security.didici.cc

Is this wireshark capture using TLS 1.2 or1.3?

1 hour ago

Which version of TLS is being used here?

Is this wireshark capture using TLS 1.2 oder 1.3?

1 hour ago

Which version of TLS is being used here?

WEBRTC MIMT in Signal & Threema messenger

6 hours ago

With the growing need for privacy I had diverted some of my research towards the importance of secure communication. Based on my research I have found two of the most primitive applications for communication are Signal and Threema. Arguably, voice/ video ...

When a hacker hacks your router can they infect your devices(computer, smartphones) with a virus/malware?

13 hours ago

Are the devices that use the wifi at risk? In a situation where the attacker has your router admin password they pretty much control your router. So if they control your router can malware be sent to the devices you use? Can the malware be sent directly t ...

Metasploitable: Location of file user_pass.txt [closed]

15 hours ago

The file user_pass.txt, generated from smb_enumusers, is not a "Escritorio". W
here is it?

Metasploitable: Location file user_pass.txt

15 hours ago

the file user_pass.txt, generate from smb_enumusers, is not a "Escritorio". w
hat is her location? Thanks

Bluetooth USB device shows up as HID Keyboard. Is it safe?

17 hours ago

I bought a USB Bluetooth adapter and my PC now has Bluetooth available, but while it's connected it is makes a "HID Keyboard" show up in my "Mouse, keyboard & pen" setting in Windows (which I can remove until I re-plug it again). Does it mean the device i ...

Why is there no fix for the commons beanutils Java deserialization gadget?

22 hours ago

I recently came across a vulnerability which was caused by unsafe deserialization (Java) and the user of the Apache Commons library commons-beanutils. The ysoserial project references commons-beanutils 1.9.2, so I thought that there might be a later versi ...

Switch WebServer is sending the wrong ssl certificate

22 hours ago

i hope someone could help on this. i have a Moxa 810 managed switch and i am trying to configure the access via HTTPS. In the swtich i have already allowed https with ./certstrap i created a CA and generated (signed) a ssl certificate that i deployed in t ...

Why not prompt for password and TOTP simultaneously? [duplicate]

23 hours ago

In most common web applications that support multi-factor authentication the user is first prompted for their username and password, and only after a successful first authentication the user is prompted for their TOTP token. Why is that? Are there any sec ...

2FA - Why not prompt for password and TOTP simultaneously?

23 hours ago

In most common web applications that support multi-factor authentication the user is first prompted for their username and password, and only after a successful first authentication the user is prompted for their TOTP token. Q: Why is that? Are there any ...

How to open PUT or DELETE methods securely?

1 day ago

If I wanted to open these methods in my REST APIs securely, how can I do that? What validations should I apply?

Why is my website certificate not verified by all browsers. Is this related to my CA or just misconfiguration?

1 day ago

I have a certificate signed by https://www.noip.com which I'm using in my website (https://angola.sytes.net
), but the certificate is only recognized by some browsers in some places. If you take a look at my website you'll see that the certificate was issu ...

What are the best free certificate providers over the internet?

1 day ago

I have a certificate signed by https://www.noip.com which I'm using in my website (https://angola.sytes.net
), but the certificate is only recognized by some browsers in some places. Is that related to the certificate signer? Where can I get a free certifi ...

Displaying a user's password in plaintext on login pages. Why is this practice becoming more widespread? [duplicate]

1 day ago

Over the years I've noticed that more and more login pages implement an eye icon next to the password field, that on click toggles between hidden and plaintext view of the password typed in that field. Why is this feature becoming more widespread? Why wou ...

AnyDesk | The Connection Reset By The Other Desk [closed]

1 day ago

During working with anydesk i repeatedly receive an error like : The Connection Reset By The Other Desk Sometimes with this error my wi-fi connection disconnects. What is this error? Nowhere on the internet there is such an error. Is my wi-fi provider a ...

What exactly is Application.Hacktool.AMZ?

1 day ago

I have been using Windows Product Key Viewer for ages to read current Windows' serial number. I had never any hack- or virus-related issue about this application. A few days ago I have installed Bitdefender and one my OneDrive started to download a number ...

Full disk encryption and data recovery capabilities

1 day ago

So I had linux mint with fde, had sensitive files on it, shut down my pc, and reinstalled a new linux mint OS with fde. What are the chances of data recovery from the first OS?

What is this certificate I found on my computer and can I delete it?

