Collaborate Disseminate
I am learning how to improve email deliverability. Along the way, I’m learning about DMARC reports, SPF and DKIM. I have a friend with a small business who said I can practice with this email service which is hosted with Google Workspace… Continue reading Is my DMARC report saying legitmate emails are failing or illegitimate emails are passing?
I’ve long since been storing credentials to databases and services in local configuration files during development. Sometimes these need to be to production systems, which makes this a security issue.
I’m wondering what the best practice h… Continue reading Local development credential manager and best practices
I seek protection against MITM & snooping of VPN or Tor proxy traffic on public WiFi.
So, what are the different security impacts of each of these 2 solutions:
Using a VPN (like Proton VPN) to connect to the internet while using publi… Continue reading What is the difference between a VPN and a Tor Socks proxy on public wifi?
I’m learning for the first time the concept of revoking certificates. I created a certificate with openssl then I tried to revoke it. But my revoke command causes an error.
Here’s what I did
# generate key
openssl genrsa -out root.key 2… Continue reading openssl ca -revoke causes `Can’t open ./demoCA/cacert.pem`
hash: 341A451DCF7E552A237D49A63BFBBDF1
salt: 1234
I have a word bank I generated using CeWL that I think I am supposed to use. But when I run
hashcat –force -a 0 -m 0 341A451DCF7E552A237D49A63BFBBDF1 custom_dict.txt
I get no hits. I hav… Continue reading I know hash and salt; how do I use hashcat to decrypt?
Let us assume that we have a public API, for example, company.com/publicEndpoint, that can accept requests from any source. Various websites, like foo.com and bar.com, use JavaScripts that call this endpoint to retrieve a list of strings, … Continue reading Is there any secure way to make sure that a request comes from a browser and via a specific domain (by just using frontend)?
I don’t know if what I’m asking is even possible, but I’ll ask anyway.
I’m trying to get FireFox or Chrome to trust a self-signed certificate used on a website I’m running locally. I started up an ubuntu server and ran these commands:
# go… Continue reading Added root authority certificate for firefox, but still not trusting certificate
I am trying to learn how ssl chain of trust works with practical examples. I thought maybe openssl would be a good education tool. But I’m running into a few problems while practicing, and I’m at a lost on how to approach my education.
B… Continue reading How to practice making self-signed certificates with intermediate CAs
I build a widget product and my clients consume it via iframes to show it on their websites:
<iframe style=’width:100%; height: 100%;border:none;"’ src=’path/myhtmlproduct.html’></iframe>
myhtmlproduct.html is calling som… Continue reading I have a widget used by clients as iframes, what security tests should I check for? [closed]
I need some help with Hydra testing passwords for a local Cisco AnyConnect test system. I’ve verified that the POST data is correct and passwords.txt contains the correct password for the test user but the output just hangs even with -vVd?… Continue reading Hydra output hangs