox sandbox settings to enable use of Sandboxie

As discussed on the official forum, to use Firefox 60+ with Sandboxie, Firefox's security.sandbox.content.
level needs to be lowered to level 2. Now my concern is that the lowered sandbox content level actually has a negative impact on the security. For ...

Are nearby attackers dangerous?

It is a general consensus that physical access can be dangerous. However, I would like to know attack vectors if attackers only get nearby access to the system. I’m assuming that the word access refers to contact. Sometimes, attackers may not be able t ...

How does dex compare with hydra?

I am in process of choosing an SSO tool for our project. The main criteria is deployment needs to be on-prem. I have so far looked at Keycloak, hydra, dex & AuthN. I am seeing a lot of similarities between hydra and dex. Since I am new to this domain, I ...

Protecting Keys with External Factor

I have some symmetrical encryption keys (DEK) stored in the database alongside with the encrypted data. DEK's are encrypted by the public key of the HSM. The application server uses HSM with PKCS11 interface. The key and data decryption is done inside the ...

What's the best approach to mirror facebook page feed to a Whatsapp channel?

I have a facebook page which posts image content regularly on it's feed. I want to create a Whatsapp account (preferably a bot) which people can subscribe to with a message, and start receiving all the new posts on the page as Whatsapp message from that n ...

How can I change duckduckgo to show results by pages?

I recently changed my browser to duckduckgo. I really enjoy it so far, but I'm not a fan of the More button showing the results in one continuous page. Is there any way to change this functionality to use separate pages instead?

How to create a keygen

I have a list with approx 500 serial numbers (each one with 10 digits) and all the 500 passcodes generated for those serials (also with 10 digits, but alphanumeric). Is possible to discover the logic of those passcodes and create a keygen?

Python: hashdump script for macOS/OSX

I'm looking at this hashdump.py designed to extract macOS/OSX password hashes. But my Python isn't great. I'm hoping someone can explain (or perhaps add comments to) some of the lines I've marked and explain what exactly is happening. import os import ba ...

Reliable way to kill AV processes on windows?

What is a reliable way to kill AV Processes that are protected against termination? (Like most antivirus) I have SYSTEM level access on a machine but running a taskkill /F on the process still returns "Access Denied" I've tried wmic process where name=' ...

Scan for infection of malicious files manually?

I know there are options of free security softwares out there that do good job like malwarebytes, but I really want to learn how to scan for possible threats of malicious files on your pc manually. I know you could check irregular and unfamiliar activiti ...

Do steganography ensures confidentiality?

Can we say that steganography ensures confidentiality? I think it does not ensure because it is based on the security through obscurity and then it does not respect Kerckhoffs's principles, but the notion of confidentiality being highly subjective, I woul ...

Does steganography ensure confidentiality?

Can we say that steganography ensures confidentiality? I think it does not ensure because it is based on the security through obscurity and then it does not respect Kerckhoffs's principles, but the notion of confidentiality being highly subjective, I woul ...

Understanding execve() exploit instructions

There is an exploit available that utilizes execve() syscall to spawn a shell in only 24 Bytes. I know this is exploit requires an executable stack, but I am not interested in what the exploit actually accomplishes. Most instructions of the exploit are p ...

How did a bug like CVE-2018-10933 (libssh authentication bypass) happen?

How did a bug like the recent libssh vulnerability come to exist? Exactly what is the nature and root cause of the bug? From libssh's website: libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presentin ...

Is it possible to become infected with virus, trojan or malware by browsing the infected sites or running installation .exe?

I am quite paranoid and I am always afraid that when i accidentally open some infected sites it would run scripts that automatically download malwares, viruses and trojans into my pc and run by themselves without prompting the download window. Do browse ...

Migrating from a JBoss 4.0.5 to JBoss EAP 6.4

Migrating from a legade web application based on JBoss 4.0.5 to JBoss EAP 6.4, what details may I have to look for, beyond datasource configuration? Old libs like JSF 1.x will continue to work?

Odd characters -- including a backslash -- in magstripe track 1 name field?

I've been in the Point of Sale industry for decades. Parsing card magnetic stripe track 1 data has never been difficult. But lately we've started to see some odd data in the name field of cards that customers have been swiping on our PIN pads. (It's also ...

What is an egg?

I've seen the term 'egg' used in several questions used on here, but I can't seem to find an explanation for it. I have a vague idea that an egg is a way of placing shell code onto the stack and getting it to execute (?). My question is what is an egg, wh ...

windows password-change still allows old password

Desktop with windows 10 (at home). I changed my windows password several days ago, did restart several times, and still both old and new password work. How to make windows forget the old password?