1 day ago

I noticed an error in my event viewer logs about certificate with specific thumbprint unable to be renewed. After I dug some more, I found that the certificate in question was accompanied by two other certificates located in Trusted Root Certification Aut ...

What is this certificate I found on my computer?

1 day ago

I noticed an error in my event viewer logs about certificate with specific thumbprint unable to be renewed. After I dug some more, I found that the certificate in question was accompanied by two other certificates located in Trusted Root Certification Aut ...

Why is my IP address hidden over HTTPS but not HTTP while I'm behind a proxy?

1 day ago

I am trying to connect to a supplier API but they have a whitelist of the IPs which can consume their API. I gave them my server IP so that they could add it to the whitelist but it is still not working. I suspect this is coming from my company proxy whic ...

How to hide IP using HTTP request through HTTPS proxies?

1 day ago

I am trying to connect to a supplier API but they have a whitelist of the IPs which can consume their API. I gave them my server IP so that they could add it to the whitelist but it is still not working. I suspect this is coming from my company proxy whic ...

Is using newsequentialid bad?

2 days ago

I found a project that uses T-SQL's newsequentialid() for one of their external ID columns which is used for public APIs. When that column is added to an existing table, each row gets an incremented GUID. Is this bad? A malicious user could quickly work o ...

i cannot crack the password using the john it give error no password hashes loaded

2 days ago

passwd.txt root:x:0:0:roo
t:/root:/bin/bash shadow.
txt root:$y$j9T$q/teA6wUZ
R80tSBEoiAmN/$lUdns2DwxLS
sdR2N9MgN71OSRW/atRkjyi.F
/1fmq29:19135:0:99999:7::
: error sudo john cracked1.txt Using default input encoding: UTF-8 No password hashes loaded (see FAQ)

Does knowing how an encrypted file changed make it vulnerable?

2 days ago

Scenario The following bash commands create an empty file test.txt, encrypt it using a default algorithm to test1.gpg, then append the line new line to the original file and encrypt it again to test2.gpg. Each of the gpg commands prompts the user to enter ...

Do I need to set up super global SESSION for a web form?

2 days ago

I am building a web form in PHP, is just for the user to request information about my services or send comments, so I don‘t need the user to be logged with a username and a password, no databse. I have the validation and sanitation scripts already for t ...

Medical center uses DOB for identification over the phone. Alternatives?

2 days ago

At my local medical center in New Hampshire, USA, every new encounter with a patient – office visits, booking appointments by phone, etc. – begins with the patient providing their name and date of birth. This is fine if I initiate the phone call or if ...

Medical center uses DOB for 2FA and requires cold-called patients to divilge theirs over the phone. How to fix?

2 days ago

At my local medical center in New Hampshire, USA, every new encounter with a patient – office visits, booking appointments by phone, etc. – begins with the patient providing their name and date of birth. This is fine if I initiate the phone call or if ...

SSL/TLS and its applications

2 days ago

For my memoir, I need to find documentations about TLS applications such as mail server protection and security of electronic transactions. Waiting for yours suggests

Is an attacker living close by able to identify my name and spoof my phone number by intercepting SMS messages?

2 days ago

As I read here and there, it seems like SMS isn't encrypted. Let's say I live in an appartment building. If someone uses a cellular modem to intercept my SMS messages, can they determine my name from the phone number and the personnal information within t ...

Is personnal information sent in an SMS enough to identify the name of the sender?

2 days ago

As I read here and there, it seems like SMS isn't encrypted. Let's say I live in an appartment building. If someone uses a cellular modem to intercept my SMS messages, can they determine my name from the phone number and the personnal information within t ...

Get encryption status of NAS TimeMachine disk

2 days ago

I’m writing a script to get the encryption status of Time Machine disks. I run defaults read /Library/Preferences/com.
apple.TimeMachine.plist and grep for LastKnownEncryptionState. This works fine for different sorts of USB disks, but remote NAS disks a ...

Can I Play a role of intermediate CA for my own applications?

2 days ago

Imagin I have a company. For the public website, I create key pair and ask a trustworthy CA to sign my public key. Now I have a valid Signed Certificate. So, for my private applications which are running on different machines in LAN network of the company ...

What are some ways to ensure that a cryptography library is reliable in an ecosystem that is new to me?

3 days ago

Cryptography is a core security service, and is generally considered a specialty that is difficult to get right unless one knows what they are doing. Furthermore, cryptography API misuse is rampant and the cause of many security vulnerabilities. This ques ...

