security.didici.cc

Network level attacks for pentesting

50 minutes ago

Reading about the KRACK attack, I'm curious about what kinds of network-level attacks have been discovered over the years. What kind of network level attacks do you use during a pentest? How effective are these attacks? What tools do you use? Any links/r ...

stuxnet: why did Iran use Windows?

1 hour ago

I don't understand why these companies/places that should have high security standards use Windows. The only reason would be that it is a system requirement for some software or hardware. But in these cases they should demand it to also work on linux. wh ...

Android Emulator for Security Testing

1 hour ago

Is there is a good android emulator image for security testing? I have been using Nathan, but it uses pretty old version of Android and is x86 only for now. Are there any alternatives?

Why wasn't the KRACK exploit discovered sooner?

2 hours ago

From what I've read, the issue is as simple as performing step 3 of a 4-step handshake and the consequences of performing that step more than once. Considering the complexity of these kinds of algorithms, I'm somewhat surprised that it is so 'simple' of a ...

Is private key encryption to verify identity a weakness?

2 hours ago

I'm trying to learn about cryptography and have discovered that you can use asymmetric key encryption to verify your identity by encrypting something with your private key, but isn't that a security vulnerability? This how I understand it: * Users: A, B ...

Would putting a HTTP proxy in front of Server 2003 mitigate some risk?

2 hours ago

Lets "pretend" someone out there is still running a Windows Server 2003 IIS servers with web sites on them that aren't going to be migrated by their owners anytime soon. As some form of mitigation I am considering putting a Apache/NGINX web server in fro ...

Does VPN protect against KRACK?

3 hours ago

I wonder if using VPN protects against KRACK? How does this work? How can it be bypassed? I use commercial VPN on the laptop and on Android.

Trying to tunnel a reverse shell out of an internal network

3 hours ago

I am practicing performing a pentest and getting stuck trying to get an interactive reverse shell from an internal machine to my attacker machine. This is what I have done so far: Me(attacker): 67.67.67.67 (some public ip) Web app (victim): 68.68.68.68 ...

For which key length (as a function of file size) is a XOR cipher considered as safe?

4 hours ago

It is well-known that, doing a XOR of a file against a short key is highly insecure encryption (can be broken with frequency analysis). But if the length of the key is equal to (or has same order of magnitude than) the length of the file to be encrypted, ...

Using old Android devices (as far back as Kitkat)

5 hours ago

Are there any precautions or protocols to be followed when using older (abandoned) Android devices. Do not use bluetooth? Do not connect to open(no WPA2) WIFI spots? Use web-based services over applications?

Account Hijacking question for a Sci-fi project

5 hours ago

I'm sorry if this is an anomalous question and I hope you do not feel like I'm wasting your time, but I am writing a small novel (just for entertainment, I'm pretty aware that I'm not a real writer) and I would need a little bit of technical advice to mak ...

Diffie Hellman Group Matching to IPSec Encryption Algorithm

5 hours ago

I'm looking for help determining acceptable Diffie Hellman (DH) Groups for specific IPSec IKE and ESP Encryption Algorithms. The goal is to choose DH groups that provide adequate protection for the keys to be used by selected Encryption Algorithms while a ...

GDPR and PII Greyarea

5 hours ago

With the impending GDPR changes I see a lot of hysteria, some of it justified as it is a major change but a lot of it seems to be scare mongering. This particular scenario came up as a topic of discussion in our company recently. I would like to know yo ...

Potential issues allowing users to set any URL as web hook

5 hours ago

Ok so I’m still in the planning stage so this may not be fully fleshed out, but I’m working on a SaaS project. Part of which allows users (customers of my SaaS) to configure my API to watch for events and respond in a preconfigured way. One response i ...

Designing CP and CPS for multiple hierarchical CAs

5 hours ago

I am thinking about how to design and structure CP and CPS for multiple CAs build in a hierarchical manner and compliant to RFC 3647. The structure of CAs in build from one Root CA to multiple subordinate CAs each serving different PKI service and certif ...

Why not using National Id of each person as his/her username on every database?

6 hours ago

Everyday we visit many websites, including our university's website, maybe google, yahoo, etc. But on each of them, we have a unique username, while each person in a country can have a "national code" such that no person share a code. So, They can use the ...

pass the hash via psexec from windows server 2012 ( DC ) to client

6 hours ago

i am try to do some pentest's traning on my local labs i create a lap has 3 pc's servers ( windows 2012 r2 ) and 2 windows 7 + 8 i add the both to the domain controller then i try to use psexec tool to connect to both via this command : PsExec.exe \1 ...

