Collaborate Disseminate
I have asked this question on The WorkPlace SE site and did not receive any comprehensive answers over there. I have around 10 years of cybersecurity industry experience and have gained proficiency in using MetaSploit framework for automa… Continue reading How can I safely write in my resume that I have written a MetaSploit exploit module without making employers nervous?
Context
I’m working to make an embedded devices safe against physical access. (publicly accessible device and can be easily stolen)
I already made the following action :
secure boot is enabled on cpu, bootloaded is signed
Image is also si… Continue reading How to safely use dm-crypt as overlayfs uper partition?
I am using VirtualBox, Kali linux as the attacker vm and xubuntu as the supposed AP. However, I only have my wireless pcie card on my actual pc and it seems that making a virtual interface card doesn’t work unless I am doing it wrong.
Is t… Continue reading Can I make a WEP wifi and crack it using two virtual machines?
I first wanted to simulate a WEP wi-fi network using virtual machines and then intercept data/crack it but it seems that I need actual wireless interfaces which I do not have and using my own in my actual pc also seems like it won’t work w… Continue reading WEP .pcap example, need help finding one [closed]
My internet would just stop randomly. Router and modem both show that they are "still connected". What it seems to do is lock up my connection for 5-20 seconds at a time. Normally, no big deal, but streaming, and some games (Lik… Continue reading ACK scans and network disconnects [closed]
I work in the cybersecurity division of my employer in a regulated field.
Where I work, edge perimeter controls on firewall are set up to DENY All incoming connections originating in blacklisted countries (e.g: North Korea). If an employee… Continue reading What viable methods can be used to prevent bypassing of country IP blacklisting edge controls by using VPN?
According to docs:
To hash a new passphrase for storage, set salt to a string consisting of [a prefix plus] a sequence of randomly chosen characters …
and
In all cases, the random characters should be chosen from the alphabet ./0-9A-Z… Continue reading Why GNU libc’s salt alphabet for `crypt` is limited to ./0-9A-Za-z?
Please assume the following in responding:
Data being passed to vendor is subject to data protection laws in the USA such as GLBA
Data itself resides within the United States
Switching vendors will be difficult due to tight integration … Continue reading What strategies can I use to negotiate security terms in vendor contracts for vendors in high geopolitical risk countries?
I am a member of the IT security team of a large organization in the financial services industry. I have been with my employer for about 7 years, and am well respected, often serving in advisory capacity to management. Recently we started … Continue reading Is gamification to encourage increased end user awareness of company security policy a good idea? [closed]
I’m only a beginner so if any more info is needed just request and i’ll update the question.
For one of my modules we are covering cross-site scripting and I have been given a series of PHP files that I need to get a script through to prin… Continue reading Bypassing htmlentities() for XSS attack