What methods or services identify network attacks? [closed]

3 days ago

How can I trace network attacks where a stalker observes my traffic and other malware (including implanting malware/reconnaissance) W
hich services or methods should be able to identify the activity?

What methods or services identity APT network attack suspect? [closed]

3 days ago

How can I trace tricky APT (Advanced Persistent Threat) network attacks where a stalker observes me? Which services or methods should be able to identify the suspect? APTs (Advanced Persistent Threat) and other malware (including implanting malware/APT re ...

How to trace an attacker who has access to my devices

3 days ago

I have been a victim of cyber attacks for more than a year now. No matter how many times I'd change my accounts, password, devices, network; these people and their stalker would identify me and have access to my devices. They're doing things like deleting ...

APT (Advanced Persistent Threat) Solution

3 days ago

I have been a victim of cyber attacks (more like cyber terrorism) for more than a year now. The perpetrators got me because I converted to Judaism recently. No matter how many times I'd change my accounts, password, devices, network; these people and thei ...

What will happen if I accept this "Change your search setting to: smartwebfinder.com"?

3 days ago

When I want to install Ultrasurf extension it gives me this message: So I do not understand what this "Change your search setting to: smartwebfinder.com" wants to do. When I go to this website : smartwebfinder.com it redirects me to google.com Why does i ...

IS MULTI DRM ACTUALLY PROTECTING CONTENT

3 days ago

I was just watching premium content on a tech learning web application , Just noticed that when I opened snipping tool the video gone hide. I then searched for it and ended up at MULTI DRM protection which is simply mechanism to protect such type of conte ...

CISSP certificate: Is 5 years cybersecurity developer experience count?

3 days ago

I am new to IT certificate world, I have 3 questions that have not found on google yet or not sure: I am a Software Developer in a NGFW Router company that works on cybersecurity related work(Certificate, TLS, FIPS-CC). I think I am working on 2 of 8 dom ...

How to know if an Amazon AWS server is safe or not?

3 days ago

I see connections to Amazon AWS servers, and since everyone can register servers on Amazon, how do I know if my PC communicating with a safe Amazon server, or with a server which a hacker registered? If I search for the IP, all I can see is that it belong ...

How to encrypt a file that only "unlocks" after a day?

3 days ago

I'm addicted to this game, and while I don't want to delete it, I want to be able to encrypt/lock it in a way where the decrypting/unlocking takes a day, and ideally during that day I can cancel the decryption process (hopefully by that time my urges stop ...

Getting started with sn1per scanning

3 days ago

I just pulled down the repository for an elite penetration testing tool call sn1per I want to use this tool to scan a list of websites. My goal is to automate the steps of a manual penetration test. Any help with this would be greatly appreciated. The ste ...

Why my kali linux machine see removed repositories on update

3 days ago

This is my sources.list: deb https://http.kali.org/kal
i kali-rolling main non-free contrib deb http://security.kali.
org/kali-security kali/updates main contrib non-free But when I do an update it see repositories I have removed like this: Ignorato:1 ht ...

How do I fix Discord Rate Limit error for discord.py?

3 days ago

I keep getting a discord rate limit for one of my bots but I'm not sure where my code is sending multiple requests to the server. Does anyone know where in my code I might be sending an exceeding amount of requests? If so how could I change my code? # Imp ...

Is SMS a secure authentication method?

3 days ago

I’ve seen many HN comments bashing on SMS being insecure. But WhatsApp and signal both use it as their primary authentication method so it can’t be that bad? Why is it bad? What attacks are it susceptible to?

Decrypt Files Encrypted with EasyLock EndPointProtector Client?

3 days ago

I need to transfer a file from my work macbook pro to my personal windows laptop via a USB stick. My work laptop only allows USB encrypted with easylock endpoint protector client to be writable. So i set a generic password like 123456 and let the easylock ...

Metasploit - Exploit completed, but no session was created

4 days ago

Hello I'm using Metasploit versus Metasploitable2 VM. I'm trying the following exploit: multi/http/php_c
gi_arg_injection That should works for the php version in use. The exploits seems to works but I don't get any reverse meterpreter tcp shell [*] Start ...

Social Engineering Attacks and Identify Impersonation through Facebook

4 days ago

I am still new in cyber security and social engineering based hacking. If someone can access your Facebook account without you getting any notifications and send false messages Impersonating your Facebook friends, what kind of hacking is that?