KRACK Attack vs sniffing

6 hours ago

Trying to learn.... The ultimate difference between the vulnerability outlined in the answer posted here and KRACK attack is that with KRACK attack, the attacker does not need the AP pass phrase?

Removing suspect MITM certificate while only knowing Date Issued?

6 hours ago

A Blue Coat type of certificate was added to my personal PC to access a business network which I could trust at the time, but I don't trust the certificate issuer (Blue Coat) in general and don't necessarily trust that network all the time. Problem is, I' ...

To sufficiently protect against KRACK is patching the client, the AP, or both, required?

7 hours ago

Following on from this question, I am unclear on which of the following steps are sufficient to protect a WPA2-based wifi connection from the KRACK flaw: Patching the AP (e.g. router) Patching the client (e.g. mobile device) Patching the AP and the clien ...

Apache 2.4 log question

7 hours ago

Documentation for Apache 2.4 states that: Anyone who can write to the directory where Apache httpd is writing a log file can almost certainly gain access to the uid that the server is started as, which is normally root. By "the directory where Apach ...

Is it reasonable to have the software hold something that the user can't tamper with?

8 hours ago

I want to create a piece of software that will hold some information, the program works offline and I want to make sure that information can't be tampered with. The program can create or alter it's information at any point. I thought about having the pro ...

SSD Erasure verification

8 hours ago

I was hoping someone would be able to give some advise on what would be the best way to verify that an SSD has been erased completely. We are currently using Blancco v5 and even though it says it has been successful is there a way to manually check the SS ...

How would encrypted search engine work, a search engine where it doesn't know what was searched for

8 hours ago

I took course on cryptography on coursera, and the instructor said that it's possible to create search engine as so that even search engine wont know what you searched for but it will be able to find results. i can think of one way but that's just unreal ...

How can I make sure that I have the correct root certificate in my browser?

9 hours ago

How can I make sure that the root certificate in my browser (say VeriSign) is correct and is what it actually should be? I found that the root certificate information is available here. But what if the site is compromised as well and the fingerprint is m ...

Breaking into a vulnerable server

9 hours ago

I have the IP address of a server that I MUST get into. Services that are open are SSH on port 22, x11 on port 6001, and bitcoind on port 8333. Security was never fully completed by my c-worker but we're unsure of whether root access is still there. I ...

Fedora 3 Disable Address Randomization

9 hours ago

I want to disable address space layout randomization on my Fedora 3 virtual machine. I tried to go to /proc/sys/kernel/randomiz
e_va_space. Unlike normal Linux machine, such a file doesn't exist on Fedora 3. How do I disable ASLR for Fedora 3? Is the conf ...

DMARC policy result when exactly one of SPF and DKIM fails and exactly one succeeds

9 hours ago

E-mail forwarding can break SPF, but it should not break DKIM. I want to make a DMARC policy that will evaluate to "pass" when either DKIM or SPF passes, and "fail" when neither DKIM or SPF passes. Is this possible? If so, how is this done? I'm trying ...

Spoofed number sending threats to students. Can it be traced to sender?

9 hours ago

A SMS message was sent to several students at my son's school claiming to be my son stating that he was going to shoot up the school. My family didn't receive this message but I have the phone number it was sent from. I did a reverse lookup of the numbe ...

How to securely print private key and protect against attacks on printer itself?

9 hours ago

The question is in the title, but below are my thoughts on this. As we know there are various possible attacks on printer, so it is not very secure to print high security things like private keys for bitcoin/gpg/etc. on random printer. What I'm mostly c ...

KRACK: How does a nonce reset allow for decryption?

10 hours ago

I'm sure that by now most InfoSec-lovers have heard about KRACK. If you haven't, check out this great explaination by a fellow StackExchanger. It's a new attack on WPA2 which allows for decryption and forging of packets in certain (and certainly quite ...

How does a nonce reset allow for decryption?

10 hours ago

I'm sure that by now most InfoSec-lovers have heard about KRACK. If you haven't, check out this great explaination by a fellow StackExchanger. It's a new attack on WPA2 which allows for decryption and forging of packets in certain (and certainly quite ...

krack attack on access point

10 hours ago

I could not understand from the KRACK paper and site if access points are vulnerable or the attack is a client side attack? Can patching the AP mitigate all attacks?

