Mike – Page 2 – WindowsTechs.com

Should you set up firewall rules with a vpn?

Posted on June 21, 2021 by Mike

I am using a vpn and trying different firewall rules to keep as secure as possible. But the VPN company itself tells me not to use a firewall. Does that seem reasonable?
They write:

"As we’ve mentioned previously, it is not recommen… Continue reading Should you set up firewall rules with a vpn?→

What are these ip addresses?

Posted on June 21, 2021 by Mike

I downloaded a fresh kali vm and created ssh keys then a decent vpn and started to look for devices to exploit using shodan website , I am and ethical hacker, if i manage to exploit a device i try to patch it and leave a note for the owne… Continue reading What are these ip addresses?→

What is an SLT1000 password encryption? [duplicate]

Posted on May 4, 2021 by Mike

The sample password-encryption below.
{SLT1000}8kmbGwpGQRS0b8GOdAH4/Wrt8z4=
Could anyone identify what type of encryption is this?

Continue reading What is an SLT1000 password encryption? [duplicate]→

Can sqlmap be used to extract data if the attack is blind?

Posted on April 6, 2021 by Mike

I’m solving this challenge/lab where SQLi is inside the cookie parameter. After solving it manually, I thought to check if it can extract data. I used sqlmap with –cookie=COOKIE* (Notice * that’s the marker to tell sqlmap about the inject… Continue reading Can sqlmap be used to extract data if the attack is blind?→

What type of attacks does HTTPS protect against?

Posted on November 29, 2020 by Mike

What are some example attacks that could be vulnerable if HTTP is used, and that can be overcome in HTTPS? The only one I can think of is man in the middle attacks, where the intercepted traffic is in plain text. What are some others?
Also… Continue reading What type of attacks does HTTPS protect against?→

Failing to capture messages 1 and 3 of WPA2 4-way handshake?

Posted on May 29, 2020 by Mike

Trying to demo cracking a WPA2 protected AP using the aircrack suite, but the results seem to be nondeterministic (i.e. not good for demos).

Did some detective work with Wireshark and observed that after the authentication and associatio… Continue reading Failing to capture messages 1 and 3 of WPA2 4-way handshake?→

In Windows How to determine encryption algorithm used in certificate

Posted on December 9, 2019 by Mike

How can one determine the encryption algorithm type (e.g. AES, DES, 3DES, etc.) that is used by a certificate in Windows (10, 2012-2019)? Is it obvious, and I’m just not seeing it in the certificate details?

Continue reading In Windows How to determine encryption algorithm used in certificate→

In OAuth2, is it acceptable not to use https for internal communication between resource server and authorization server?

Posted on October 23, 2019 by Mike

I have a resource server (REST API) and an authorization server which are installed on the same server and behind a reverse proxy. All incoming external requests use https. Would it be acceptable not to use https for the comm… Continue reading In OAuth2, is it acceptable not to use https for internal communication between resource server and authorization server?→

I have multiple hidden cameras in my home [on hold]

Posted on May 4, 2019 by Mike

Its over my wife’s family fude cameras and mic all over they come in and take we have 4 different security systems all been hacked or takein because can’t hide from them cameras we have lost at least 10,000 in tools money … Continue reading I have multiple hidden cameras in my home [on hold]→

Subdomain api.domain.com – more vunerable to attacks?

Posted on March 21, 2019 by Mike

I am in the process of setting up an api which will have the subdomain “api.”, I have been advised to change this to something “less obvious” to avoid automated attacks against it.
I can’t find any advice on naming subdomains… Continue reading Subdomain api.domain.com – more vunerable to attacks?→