Able to log into Facebook with the wrong email address [duplicate]

4 days ago

I was able to log into my Facebook with the incorrect spelling of my email address. I think this might mean my Wi-Fi is hacked or is this a random Facebook issue?

Wrong email address login

4 days ago

I was able to log into my Facebook with the incorrect spelling of my email address. I think this might mean my Wi-Fi is hacked or is this a random Facebook issue?

Is it dangerous to share the internet with a hacked phone?

4 days ago

I'm sharing my hacked phone's Wifi connection with tethering, so my data travels trough it from my PC. I'm using VPN both on PC, and phone. My phone(facebook account, camera) got hacked, but I made a factory reset, and changed my passwords. I'm using fire ...

GnuPG: gpa.exe hungs when click on "smartcards" AND scdaemon cannot recognise SC-HSM

4 days ago

I am tring it get GnuPG to work with my SmartCard-HSM 4K on Windows, using the GP4Win bundle. Kleopatra doesn't recognise the SC-HSM 4K at all, even though, it DOES recognise the YubiKey 5 NFC in BOTH PIV and Openpgp Card apps. When trying to use the GPA. ...

Resource for Cross site scripting

4 days ago

Having issues in finding cross site scripting. I need some best resource for learning cross site scripting (xss)

Does Cache-Control: no-cache="Set-Cookie
, Set-Cookie2" actually prevent caching cookies?

4 days ago

This OWASP recommendation says: it is highly recommended to use the Cache-Control: no-cache="Set-Cookie
, Set-Cookie2" directive, to allow web clients to cache everything except the session ID But the mozilla docs say The no-cache response directive ind ...

BeeBox on VirtualBox cannot connect to server

4 days ago

Hello I have BeeBox running on a VirtualBox Machine, but when I try to connect to the IP of the machine from the browser of my host computer I cannot connect to it. How can I solve it? So how can I setup bee-box so I can see the bee-box server? Thank you!

Find other addresses with libc address

4 days ago

TLDR: With PIE and ASLR enabled, am i able to calculate the base address of other parts of an x64 elf binary (e.g data segment, stack) if i know the base address of libc? ------- Hi, I'm looking at an x64 elf binary with ASLR, PIE, and NX constraints. I h ...

Changing encryption scheme utilized in GNU Privacy Guard (GPG)

4 days ago

I am currently trying to implement my own cryptographic IBE scheme within GPG. I understand that rolling one's own crypto is frowned upon, yet, this is for research purposes only. Is there an easy method of implementation within GPG to add my custom encry ...

Is it possible to get xss in json body request?

4 days ago

I was doing a VAPT assessment in which I see some JSON body in the request which has orgid deviceid So there any possibility to get XSS in json body?

Can a plain text email contain XSS injection?

4 days ago

We need to send a plain text email with user-specified input. For example, if a user is an attacker a plain text email can contain alert(1) It looks like mail clients should treat it just as plain text and it shouldn't pose any threat to end recipients. ...

Best practices for GPG user ids and mail extensions / catch-all addresses

4 days ago

Assuming I want to use different mail addresses for different purposes and using either a catch-all configuration (*@example.com) or mail extensions (e.g. me+*@example.com) (where * can be replaced with anything). But for simplicity and because of using a ...

How to disable the wired connection

4 days ago

I want to keep my macbook from going online. I know how to disable wifi. Can I prevent my macbook from connecting to the internet if a LAN cable is plugged into it?

how to know CVE affects which Jar/artifact?

4 days ago

When I'm trying to anaylze CVEs to detect which jars are affected by the CVE, I getg confused. let's take as an exmaple this CVE: CVE-2022-22978 in the description: "In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestM ...

No results in airodump-ng check for access points

4 days ago

I tried to get aircrack-ng running but to no avail on a native ubuntu machine. There are no problems with wifi in normal usage. I used these steps: sudo apt-get update sudo apt-get install -y aircrack-ng sudo airmon-ng check kill multiple times until no ...

what are some techniques to make a strong password [duplicate]

4 days ago

Is there any techniques that I can follow in order to make a strong password that I can´t forget? And is there some secure places where I can keep these passwords?

Examples of private key leakage / compromised keypair resulting in certificate revocation

4 days ago

I am looking for some examples of private key leakage or compromised keypair (via insider attack, configuration mistake, etc.) that lead to certificate revocation. I am particularly looking for cases when CA was compromised but can also use info on leaf c ...

