Collaborate Disseminate
I want to do something similar to Ubuntu’s signed checksums in distribution and I’m currently stuck on the integrity part. The tutorial here covers most of what I’d like the process to look like (I’ve modified what I’m writin… Continue reading How to ensure authenticity and integrity of a directory
I found CRLF injection on a site but it doesn’t has any login, session or anything or that sort. I wonder if there’s any way to prove impact of CRLF injection here.
Something that I think can be done is, an attacker can craf… Continue reading Is there an impact of CRLF injection on static sites?
I understand how FIDO works with yubikey: Yubikey device has a symmetric key and it uses appId, nonce and symmetric key to generate key pair for a website. And the device gives back public key and keyHandle (which can used to… Continue reading FIDO U2F – MacOS TouchBar
I have a yubikey which supports only U2F. It doesn’t support FIDO2. I read about U2F and i understand how it works.
When i test my Yubikey for WebAuthn on https://webauthn.io it works. I wanted to know how WebAuthn works wi… Continue reading Yubikey – WebAuthn and U2F
Someone in an interview today told me every firewall has two rules: explicit allow at the top and explicit block at the bottom.
Form the way I’ve always understood things firewalls are normally set to explicitly block by defa… Continue reading Would a firewall contain an explicit allow rule at the top?
I would like to hear about some of the tools that people use for hunting malware on a machine. This is not really for analyzing malware but more for detection of malware to see if a machine is infected and if so how to clean … Continue reading What Tools Do People Use For Hunting Malware?
So here is the situation, we are trying to filter out spam emails within our organizations Exchange 2010 mail server and for the most part we have been pretty successful. Except for a few emails.
Under transportation rules … Continue reading Emails Bypassing Exchange Transportation Rules
First, let me summarize how the SSRF works:
1) You setup an SVG image with a reference to your server via xlink. Here’s an example that works:
<?xml version=”1.0″ encoding=”UTF-8″ standalone=”no”?><svg xmlns:svg=”http://www.w3.o… Continue reading How to exploit SVG xlink-based SSRF
So the past few weeks we have been trying to cut back on the amount of spam reaching our users in our organization. We have been successful in implementing hard filtering rules like if an email subject or body contains “my bitcoin address”… Continue reading Filtering Obfuscated Spam Emails In Exchange
This website (example.com for confidentiality) has an odd open redirect situation. It redirects after logging in by a URL parameter like example.com/login?returnURL=https://example.com
I found that it allows you to change th… Continue reading Limited open redirect ideas