Collaborate Disseminate
I’m learning for the first time the concept of revoking certificates. I created a certificate with openssl then I tried to revoke it. But my revoke command causes an error.
Here’s what I did
# generate key
openssl genrsa -out root.key 2… Continue reading openssl ca -revoke causes `Can’t open ./demoCA/cacert.pem`
hash: 341A451DCF7E552A237D49A63BFBBDF1
salt: 1234
I have a word bank I generated using CeWL that I think I am supposed to use. But when I run
hashcat –force -a 0 -m 0 341A451DCF7E552A237D49A63BFBBDF1 custom_dict.txt
I get no hits. I hav… Continue reading I know hash and salt; how do I use hashcat to decrypt?
Let us assume that we have a public API, for example, company.com/publicEndpoint, that can accept requests from any source. Various websites, like foo.com and bar.com, use JavaScripts that call this endpoint to retrieve a list of strings, … Continue reading Is there any secure way to make sure that a request comes from a browser and via a specific domain (by just using frontend)?
I don’t know if what I’m asking is even possible, but I’ll ask anyway.
I’m trying to get FireFox or Chrome to trust a self-signed certificate used on a website I’m running locally. I started up an ubuntu server and ran these commands:
# go… Continue reading Added root authority certificate for firefox, but still not trusting certificate
I am trying to learn how ssl chain of trust works with practical examples. I thought maybe openssl would be a good education tool. But I’m running into a few problems while practicing, and I’m at a lost on how to approach my education.
B… Continue reading How to practice making self-signed certificates with intermediate CAs
I build a widget product and my clients consume it via iframes to show it on their websites:
<iframe style=’width:100%; height: 100%;border:none;"’ src=’path/myhtmlproduct.html’></iframe>
myhtmlproduct.html is calling som… Continue reading I have a widget used by clients as iframes, what security tests should I check for? [closed]
I need some help with Hydra testing passwords for a local Cisco AnyConnect test system. I’ve verified that the POST data is correct and passwords.txt contains the correct password for the test user but the output just hangs even with -vVd?… Continue reading Hydra output hangs
Using bloodhound I would like to find the list of all computers a user I.e "domain\ajohn" can RDP into.
I looked at:
match p=(g:Group)-[:CanRDP]->(c:Computer) where g.objectid ENDS WITH ‘-513’ AND NOT c.operatingsystem CONTAI… Continue reading How to get the list of computers a user can RDP into using BloodHound?
I wonder about Google Authenticator privacy. I wonder if the app shares any information to the website owner about devices that we use to add a new key. I mean information like IP address and device type.
For example, I add a key from a cr… Continue reading Does Google Authenticator share device information to website?
As far as I know, JWT tokens are used for implementing ‘stateless server’. But as I try to apply Jwt to my website that uses sessions and cookies for authentication, I found that most people store refresh tokens in their db and compare the… Continue reading Why do I have to store a refresh token in db