Windows 10 still allows old password [migrated]

Desktop with Windows 10 (at home). I changed my Windows password several days ago, restarted several times, and still both old and new passwords work. How to make Windows forget the old password?

Limit rights for user applications

I have a website, where users are available to upload small applications which runs 24/7 on my server. So if the user upload an application, some folders will be created: /{USER_ID}/{APP
_ID}/ (if the user folder already exists, the /{USER_ID}/ folder ...

Do I need CSRF Protection?

I have a Rest API that is located at api.example.com. The user logs in at app.example.com and gets a Cookie which contains the authentication related information and handles the session. Every page validates that the data contained in the token is valid. ...

Nmap not following redirect when using "http-title" script

I am trying to scan a bunch of IPs for their http-title. Now the problem I have is that nmap pretty much never follows any redirects. Usually the title I want is behind that redirect though. For example I try to run nmap like this: nmap --script http-ti ...

How to authenticate a specific client program?

I have a server application which provides functions to a client program. The client is also programmed by me. Now I want to authenticate the client program itself (not any user) before using my service. I want to achieve that my service can only be used ...

HSTS for android apps?

Websites such as facebook visited on browsers have the HSTS capability which is one more layer of security compared to Https from some attacks. What about, in particular, facebook android app? Does it have HSTS? We already discussed that this app and ma ...

Concepts of PKI Encryption and Digital Signature Authentication

I am trying to understand how SSL uses PKI and Digital Signature authentication to ensure secure and verified communications. I've read various sources online and from what I can tell the basic process is: A Server is given a Certificate from a Certifica ...

What will happend if I change the SYSname SNMP?

I want to learn about SNMP pentesting for that I have downloaded vyos Virtual machine. Next I downloaded snmpwalk tool to pentest the SNMP protocol. I have learned that If someone guess/brute-force the Community string then he can get some juicy info. ...

Kerberos unconstrained delegation for user

I've noticed that there is an option to set "Trust this user for delegation to any service" that can be set for service users. I've read a lot about unconstrained delegation with regards to computers but haven't seen users mentioned anywhere. Can anyone ...

Is AES+hash rather than HMAC problematic?

I will now ask a strange question, but bear with me. I can't share the entire usecase, but the point is to allow the holder of a secret key to create "strings" (used in other systems). The strings should be: non-reversible (=> hash) and should nobody but ...

Is a local author software enough security?

So currently I develop a big blogwWebsite with Firebase as my backend just for information. So right now (not released/published the page yet) I give my authors accounts special rights to access pages others can't access (I protect them via a middleware). ...

Multiple contributor security for blog

I currently develop a big blog website with Firebase as my backend just for information. Right now (not released/published the page yet), I give my authors accounts special rights to access pages others can't access (I protect them via a middleware). On t ...

sniff traffic with bettercap which going through proxy server configured in browser

Using bettercap, how can I intercept traffic which goes to a proxy server which is configured in browser? With no proxy configured it is working fine. But as soon as a proxy is set in the browser connection settings, bettercap is unable to see traffic. ...

Use bettercap to sniff traffic going through a proxy configured in the browser?

Using bettercap, how can I intercept traffic which goes to a proxy server which is configured in browser? With no proxy configured it is working fine. But as soon as a proxy is set in the browser connection settings, bettercap is unable to see traffic. I ...

Google Titan: backdoors possible given the protocols used?

Following the recent post at ZdNet on Google Titan devices designed and manufactured by a Chinese vendor and therefore potentially prone to build-in backdoors: is it even theoretically possible given the protocols and standards used? If so, how could suc ...

U2F devices: backdoors possible?

Following the recent post at ZDNet on Google Titan devices designed and manufactured by a Chinese vendor and potentially prone to built-in backdoors: is it even theoretically possible to inject a backdoor on a U2F device, given the protocols and standards ...

Random PayPal 2FA Codes

I sent an email out to PayPal a few weeks ago, and no response to my question, so I've decided to bring it to the Community for help (as the issue has occurred just 30 minutes ago) So, I'd say maybe a month or two ago (three max) I received probably 5 or ...

What is the specific basis that allows an entity to connect a cert chain to a trusted root?

Let's say I want to validate an entity that presents an X509v3 certificate, "Leaf". Leaf is a cert signed by SigningCA. SigningCA's cert, "SigningCert", was signed by RootCA. RootCA's cert, "RootCert" is in my system's trust store. I pull Leaf and see ...

