Collaborate Disseminate
I’m solving this challenge/lab where SQLi is inside the cookie parameter. After solving it manually, I thought to check if it can extract data. I used sqlmap with –cookie=COOKIE* (Notice * that’s the marker to tell sqlmap about the inject… Continue reading Can sqlmap be used to extract data if the attack is blind?
What are some example attacks that could be vulnerable if HTTP is used, and that can be overcome in HTTPS? The only one I can think of is man in the middle attacks, where the intercepted traffic is in plain text. What are some others?
Also… Continue reading What type of attacks does HTTPS protect against?
Trying to demo cracking a WPA2 protected AP using the aircrack suite, but the results seem to be nondeterministic (i.e. not good for demos).
Did some detective work with Wireshark and observed that after the authentication and associatio… Continue reading Failing to capture messages 1 and 3 of WPA2 4-way handshake?
How can one determine the encryption algorithm type (e.g. AES, DES, 3DES, etc.) that is used by a certificate in Windows (10, 2012-2019)? Is it obvious, and I’m just not seeing it in the certificate details?
Continue reading In Windows How to determine encryption algorithm used in certificate
I have a resource server (REST API) and an authorization server which are installed on the same server and behind a reverse proxy. All incoming external requests use https. Would it be acceptable not to use https for the comm… Continue reading In OAuth2, is it acceptable not to use https for internal communication between resource server and authorization server?
Its over my wife’s family fude cameras and mic all over they come in and take we have 4 different security systems all been hacked or takein because can’t hide from them cameras we have lost at least 10,000 in tools money … Continue reading I have multiple hidden cameras in my home [on hold]
I am in the process of setting up an api which will have the subdomain “api.”, I have been advised to change this to something “less obvious” to avoid automated attacks against it.
I can’t find any advice on naming subdomains… Continue reading Subdomain api.domain.com – more vunerable to attacks?
I’m working on a financial app that uses Plaid to provide financial data and updates as users spend money.
As of right now, I’m using Hashicopr’s Vault to encrypt the transaction/bank account data, which should hopefully hel… Continue reading Encrypting data as a middleman
I work for a company that has done in house application development (for our internal systems) since its inception decades ago. Recently, however, the rise of APIs and real-time data transfer has finally come to the attention… Continue reading InfoSec consultancy – infrastructure vs development
I moved pictures from my stock iOS photos app to an old photo vault app. I used my LTE to move the pictures and was wondering if whenever I opened the app on WiFi, if my school could potentially see all of the images moved th… Continue reading Photo vault security