Monitoring and ensuring good behaviour from allowed connections

5 days ago

I have a need to whitelist two sets of 0/23 IPs (which could amount to approx 1200 IPs) along with 10,000-20,000 ports (UDP). We have historically never done it and feel very uncomfortable doing so. Is there anything we can do to feel secure from a risk a ...

Whitelist a large range of IP address including Ports

5 days ago

I have a need to whitelist two sets of 0/23 IPs (which could amount to approx 1200 IPs) along with 10,000-20,000 ports (UDP). We have historically never done it and feel very uncomfortable doing so. Is there anything we can do to feel secure from a risk a ...

How to whitelist only a few URLs to make API calls at client site?

5 days ago

So, we recently launched our website, and things are going great so far. But since last night we have seen that some end-users browsers are making calls to strange URLs. We don't know how or why the browser makes those calls. Our guess is that the user's ...

How to exploit and fix dependency vulnerabilities?

5 days ago

I have a vulnerability scanner than detected a security vulnerability in a particular package. Let's call it package "[email protected]". [email protected] is used by other dependencies, such as this: [email protected] > [email protected] > [email protected] > [email protected] Typically there's a recommended version upgrade ...

Retrieve list of trusted server public keys during an application run

5 days ago

I'm trying to implement a mechanism that allows me to maintain a list of SSL server certificate public keys that have been verified as trusted during an application run time. For example: Application makes an HTTP request to a server SSL handshake takes ...

openssl cross-sign non-self signed certificate

5 days ago

I want to cross-sign a third-party certificate (third-party-client.crt) with my own root ca (r1). To do this, I use openssl x509 -in third-party-client.crt -CA /etc/pki/r1/ca.crt -CAkey /etc/pki/r1/private/ca.ke
y -out third-party-client-cross-
signed.crt - ...

apps were opening on their own while i was gone for a while

5 days ago

im not so tech savvy so i'll try and explain my situation. when i always open my laptop it has this wierd opening popup of a couple cmds and dissapears rather quickly, i never thought about it since i didnt know what it did. now after a while i was gone f ...

Unknown localhost connections: Is this indication of continued compromise of device?

5 days ago

I have a stalker, and six months ago, he got my someone to evil maid my devices with a USB stick that person had borrowed (which then took me three months to discover). This attack appeared to have rootkit'ed my devices with a VM level rootkit. Currently, ...

Can't authenticate SpiderFoot on Kali Linux

5 days ago

I'm new to SpiderFoot tool and I have Kali Linux on my system and want to use SpiderFoot that has installed by default, for the first time. But I get an error: Warning: passwd file contains no passwords. Authentication disabled. Please consider adding aut ...

How to generate an expired key with gpg?

5 days ago

For testing purposes, I need a PGP key for a specific uid that has already expired. Using gpg --full-generate-key only gives me the following options: Please specify how long the key should be valid. 0 = key does not expire = key expires ...

Why did Microsoft publish the CPassword AES key ca. 2012?

5 days ago

As outlined in Security Bulletin MS14-025, Microsoft acknowledges the way credentials had been stored in the group policy field "CPassword" is insecure and is not to be trusted any more. However according to their own Developer Documentation, they themsel ...

Is CSRF token vulnerable if CORS is enabled?

5 days ago

Let's analyze the following scenario: User authenticates with session cookie I have CORS enabled (like Access-Control-Allow-Orig
in: * - header) I use CSRF Token to prevent CSRF attacks and I include it in HTML document's body Is it possible to perform C ...

whois, nslookup, recon-ng are Active or Passive recon? [closed]

5 days ago

Is whois, nslookup, recon-ng a form of Active reconnaissance or Passive reconnaissance?

Why is Edge reading WinSCP?

5 days ago

This was a fresh VM with msedge and winscp,why is msedge making a readoperation on winscp

Output of an OGNL attack

6 days ago

Say an attacker sends a malicious request to the following path in order to execute remote code as part of OGNL injection attack: /${Class.forName(
"").getMethod(&
quot;getResponse",nu
ll).invoke(null,null).set
Header("X-COD",
Class.forName("javax
.script.ScriptEngi ...

Need a cross-platform method of generating near truly random numbers

6 days ago

I have been working on an app that uses a combination of different encryption methods; some of them are libraries, and the most important ones are my own implementations. The app is cross-platform that are compiled natively on desktop (Linux, Windows, Mac ...

Should a standard user in a AD domain be able to open cmd prompt as Administrator?