How do i verify a banks contact number is correct?

10 hours ago

You will often get contact numbers for banks online or through other people, even on the back of your cards. How can one verify whether a number is genuine? For it seems to me that it should be easy to send specific emails/voice messages saying call bac ...

Can a hacked torrent client be used to prevent others from torrenting?

12 hours ago

Many pirated game/movie torrents these days have seed boxes which are basically dedicated servers for seeding. I was wondering if leech boxes can be set up by the publishers to delay the torrenting of games. The speed of download of torrent is determine ...

Calculating Modulus when primes are known in rsa

12 hours ago

I am implementing RSA using fpga.I tried to calculate modulus by direct multiplier using generation statements.But my board resources are not sufficient,So any help with the implementation would be of great help.

SSH protocol banner is a kind of DOS?

12 hours ago

In my test environment with Python script I generate on a target server: SSHException: Error reading SSH protocol banner simply opening/closing a sufficient number of ssh connection. Is it classified as a DOS attack against sshd?

What is the best way to represent heavy hash decryption for a hacker movie?

13 hours ago

As a school project, I'm making a video about hackers across the time and there is this one scene where my character enter a big hashed key in a linux based terminal and I need to visually represent the fact that this key is being decrytped. So, what I'm ...

Key Reinstallation Attacks (KRACKs) against WPA2, protocol weakness

14 hours ago

I just read about a new weaknesses in the WPA2 protocol called KRACKs. The authors of the paper says that they will release scripts that can be used to test if a network is exploitable when they have time. I would like to test this against clients right n ...

Are there any detection scripts available for WPA2 Key Reinstallation Attacks (KRACKs)?

14 hours ago

I just read about a new weaknesses in the WPA2 protocol called KRACKs. The authors of the paper says that they will release scripts that can be used to test if a network is exploitable when they have time. I would like to test this against clients right n ...

Consequences of the new Wireless Krack Attack

14 hours ago

Today new research was published on vulnerabilities in Wireless network security called Krack . What are the real-world consequences of these attacks for users and owners of wireless networks, what can an attacker actually do to you? Also is there anyth ...

Consequences of the WPA2 KRACK attack

14 hours ago

Today new research was published on vulnerabilities in wireless network security called Krack. What are the real-world consequences of these attacks for users and owners of wireless networks, what can an attacker actually do to you? Also is there anythi ...

Securise old (big) ecommerce website from XSS

15 hours ago

I'm working for an ecommerce website written in C#.net (no CMS used, quite a lot of code) where security hasn't been a priority for a long time. My mission right now is to find and fix XSS breach. There is a lot of non-filtered data written directly in t ...

Secure big, old ecommerce website from XSS?

15 hours ago

I'm working for an ecommerce website written in C#.net (no CMS used, quite a lot of code) where security hasn't been a priority for a long time. My mission right now is to find and fix any XSS breaches. There is a lot of non-filtered data written directly ...

Can a corporate proxy intercept HTTPS traffic if it doesn't control the certificate store?

15 hours ago

Can a corporate proxy intercept HTTPS traffic if it doesn't control the certificate store? I sometimes connect my personal devices through the corporate wifi, and I've thought about it, if I'm on a secured website with a certificate chain that shows no we ...

Using someone else product key from cracked site of the software on retail CD installing?

15 hours ago

If you use product key from pirate site on retail download does that effect the software on being hacked or etc if other people already hacked same software from different cd source or computer? Will it effect your copy of the software you download and in ...

Understanding certificate basic

15 hours ago

Please, correct my understanding about certificates. Bob's public certificate consists of: Bobs ID Bobs public key Hash of information above Hash, encrypted with CA private key. Recipient uses certificate in order to know Bob's public key that wil ...

Security of a sessionID stored in a div in the page source

16 hours ago

I've just come across a web application that appears to store my current sessionID in form of a div element, which is not displayed on the web page. This is an odd method, but to be honest I don't see an actual security risk there. Am I missing something ...

How to encrypt cookies in Xamarin

16 hours ago

I have a Xamarin application which creates a few files in /data/data/my.app.com/app
_webview after using it. The problem is that the cookies file is a file which contains session cookies. According to the OWASP top 10 Mobile, this is not secure. How ...

iis 7.5 dont let to use stream cipher!

