Collaborate Disseminate
Background
When I explain to my clients the security issues around email spoofing, I often explain that emails are like regular mail. Anyone can write Jon Doe on the return address, but that doesn’t necessarily mean that Jon Doe sent it.
P… Continue reading Why can’t mail clients verify an email was sent from the user and server it claims to be from?
Given
Attacker is targeting a user of bank.com.
bank.com uses SMS or Google Authenticator 2FA, where the user enters the 2FA code into a form.
Scenario
Attacker registers domain name baank.com
Attacker creates a web page that scrapes th… Continue reading Does 2FA Help Prevent Unauthorized Access in Phishing Attacks?
HTTP
I’m aware that HTTP sends plain text over the network which can be sniffed and modified if a MITM is performed.
HTTPS
On the other hand, HTTPS sends encrypted text over the network that can neither be sniffed nor modified.
Other?
I’m … Continue reading Is there a protocol that provides data integrity, but not encryption for HTTP?
Background
A while ago I started using F strings in Python but remembered seeing some security concerns with using them with user input so I have made a point of not using them for those situations.
Question
Are there security concerns to … Continue reading Are there any Security Concerns to using Python F Strings with User Input
I’ve been looking into captive portal WiFi implementations and on a few I’be been able to easily bypass their login with the following steps:
1) Open Wireshark and run a report getting the most used IPs in my
network (except the router’s… Continue reading What is the best form of authorization for captive portal WiFi
I’m just wondering if it is technically possible for your ISP to work with a certificate authority (either compelled by a government agency or otherwise) to create a MITM attack to see into your https traffic. I’ve used a few MITM servers… Continue reading Could a certificate authority and a ISP preform a MITM attack on HTTPS traffic?
Assume the following very basic hashing algorithm.
h(k) = k mod 17
Let’s say we create a password 12345 for a website that uses this very basic hashing algorithm. That would yield the hash of 3.
Say a brute force attacker comes by and … Continue reading Does it matter if a brute force search for a password returns a collision and not the password?
I am trying to write a Suricata signature for testing purposes to alert every time it is triggered with a single PCAP file containing a single packet, but this is proving to be harder than I thought.
For instance, I have the following rul… Continue reading How can I get Suricata to alert on 1 packet every time
I recently inherited a corporate network and one of the devices kept having errors connecting to mapped network drives with errors pertaining to the server time being different than the computer’s time. This was not the case… Continue reading Why is my Windows desktop using a DNS Server on localhost?
Ok, so I’m trying to wrap my head around what the s flag does in linux.
I’ve got the following code:
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <st… Continue reading Getting root with setuid and the s flag