Collaborate Disseminate
I am using windows 11 and when I go into recovery mode and select "use a device" (for recovery), two devices appear called "ubuntu" and "fedora".
I recently wiped my computer though using a cloud install and w… Continue reading How to find where these devices originate from? [closed]
Using the cipher suite “TLS_AES_128_CCM_SHA256”
This example is referring to a self signed certificate
If a server uses TLS and uses the cipher suite above? How does the certificate get signed if there is not an asymmetric private key to s… Continue reading How does a Cipher Suite Work without an Asymmetric Algorithm?
I’m trying to determine if a client side app, that runs in the browser has any real danger from being vulnerable to a known ReDOS issue.
My understanding of ReDOS is that inefficiencies or known short comings in regular expression computat… Continue reading What is the risk of a known ReDOS Vulnerability in a client side (Browser) app
We all know that SmartCards protect private keys much better than any software-based solution. However, when it comes to the Windows Cert Store to be compared to SmartCards: how difficult is it for an attacker to extract the private key o… Continue reading Risk Assessment of Windows Cert Store
I am studying spanning tree protocol attacks and I would like to understand a thing. The root is on the "top" of the tree, how can we exploit this to put in place an attack? We can, in some way, become the root, but what privileg… Continue reading How does the root in spanning tree protocol works?
I am using my computer, but am connected to my work’s WiFi. Can my company see what websites I visit when am using Tor browser?
Continue reading Can Tor browser protect me from being found out?
A certain tax website has the frustrating feature of limiting the session to only one browser tab or window at a time. I haven’t looked into how they might be doing this, but if you login on one tab, then open another tab and go to the sam… Continue reading Does limiting a web session to one browser window or tab provide added security?
I am running Kali in Virtual Box vm on Ubuntu. The network adapter is configured as Bridged with All options enabled.
When I try nmap -sn 192.168.0.1/26 I get no hosts discovered but I can ping known addresses without any problem directly… Continue reading Nmap shows 0 hosts up after any discovery scan? [migrated]
I’m a bit lost as to the best practice surrounding a production-ready access management based on keycloak and open id connect.
My understanding is that if you use Keycloak’s provided adapters, instead of writing your own, you end up with a… Continue reading Keycloak and Open ID Connect best practices
I want my clients to be able to schedule a purchase for a given date. When they perform this scheduling action, they are authenticated with an oauth2 token. However the date could be so far from now that the token might have expired when t… Continue reading Oauth2: should I increase the refresh token expiring date?