6 days ago

I was given a standard non-admin user and a workstation to perform internal pentest assessment. To my surprise, I was able to open cmd prompt as administrator, use psexec and gain a SYSTEM shell giving me local admin access. Is it normal to let standard u ...

Have there been duplicate IMEI numbers?

6 days ago

Have there ever been reported cases of duplicate IMEI numbers, whether un-intentional or deliberate? Link to the Wikipedia description of the IMEI number or International Mobile Equipment Identity number

Showing non security events in a timeline graph

6 days ago

Question to all Incident Response Practitioners, I am trying to show a series of events from different platforms in a timeline graph to establish the activity of an object (login events, alerts etc.) across various security tools. Say I was looking back ...

Use a remote certificate (on other computer) for mTLS transaction

6 days ago

I have an USB Token (brand 3SKey) containing a certificate "C" with its private key stuck on a machine "A". The certificate is obviously not exportable and I'm not interest into using 3rd party tools to try to extract it. This certificate is used exclusiv ...

Storing Anti-CSRF token in cookie with samesite=strict

6 days ago

The (anti) CSRF Token should protect user from executing a action on the website by clicking a link or a form that is created by an attacker. In the application that I want to secure I can't use an existing framework and I can't use html forms everywhere ...

Using `react-oidc-context` and storing the `access_token` and `refresh_token` together

6 days ago

I am looking for a "best practises" approach for creating SPAs protected using OIDC + PKCE. Most of our applications are hosted on two independent web servers with a load balancer routing requests to them in a round-robin configuration. Our SPAs are almos ...

TOTP code with unicode character?

6 days ago

I was signing up for an app for a credit card I have and I encountered an SMS 2FA format I had never seen before. The code was 47φ[3/5] - that is two digits then capital Phi then the fraction three-fifths. To input there were on-screen buttons, 0 to 9 th ...

TOTP code though unicode character?

6 days ago

I was signing up for an app for a credit card I have and I encountered an SMS 2FA format I had never seen before. The code was 47φ[3/5] - that is two digits then capital Phi then the fraction three-fifths. To input there were on-screen buttons, 0 to 9 th ...

TFA security though emoji

6 days ago

I was signing up for an app for a credit card I have and I encountered an SMS TFA format I had never seen before. The code was 47φ[3/5] - that is two digits then capital Phi then the fraction three-fifths. To input there were on-screen buttons, 0 to 9 th ...

Is there any difference between circuit vs application level gateway except that one operates in layer 3 and another at layer 7 of OSI model?

6 days ago

Question#1 whitewinterw
olf answer says the circuit level gateway CHANGES the source ip address of outgoing packet(from the internal network point of view). Two different TCP connection are formed, inbound and outbound. Question#2 I didn't get what A ...

What is CA response after giving them the CSR?

6 days ago

I'm trying to understand the logical flow of SSL certificate. Suppose I have a website running on a machine. I generate a CSR file that contains information (e.g. common name, organization, country, ...) and my public key, so I sign those with my Private ...

How to notify administrators of an Active Directory pwd change?

6 days ago

I don't know much about AD or Windows security. As in this question, I understand that pwd change notification can be useful for both users and for system administrators. As an AD administrator on Windows Server 2012 R2, can I configure the system to noti ...

Fastest way to brute force SSH

1 week ago

Hi guys I'm doing a CTF on vulnhub and I need to brute force SSH, I've got 6 usernames and 15.000.000 passwords to try so I'm brute forcing with hydra by running hydra -L users.txt -P $LIST/rockyou.txt -t 64 -o hydra_bruteforce.txt ssh://grotesque2 but i ...

Can anyone decrypt this or tell me how?

1 week ago

N m K m j T triumph guy will e💚🗡🧬🏰🏈🥣
🛴🏍k CC B get Ty V bb

Rop With Null Bytes

1 week ago

I'm running into a challenge where I have control over the return address and the base pointer through my input, however the program null byte terminates and the addressing scheme only takes up 6 bytes. I'm using leave gadget to control the stack pointer ...

User supplied response headers/body?

1 week ago

I'm trying to build a simple, public facing, mock/placeholder API service. As in the user can create a mock API response for a given URL on my site, mysite.com/abc123, and then they can make HTTP requests to that URL and receive their supplied response fo ...

Why is OIDC more secure than oauth2?

1 week ago

If oauth2 is used with the state parameter (I know it's not required by the standard), wouldn't this ensure freshness, i.e. that authentication just happeneded ? What additional security can OIDC bring ?