Collaborate Disseminate
I noticed that when the secure boot options is disabled on a Bitlocker enabled Windows laptop with TPM, in order to boot into a forensic live OS like Kali in Forensic Mode or Parrot OS that the TPM is not cleared at least on some HP laptop… Continue reading Are there any known BIOS that clear a TPM on disabling secure boot?
I wonder if entering the Windows (advanced) startup menu changes or logs anything on the disk itself. Where does this exactly happen in the boot sequence? If for example, a laptop was to be forensically imaged without a write-blocker would… Continue reading Is booting into the Windows (advanced) startup menu without a write-blocker forensically safe?
I noticed that on Windows systems many expired certificates are listed in the certificate store certmgr. Should they be deleted when expired and if so why or why not?
If they should be deleted why isn’t this done automatically by Windows? … Continue reading Should expired (root) certificates be deleted from the certificate store?
I have a situation where a webserver behind a network firewall is ran inside of Docker containers. It is setup in this order:
Caddy webserver – acts as WAF, GEOIP block, IP blacklist, HTTP Security Headers modifications, TLS termination, … Continue reading Is reducing the webserver stack from Caddy, NGINX and PHP-FPM to only Caddy and PHP-FPM a reduction in layered-security?
Most browser extensions I use are utility like tools that do something in the DOM. Like copying HTML tables to Markdown tables, accepting cookie warnings, removing ads, regex find replace et cetera.
With the current news regarding abused b… Continue reading Is there a way to limit browser extension internet access?
With all currently ongoing global conflicts in the world, I was thinking about removing default trusted certificate authorities root certificates that are from countries that are (no longer) considered trusted for example due to sanctions,… Continue reading Is it common practice to remove trusted certificate authorities (CA) located in untrusted countries?
After the recent news of multiple compromised popular browser extensions.
Is it possible for organizations to setup browser extension allow and denylists for common browsers such as Edge, Chromium-based, Brave, etc.
If so, in what ways can… Continue reading How to allow or denylist specific browser extensions in popular browsers?
Internet.nl checks a domain for some security settings among which:
Route Origin Authorisation existence and Route announcement validity for both the webserver and nameserver IP addresses.
They write:
All IP addresses of your web server a… Continue reading How to manually test for invalid Route Origin Authorisation (ROA) and Route announcement validity?
I noticed DNS requests to the domain: ctldl.windowsupdate.com.
Some report it as malicious but I think it a false-positive, and it is legitimately Microsoft. It is also mentioned in https://security.stackexchange.com/a/233376/72031 in rela… Continue reading Why does ctldl.windowsupdate.com not use (valid) TLS?
I just switched my whole home network (about 100 devices, many IoT) to NextDNS.io. Upon checking the logs I noticed some requests recurring every few minutes to:
www.goooooooooooooooooooooooooooooooooooooooooooooooooooooooooogle.com
I did … Continue reading What is this suspicious recurring DNS lookup to gooo…ooooogle.com in my DNS logs?