Henry – WindowsTechs.com

Using window.open(”,"_blank") can this be XSS exploited?

Posted on July 12, 2023 by Henry

If I have javascript that opens a window using the code below, the content is a user supplied variable that is not sanatized. Is there any security risk in this situation. The content will only be show back to the same user. No additional … Continue reading Using window.open(”,"_blank") can this be XSS exploited?→

Pdf Exploit python [closed]

Posted on September 26, 2020 by Henry

How to infect pdf with python without metasploit ? Can payload be a simple cmd command ?
like :
pdf = infect(pdf_file, ‘py test.py’)

Continue reading Pdf Exploit python [closed]→

"Domain Matching" error on a firewall. What is that? [on hold]

Posted on October 29, 2019 by Henry

I was switching out the DNS settings for a domain and the site went down with security issues.

Here’s the error:

Does this mean that the domain is “registered” with Sucuri?

Continue reading "Domain Matching" error on a firewall. What is that? [on hold]→

I’m organizing a CTF event, is this network/ tech setup correct? [on hold]

Posted on January 25, 2019 by Henry

Is this approach the generally accepted route for a basic CFP event?

Hardwired ethernet connection
Local LAN (No WiFi)
Hack a service, Apache or other…

^ Are those the essential building blocks?

Continue reading I’m organizing a CTF event, is this network/ tech setup correct? [on hold]→

Safely connect to remote site from cloud based code

Posted on June 26, 2018 by Henry

I am connecting my computer located at my home to a remote server.

To communicate with the server, I use a config file that contains my private and public keys and a passphrase. My code reads the config file and sends a mes… Continue reading Safely connect to remote site from cloud based code→

Office 365 "ForeignRealmIndexLogonInitialAuthUsingADFSFederatedToken"

Posted on November 7, 2017 by Henry

I’ve detected a number of illegitimate logins to Office 365 (based on Client IP). In the audit log, the operation is listed as “ForeignRealmIndexLogonInitialAuthUsingADFSFederatedToken.” I’m not terribly familiar with this … Continue reading Office 365 "ForeignRealmIndexLogonInitialAuthUsingADFSFederatedToken"→

Spoofing the identity of another user in Telegram

Posted on January 24, 2017 by Henry

In telegram you can setup a unique public username which is available to anyone in the search option, but if you choose not to do that, the only way someone can identify you is by the name you set (ex. John Doe).

So can a ra… Continue reading Spoofing the identity of another user in Telegram→

Spoofing the identity of another user in Telegram

Posted on January 24, 2017 by Henry

So can a ra… Continue reading Spoofing the identity of another user in Telegram→

AWS HIPAA requires hardware dedicated to a single customer

Posted on November 21, 2016 by Henry

Amazon HIPAA compliance requires customers to run on dedicated hardware (https://aws.amazon.com/compliance/hipaa-compliance/).

I would think isolation of the operating system and encryption of data at rest and data in transi… Continue reading AWS HIPAA requires hardware dedicated to a single customer→