Collaborate Disseminate
Let’s say there’s a keylogger secretly installed in an employee’s computer. The keylogger recorded a bunch of information, but the well-configured firewall blocked the keylogger from sending that information to its server.
Attacking the fi… Continue reading Is it possible to make whitelisted software do custom, malicious things?
We all know that digital footprint is traceable and possibly left forever. When being hired by a new company whether as an employee or contractor, certain things like name, email, phone number, address, and SSN (for tax forms) will be gath… Continue reading How much info can employers find out about an employee publicly?
I have an authorization server that generate JWTs, the JWTs are signed with a private key (RS256) stored on a hardware security module. The tokens are generated only after a successful authentication.
What measures can be taken to prevent … Continue reading JWT forgery by an internal attacker
I want to monitor in real time if a USB Token is plugged in.
My plan is to install a local application (that I’ll try to develop) on my organization’s PCs (Windows), this application will monitor in real time USBs ports and check if the To… Continue reading How to get notified every time a USB Token is plugged in [migrated]
I want to configure roles (least privilege) on my CA instance (EJBCA) and I’m trying to find what are the best practices to do this.
I’ve tried to read the ETSI EN 319 401 – V2.3.1 standard and try to implement this on EJBCA but it is not … Continue reading Recommendations on PKI roles as per ETSI EN 319 401 – V2.3.1
I am using a socks4 public proxy for more speed/bandwidth. I am currently using it for downloading files. Now I want to use it for social media or daily day usage. I know that they will get all my traffic. I use DNS over HTTPS in Firefox. … Continue reading Can I trust public socks4 proxy when using only HTTPS?
I was testing key generation on a Hardware Security Module and I noticed that it takes so much time to generate an AES 256 secret key on the HSM.
I’ve used pkcs11-tool to generate the key and it took about 5 sec to complete the task:
$ pkc… Continue reading Why does it take so much time to create a secret key on a HSM?
I have a Yubikey NFC 5, when I enter a wrong PIN or PUK three times the smart card is blocked.
Can someone please explain to me how it is blocked ? Does the PIN/PUK functionality is disabled somehow ? Does it set a secret PIN (pretty stupi… Continue reading How smart cards are blocked?
I’m trying to sign a CSR using python-asn1crypto and python-pkcs11. I have an ECC Keypair stored in a Hardware Security Module (HSM).
Here’s a code sample:
key = decode_ec_public_key(encode_ec_public_key(pub))
info = CertificationRequestI… Continue reading Signing CSR using an ECC keypair
I have a question about what key usage should I choose when creating a private CA (root or subordinate).
I have inspected some root and issuing web certificate authorities and they tend to use digitalSignature, cRLSign and keyCertSign. Bu… Continue reading keyUsage Extensions on a Certificate Authority