Collaborate Disseminate
In 2021 Microsoft introduced TAP (Temporary Access Password) and it became popular especially for onboarding users. Are there any drawbacks generally to consider when implementing this option for user sign-in?
One of the drawbacks is when … Continue reading Are there any drawbacks to using TAP (Temporary Access Password)?
How can an attacker with initial access to a server behind a firewall, which only has SSH, HTTPS, and HTTP ports open, maintain remote access to the server even after the SSH port is closed by the user on the firewall?
I have searched these questions and answers but none of them directly answering the question:
I knew its by implementing any kind of reverse shell, creating a tunnel that sending outbound connection to attacker server:
Why a tunnel – reverse shell not detected by Firewall or such Antivirus on the OS? until this point, I worked on many computers and tested if a tunnel works or not, none of them blocked me even with enterprise firewall and client security software.
Continue reading How outgoing tunnels are not stopped by AV or firewalls?
I want to test some untrusted software to check them, for this reason, I researched for a good sandbox software and I found Sandboxie I tested few safe application, but I am not sure if I can run untrusted application also?
I am currently running my website in shared hosting, and I am not able to register TLS/SSL for my website. However, I implemented jsencrypt [A Javascript library to perform OpenSSL RSA Encryption, Decryption, and Key Generation] to encrypt… Continue reading No SSL: Web Application Security using html fragment identifier (#)
I am Always Hibernating my Laptop, for faster booting, I encrypted sensitive drive by BitLocker, what if my Laptop stolen and attacker knew that it was in hybernate mode, can he decrypt my hard?
In computer security, we know that weak points in software are called vulnerabilities (if related to security). And once the vulnerability is found, theoretically it requires a piece of code as proof of concept (this is calle… Continue reading What is the difference between Exploit and Payload?
I knew that XSS attacks (“non-persistent” and “persistent”) can hijack user session, deface websites, conduct phishing attack, etc.
However, I can’t understand what is dangerous of DOM Based XSS if its not able to (Hijack se… Continue reading DOM Based XSS attacks: what is the most dangerous example?
I am filtering all images that attached to any content of my blog:
Check for file extension.
Check content type using $finfo = finfo_open(FILEINFO_MIME_TYPE);
I also save the image temporary on my server and check the size … Continue reading is it safe to allow external images to be attached to Blog or any Web content?
Consider (usual scenario) You own a Shopping Cart Website and hosted on Internet, now, your hosting company provides you database to store your data.
If talking about security, we need it for:
Securing Files and Folders on the server (Ac… Continue reading How to secure or (Ensuring Integrity) of Web Data in transit and in store?