Collaborate Disseminate
Using bloodhound I would like to find the list of all computers a user I.e "domain\ajohn" can RDP into.
I looked at:
match p=(g:Group)-[:CanRDP]->(c:Computer) where g.objectid ENDS WITH ‘-513’ AND NOT c.operatingsystem CONTAI… Continue reading How to get the list of computers a user can RDP into using BloodHound?
I wonder about Google Authenticator privacy. I wonder if the app shares any information to the website owner about devices that we use to add a new key. I mean information like IP address and device type.
For example, I add a key from a cr… Continue reading Does Google Authenticator share device information to website?
As far as I know, JWT tokens are used for implementing ‘stateless server’. But as I try to apply Jwt to my website that uses sessions and cookies for authentication, I found that most people store refresh tokens in their db and compare the… Continue reading Why do I have to store a refresh token in db
Lets say I’ll open a third party page from the parent page using window.open(popup method)
Now what I want to know is there any way where the parent page(using javascript or any third party library) which opened the popup can get info back… Continue reading Can javascript from parent page read url of popup window?
As far as I know, the SSL certificate is public and anyone can read it. Is it possible in this case, for example, when someone, having copied the SSL certificate of my bank for himself, will be able to deceive me, acting as an man in the m… Continue reading Using someone else’s SSL certificate
While working on a site (https://website.com/site/site.apexp) the site redirects through a javascript function:
<html>
<script>
function redirectOnLoad() {
var escapedHash = ”;
var url = ‘https://website.com/s/login?ec… Continue reading Explotation of reload/redirect through javascript
I was creating self-signed certificate with OpenSSL and had to choose encryption and hash algorithm.
Are those algorithms used for encryption between client and a server?
If not, then what are these algorithms for?
Continue reading Certificate encryption and hash algorithm [duplicate]
I have written a Python script to inject a payload through the requests library, but the payload is being added instead of injecting
xsstestscript=html.unescape("<script>alert(1)</script&am… Continue reading Failed to inject payload with Python requests library in DVWA forms
I am looking for the modsecurity 2.x to 3.x Rule ID Transition Table – I looked at https://coreruleset.org/docs/rules/ruleid/ and there is a link to a .csv, but it is dead/404.
We are moving from a product that uses version 2 to a new prod… Continue reading Modsecurity 2.x to 3.x Rule ID Transition Table [closed]
I was trying to download the image, from this website, and Chrome "save image as.." pop up window, the image was labelled as "broken-image.jpg".
Of course, I tried to download it, and it looked at bottom of chrome that … Continue reading Missing file / image when downloaded, is it a virus or a bug? [closed]