17 hours ago

internet information services 7.5 in windows 7 don't let me to use stream cipher, when i change local group policy to force using stream cipher or using GCM mode that work like stream cipher, iis page can not be load by any browser that i try, even when i ...

Understand dmarc report and how when to start prod

18 hours ago

I work for a small company. We have lot of IP black listed because of spamming. We decided to setup dmarc for our mail server. This has been setup and is working correctly. The issue now is that in the report, few record pass dmarc policy and something it ...

Understand DMARC report before starting quarantine

18 hours ago

I work for a small company. We have lot of IP black listed because of spamming. We decided to setup dmarc for our mail server. This has been setup and is working correctly. The issue now is that in the report, few record pass dmarc policy and something it ...

Strange internet connection problem

18 hours ago

I have a business partner in China. I need connect to their server (in China) from time to time. In recent several months something I don't understand happened. I cannot connect to the server if I use computers with internet cable, but the server is acces ...

Privacy concerns with the iOS Freedom app

1 day ago

Could the owners of the iOS Freedom app be snooping on its users, seeing what sites they browse or even what info they send or receive? I would really like to use this productivity enhancing app, but I am afraid that there might be some privacy concerns ...

When using HTTPS, which part of domain is revealed to ISP?

1 day ago

Let's say you are visiting "https://57vdyr6tyui
bgyoihp.blogspot.com"
;. Does ISP see only "blogspot.com" part? Or the entire "57vdyr6tyuibgyoihp.
blogspot.com"?

what is the solution for each part?

1 day ago

Consider DES encryption using 64bits plain text block and 56bits key. Suppose you are required to encrypt the text Security using the 56 bits key 0100010 0110000 0001101 0111101 1100100 1110110 0010000 1111111 a. Show how the first round sub-key can be de ...

Whitelist Application And Protocol For Servers

1 day ago

My problem I am looking for an application which runs on Windows Server 2012 for security reasons. Our server began attacked on many protocols. They are trying brute force attacks with very weak passwords. It is just annoying and just slowes down the ser ...

Whitelist Application For Windows Server 2012

1 day ago

My problem I am looking for an application which runs on Windows Server 2012 for security reasons. Our server began attacked on many protocols. They are trying brute force attacks with very weak passwords. It is just annoying and just slowes down the ser ...

Why is Google using Local File Inclusion and Directory Traversal attempts on my site

1 day ago

If have a firewall on my wordpress site and it has blocked Google from attempting both Local File Inclusion and Directory Traversal attempts. Why would Google be doing this? United States Mountain View, United States was blocked by firewall for Dire ...

What category of anonymity do onion routing and blockchains afford?

1 day ago

My understanding is that a strict definition of anonymity means that deducing an identity is logically impossible, or mathematically infeasible (P vs NP). Tor, and other onion routers, do not promise this kind of anonymity. With enough effort (and contro ...

Do browsers and tools send `SNI` field by default connecting to https endpoints?

1 day ago

I am setting up HaProxy for https in passthrough (tcp) mode without SSL/TLS termination. I want to be able to route traffic to different backends based on hostname requested by a client. From HaProxy documentation I learned that there is unencrypted SNI ...

Android screen lock vs device encryption

1 day ago

I know the basic idea that device encryption would encrypt all data and decrypt it on the fly as it is used when authorised. However i do not know how this makes phone more secure than s standard screen lock ? Device encryption asks me a password at st ...

Scrambling a salted password before hashing. Good idea or unnecessary?

1 day ago

I'm updating a legacy classic ASP site and I need to store passwords, so naturally I'm being a bit over cautious about how to go about this given the limitations of Classic ASP. I'm using both a salt and a pepper (the pepper is a constant stored on the s ...

How to interprete this statement against RSA4096

1 day ago

While I'd agree that double-sized RSA keys may pose more problems than the gain in security possibly justifies, I am having problems understanding the argument made here: https://gnupg.org/f
aq/gnupg-faq.html#please_
use_ecc They state that RSA2048 corresp ...

How to interpret this statement against 4096-bit RSA

1 day ago

While I'd agree that double-sized RSA keys may pose more problems than the gain in security possibly justifies, I am having problems understanding the argument made here: https://gnupg.org/f
aq/gnupg-faq.html#please_
use_ecc They state that RSA2048 corresp ...

How can I download DarkComet?

1 day ago

I was wondering how can I download DarkComet. Please link me a safe website with a download for it. I have looked at DarkComet.net but I am unsure if it is real or not. Thanks -Marcus

How can I generate securely paper bitcoin wallet?