POST Method Anti-CSRF Help With Burp Suite

I am testing a web application and encountering anti-CSRF tokens within forms which is hampering fuzzing attempts using Burp Suite intruder. An anti-CSRF token appears as csrf-token within a HTML meta field. On submission of a form, the same token is URI ...

Determine All Possible Fields in HTML Form

Is it possible to determine all form fields which are excluded from a page? For example: Assume that a web app developer is attempting to control access to certain functions by excluding specific form fields from a page. Can a user identify which fields ...

How to find geolocation of a photo in Linux?

I have taken some photos on my Ubuntu machine, and I'd like to know whether they contain geolocation, and if so, what are they. How can I do that?

Spring Session management

I want to implement a simple session management on spring web mvc for local project. I have a login form, some URLs for user functions, an interceptor,a controller and also an authenticator and authorizor (WebSecurtiyConfigurerAda
pter). How can I achie ...

JA3 and its usefulness

JA3 was created by people at Salesforce and it is a way of creating TLS/SSL fingerprints due to the fact that negotiation is done in the clear. According to JA3, these fingerprints give someone the ability to identify client applications using the details ...

Can maliciously modified ACPI AML be executed without a reboot?

ACPI tables contain ACPI Machine Language, or AML, which is executed by an interpreter in the kernel at boot. Certain ACPI tables, such as the DSDT, are necessary to support hardware ACPI events such as resuming a suspended system. To access these tables, ...

X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside

I am getting this error in VS 2010 Web Forms application developed in VB.NET. javascript:return WebForm_OnSubmit(); When I hover over it I get the error in the subject line. Can somebody please help me out here? Another tip, it works fine on our Prod ...

Understanding Linux audit.logs for SSH - USER_AUTH

Let's say I have this entry in my Linux audit.log: type=USER_AUT
H msg=audit(1357702397.903:
2747564): user pid=15121 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authenti
cation acct="test" exe="/usr/sbin/sshd&
quot; hostname=192.20.11.53 addr=192.20.11.53 t ...

BOGON network traffic alerts

I am analyzing some network logs and I see some strange traffic. dstip=192.0.0.1
app=STUN dstport=16393 p
roto=udp While researching this is I know the 192.0.0.* space is rfc6890 and not for normal use. The application STUN in conjunction with TURN, are ...

Norton 360 blocking Windows 10 network share/printers if Default Block Microsoft Windows 2000 SMB is active

Tried asking via Norton's forums but would never let me post question. Norton 360 blocking Windows 10 network share/printers if Default Block Microsoft Windows 2000 SMB is active. Is anyone else facing this problem? Whats the correct solution other than d ...

Where to find the security hardend docker images

Is there any service that provides certified , security hardend docker images for common platforms like python , php , node , java , etc with 0 major and critical CVEs. Currently we are using the ones from RedHat but the problem is , even If I scan the R ...

Where to find the security hardened docker images

Is there any service that provides certified, security hardened Docker images for common platforms like Python, PHP, Node, Java, etc. with 0 major/critical CVEs. Currently, we are using the ones from RedHat but the problem is, even If I scan the RedHat p ...

Cross Origin Resource Sharing null vs wildcard?

I am testing an application that uses widget. These widgets are placed in the customer websites to use as some sort of tracking clicks device and returns some data too, therefore it is necessary to use CORS. For example, in the customer's page it contain ...

Real life scenario for remote file execution

This is a commonly demonstrated attack because it is easy to explain and understand. The premise is that the victim does something like (oversimplified PHP example): include( $_GET['file']);
And the attacker can pass a path to a php script on it's ser ...

SOX Compliance - Is Running EOL Equipment Considered a Violation?

Let's say I have some networking equipment that will no longer receive vulnerability patches after 2019. This equipment makes up the spine of the company infrastructure. Let's say it's definitely IN EVERYONE'S BEST INTEREST to go ahead and upgrade thi ...

CVE-2018-10933 - Bypass SSH Authentication - libssh vulnerability

Looks like CVE-2018-10933 was just released today and you can find a summary here from libssh here Summary: libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SU ...

PCI compliance of a SaaS provider

We (merchant) will be using a SaaS to sell learning modules and accept credit card payments through a redirect to a service provider that will process the credit card payments. The SaaS will be hosted by Amazon web services. Should the SaaS provider need ...

PDF and embedded JavaScript

We have completed a vulnerability and a penetration test. One feature of our application allows for documents to be uploaded, and we allow for PDF documents. Prior to a document being accepted we scan for Virus and ensure the document is a valid PDF. Al ...

How does a vpn protect my information? A d other quesions

How does a vpn potect my infomation when i suef the web? Does it work offline from the web? Are tere malicious vpns

What are the considerations when migrating from Bitlocker to Veracrypt?

