Collaborate Disseminate
We are having the need to end-to-end encrypt highly confidential files on Google Drive for HR & Finance Departments, and these users need those files to be automatically synchronized to cloud (.i.e Google Drive).
Which approaches or so… Continue reading Which solution is suitable for Google Drive files end-to-end encryption? [closed]
An individual contacted us claiming that he discovered vulnerabilities in our website. He also showed his intention to show us detailed information about the vulnerabilities, including how to reproduce them. He even asked our permission be… Continue reading Is the vulnerability reporting to our website actually a scam? [closed]
I followed the steps mentioned in the documentation as stated in this link https://github.com/flipkart-incubator/Astra. However, I encountered the error "No module named pymongo", which is shown in the following figure:
A web scan by ZAP indicated that my website is vulnerable to a Remote OS command injection. Details are below:
This is the URL the scanner found vulnerable:
https://[redacted]/[redacted]?address=ZAP%22%26sleep+15%26%22&email=foo-bar%40… Continue reading Remote OS Command Injection – scanned by ZAP
I used hping3 to stress test a web app (DoS):
sudo hping3 -S –flood -V -p 80 [IP addr/url]
When I attempted to get access to the target web application through my network, it refused to connect with the error
This site can’t be reac… Continue reading Why does hping3 test DoS not successfully?
I just conducted an automated web scan with Burp Suite Pro. The scanner result indicated that our website had a high severity of code injection. It gave the following proof:
However, I don’t understand why it interpreted like that:
We’ve received frequent emails from our Threat Intelligence Group with IoCs artifacts, such as file names, hashes, domains/urls. They request us to do preventive measures for the given attributes.
However, I find it very hard to follow t… Continue reading How to respond to Indicators of Compromise?
We have a whale phishing case, in which the sender is from the insider (we’re using Zimbra email service for some specific user groups). A cursory investigation indicated that this account had probably been compromised.
My concern here i… Continue reading How to identify the phishing email originates from a compromised account or a compromised server?
I want to block Microsoft Store on Windows 10 pro in a corporate environment. Having read relevant articles about this matter and tested on my machine, I see that Windows 10 Pro does not support this function (either through Group Policy [… Continue reading How to disable/block Microsoft Store on Windows 10 Pro by firewall?
I’m using InsightVM from Rapid7 to scan vulnerabilities for my company’s assets. There were different results as follows:
If I used “scheduled scan”, the scan result would detect correct vulnerabilities, including the information “Creden… Continue reading Credential Failure for Vulnerability Scanning – InsightVM [closed]