1 day ago

I don't want to use bitcoin wallet on some garbage websites or using some unknown desktop tools for my wallet, so I want to generate paper wallet in a secure way. How can I achieve that?

Can decrypt with public if encrypted with private key?

1 day ago

Trying understand principal of asymmetric encryption. Have read in book: One key is completely public and can be read and used by everyone. The other part is private and should never be shared with someone else. When you encrypt something with the ...

Can data be decrypt with the public key if encrypted with the private key?

1 day ago

I am trying to understand the principels of asymmetric encryption, and have read the following in a book: One key is completely public and can be read and used by everyone. The other part is private and should never be shared with someone else. Wh ...

Can data be decrypted with the public key if encrypted with the private key? [duplicate]

1 day ago

This question already has an answer here: Encrypt with private and decrypt with public 2 answers I am trying to understand the principles of asymmetric ...

How to identify forum contributors by their grammatical characteristics?

1 day ago

The advantage of such an identification is that there is no defense against it. All browser fingerprinting, different IP hiding technologies will fail if the forum contributors are identified by their text. Until the same person wrote the text, from who ...

An unknown website with malware?

1 day ago

Accidentally clicking megasecurity org some says it is a collection database for malwares is it safe? Checked at kapersky says it safe but it is full of malware database so anyone ever had an encounter with this site?

Accidentally visited a malware database site

1 day ago

I accidentally clicked a link to megasecurity.org. Some say it is a database for malware. Is it safe to visit? I checked, and Kapersky says it's safe. Has anyone ever had an encounter with this site?

Why did RFC 4158 (Path Building) restrict Trust Anchors to self-signed certificates?

1 day ago

I'm having trouble using Wget to download a file over HTTPS from ftp.gnu.org using the Let's Encrypt X3 root. The Let's Encrypt X3 is cross-certified, which means it has an issuer and its not self-signed. When using Let's Encrypt X3, Wget is failing with ...

How exploited is a QRCode in a login system?

1 day ago

I'm taking a CTF challenge on a web service. The goal is to gather the most information possible of a user. I have access to it's login and password, but password is expired and the account must be recovered by uploading a QRcode to the website. No other ...

Seeing SSL requests in unencrypted form from a remote client

1 day ago

I was wondering how I could be able to see SSL requests in an unencrypted form from remote clients (specifically, my phone). I heard that you are supposed to use CA certificates, but how would I generate one from the Linux command line that works for all ...

New files appearing on my web server (I did not create)

2 days ago

I recently had a keylogger on my computer recording usernames and passwords including their respective web addresses. I have changed all my passwords however on my web hosting account, in the FTP, there are numerous copies of the same exact file. For exam ...

How does iOS 11 apps identify me despite app reinstalls?

2 days ago

I've recently reinstalled Pinterest on my iPhone and noticed I was logged in right from the start without even asking me for my username/password, so it must've somehow kept some data on my phone despite the app uninstall/reinstall. I checked the obvious ...

How do iOS 11 apps identify me despite app reinstalls?

2 days ago

I've recently reinstalled Pinterest on my iPhone and noticed I was logged in right from the start without even asking me for my username/password, so it must've somehow kept some data on my phone despite the app uninstall/reinstall. I checked the obvious ...

Dmitry : Socket Connection Error

2 days ago

Whenever I use Dmitry, I get an Socket Connect Error followed by ERROR: Failed to connect Inetwhois server ...... Also, Whenever I use ping command it doesn't give any data 100% packet loss although I am connected to the internet.

CECPQ1 key exchange functionality

2 days ago

CECPQ1 (combined elliptic Curve and Post-Quantum Cryptography Key Exchange) is a new key exhange developed by google, which combine X25519 with NewHope (elliptic Curve KE + Post-quantum KE). Google has implemented CECPQ1 in boringSSL But there isn't a d ...

How to get the statistics of users downloading the attachment in a phishing mail during a social engineering campaign test?

2 days ago

I have to do a social engineering test for a friend's small company. He wants to know how many people opened the mail and then downloaded the attachment. How can I do that? The file can be anything- pdf,excel or doc. We do not want to send any malicious e ...

How to get the statistics of users opening the attachment in a phishing mail during a social engineering campaign test?