We are currently evaluating migrating from Bitlocker to Veracrypt. Based on the most recent update to Veracrypt, there appears to be support for UEFI/GPT. Additionally it seems that decryption isn't required when updating Windows 10. The reasons for migr ...

Keepass2 vs KeepassXC - KeePass-Http connector - Mono in Linux

please forgive beginner question. I have been using Xubuntu for several years now; this question is regarding password managers under Linux/Ubuntu. I have been using Keepass2 which is just such an amazing password manager; HOWEVER I have the following ...

How to crack saved chrome/firefox passwords on linux

Saved Chrome passwords are no longer plaintext, how to decrypt them without accessing my google acc? The file in question is %localappdata%/Google/Chr
ome/User Data/Default/Login Data Same question goes for firefox, that is if they encrypt their pws too. ...

Groupme security

I used groupme on my personal phone on my school WiFi and sent some very private messages. I have confirmed that my school is not performing a MITM attack by comparing grc fingerprints. However, I’ve read that groupme does not provide end to end day enc ...

GroupMe encryption

I used GroupMe on my personal phone on my school WiFi and sent some very private messages. I have confirmed that my school is not performing a MITM attack by comparing grc fingerprints. However, I’ve read that GroupMe does not provide end-to-end encry ...

Can my school read my GroupMe messages since they are not end-to-end encrypted?

I used GroupMe on my personal phone on my school WiFi and sent some very private messages. I have confirmed that my school is not performing a MITM attack by comparing grc fingerprints. However, I’ve read that GroupMe does not provide end-to-end encry ...

IOT secure data transfer

I have a question about a monitoring software architecture. This is difficult to describe as my English is not very good and its not a very well specified domain yet. Think about 50 different locations in different cities. Assume that these locations are ...

Recovering hidden contects from a jpg picture

Is there any way someone could recover information from jpg hidden texts... For example in the picture

Recovering hidden contents from a jpg picture

Is there any way someone could recover hidden text from a jpg. For example in the picture

How to enforce on the OS level my employee using only my AES keyboard

I have multiple employees - and they all have AES keyboard. I would like to enforce on the OS platform to work only with this AES keyboard. Is that possible? Assuming my employees OS is (Windows 10, Ubuntu, MAC OSX). How could it be done? I wasn't able t ...

How to enforce on the OS level to recognise only certain keyboards

I give employees AES wireless keyboards. I would like to enforce the OS to only recognise the keyboard we supply. Is that possible? Assuming my employees OS are Windows 10, Ubuntu, Mac OSX. How could it be done? I wasn't able to find how to enforce it ju ...

What happens when the timestamper's certificate expires?

What happens when the timestampers certificate expires? If the code is now untrusted, can it be re-stamped without re-signing? If not, what good does this timestamp do me if my cert is valid until the same date? TimeStamperCertific
ate : [Subject] ...

What (besides not complying, and reporting) should I do with blackmail emails?

Windows Server 2008 | how nmap bypassed Firewall rules

I need to block communication(inbound/out
bound) from server A to Server B (all ports/all protocols). Server A should communicate with every machine except server B. I can't place firewall rules on Server B. So I have placed all rules in server A. Server ...

How can Nmap bypass Windows Server firewall rules?

I need to block all communication (inbound/outbound) from server A to server B (all ports/all protocols). Server A should communicate with every machine except server B. I can't place firewall rules on server B, so I have placed all rules on server A. I ...

Can a "Accept cookie" button in a website do any harm or collect any sensitive information?

I don't remember when this "accept/cancel cookie" button started to be used in websites. Why they really insist on getting user to click on this button? Can it do any harm to user's PC or to collect any private and sensitive data? Their reason for this mo ...

Can "Accept cookie" button in a website be malicious?

I don't remember when this "accept/cancel cookie" button started to be used in websites. Why do they insist on getting users to click on this button? Can it do any harm to user's PC or to collect any private and sensitive data? Their reason for this mos ...

traffic decryption DMZ deploy

we have various servers in our DMZ's some of them are behind load balancers (but only few). We also have Blue Coat SSL Visibility Appliances currently deployed in passive-tap mode (we get the inbound and outbound traffic copy via SPAN) - in this mode we c ...

Decrypting DH traffic in DMZ

We have various servers in our DMZ's. Some of them are behind load balancers (but only few). We also have BlueCoat SSL Visibility Appliances currently deployed in passive-tap mode (we get the inbound and outbound traffic copy via SPAN) - in this mode we c ...