Collaborate Disseminate
RFC4122bis specifies UUID v7, a version which contains 74 bits of randomness.
Assuming I use a CSPRNG to generate the random bits: Are these UUIDs considered to be unguessable and are enough to prevent attacks such as IDOR?
Continue reading Can UUID v7 be treated as a unguessable, opaque identifier?
Let’s say the Content Security Policy looks like this:
Content-Security-Policy: default-src ‘self’;
It’s also not possible to upload JS files on the same origin.
Now there’s an exploit to write arbitrary HTML on a page, including <scri… Continue reading Should I call a vulnerability XSS even though it is blocked by the CSP?
I’m debating dragging all my files onto an external hard drive manually – rather than a time machine backup – and then pulling over any specific files I need if I ever need them.
Afterwards, I’ll factory reset my computer, as I’m concerned… Continue reading Is "drag-drop files" computer backup sufficient to avoid most malware/ have all my files?
I sleepily clicked on this bad link yesterday (DONT CLICK Unless you know what you’re doing: https://6to.me/idsoni7kjv with a "?fbclid=" param – presumably identifying me)
I’m wondering how much harm could be done. I’m sure it c… Continue reading What can happen when you click on a bad link?
Is it possible to create a new root CA (just for myself) and use it to sign a set of existing intermediate CAs which I’d like to trust? If so, which tool can be used to accomplish this? The private keys of the intermediates are not in my p… Continue reading How can I create a new root CA and sign existing intermediate CAs without their private keys?
I’m developing a mobile application for a client that sells digital courses on a service called Teachable that hosts their website and handles the purchase process for them. My client wants to keep using this service for the purchase proce… Continue reading Webhook sending Purchase Details to handling Purchases from a Third Pary Service Secure?
Hi there is no plugin what i can find
where i can do a form where I can add
Title
Text
Picture
Video
Price
Available weeks
Where its connected to the user and with a special Id
Scenario
I need a form that do this above… Continue reading WordPress Looking for Plugin where user can upload context (and pictures) in seperate items [on hold]
On my CentOS machine, all my ports are filtered with the Iptables rule:
DROP all — * * 0.0.0.0/0 0.0.0.0/0
So from the Internet, every port timeouts.
The only way to ssh into the machine, i… Continue reading Port Knock logs suggest machine has been compromised?
Hi I have created a login page Below. I want to test the security of my exe I do not want to use a captcha or timeout on my exe.
Are there any applications specifically designed for bruteforcing .exe applications? In my expe… Continue reading GUI exe BruteForce login test
Recently I have been working on a little project. I have been able to crack my keePass .kdbx file by running a simple brute force attack with the KeePass Cracker and a custom made word list.
This is to easy. Lets say I didn’… Continue reading Alternatives to bruteforce KeePass Cracker