2 days ago

I have to do a social engineering test for a friend's small company. He wants to know how many people opened the mail and then opened the attachment. How can I do that? The file can be anything- pdf,excel or doc. We do not want to send any malicious exe f ...

Cable subscriber ID

2 days ago

In order to find my personal details from my public IP (which resolves to a cable connection to a NATted box) must the attacker obtain them from the ISP or is there some other way, other than hacking through the box?

DNS leak with proxychains and firefox

2 days ago

When using firefox with proxychains - (default configuration file with tor: socks4 127.0.0.1 9050) and checking on dnsleaktest.com, the original lookup returns the proxied IP, but when performing an extended search it shows the original IP/location. Do ...

How "safe" is it to set up my email on IMAP without SSL? i.e. is SSL option essential when setting up my IMAP mail client?

2 days ago

I have to set up my mail client to check my emails on iOs. However, for some reason, I am unable to use the SSL option (for mail server login) ... I want to know if it is "safe" for me to opt for the non-SSL login option?

How "safe" is it to set up my email on IMAP without SSL?

2 days ago

I have to set up my mail client to check my emails on iOs. However, for some reason, I am unable to use the SSL option (for mail server login) ... I want to know if it is "safe" for me to opt for the non-SSL login option?

When generating PKI key pair with a smart card, who decides if the key is exportable?

2 days ago

I'm in the process of obtaining a code signing certificate from a CA that requires the use of a smart card for the generation of the PKI key pair. However, I would like to be in the possession of the private key, and not depend on a physical device. So h ...

Approaches to cracking an encrypted zip file

2 days ago

I'm taking part in a capture-the-flag exercise; the level of difficulty is competent, but non-expert. I'm not a security practitioner, but I do have a development background and a reasonable knowledge of standard tools and techniques. One task involves ...

Cyberroam Firewall

2 days ago

In my University, the network is protected by Cyberroam Firewall and we are provided a login page through which we access internet and the login page isn't secured.It sends out the userid and password unencrypted in the network. From past few days, someon ...

What exploit is the October 2017 Facebook messenger video using?

2 days ago

There is currently a Facebook virus going around - where a user will receive a message from a friend directing them to a fake YouTube video. The when the user clicks through the virus is then sent to their friends. News article about this :http://www.ne ...

is extern variable usage is danger in c?

2 days ago

most of the coding standards don't suggest use "Extern", is there any flaw with using "Extern" keyword with declaration. MISRA won't suggest to use "Extern" variables, i would like to know what is there reason behind usage of "Extern" is omitted, is the ...

About virusshare.com Android malware sample

2 days ago

Virus share.com contains malware data set but they does not specifying the information of data set . i have downloaded malware data set for android . I am not able to open it can someone help ?

Can Carbon black monitor hardware changes?

2 days ago

Most information I found is rather marketing, Does anybody have real experience - Can Carbon black help in detecting hardware changes, in particular adding HDD? https://www.carbonb
lack.com/products/cb-prot
ection/

AutoScripting for Windows Cmd shell when session start

2 days ago

i use Kali linux and use metasploit latest version. I know autoscripting with meterpreter payload. But i need to know how to do it with shell/bind_tcp payload. I want to write script for when exploit is complated and command shell is opened doit this: cd ...

how to ignore Segmentaion fault and continue to next instruction?

3 days ago

I have implemented a signal handler to trap the Segmentation fault and want to ignore it. I can increment the value of IP register and proceed but the problem is I can not find the length of the instruction , so I have no idea how much I need to increment ...

Authentication providers for applications with no internet connection

3 days ago

I have an interesting use case where users need to authenticate to applications running in environments that might not have internet access or even access to an authentication server. Administrators need to be able to grant and revoke access to individual ...

Road to be an Independent Security Researcher?

3 days ago

I want to be a security researcher, but I can't find a fixed set of syllabus or sets of skills you need to know before hand in order to be called a security researcher. It's very unambiguous, Is it that you have to a very good coder so you can write very ...

How to recognize the machine from which a request is coming?

3 days ago

At my work there are certain internal sites which I can access from my home but only through my work laptop. I wonder how this works. When my work laptop is connected to the corpnet, it has one IP address. When the machine is connected to my home network ...

Linux virus, malware, rootkits from browser

3 days ago

A lot of you might think I'm paranoid for asking this but I'll go ahead and do it anyways. If I installed Chrome on my linux distro and it somehow gets compromised for example, pop-ups, or if you visit some shady site, etc. Can that infected browser infec ...