Collaborate Disseminate
I have a PCAP basically stating two things:
An ARP request who has 192.168.a.b? Tell 192.168.b.c
An ARP answer with the MAC address follows of course.
The following requests all access an web app, which seems to be .php based (I can judg… Continue reading How do I reach the "remote" web app using IP routing? [closed]
Currently on the "FLOSS market" there are multiple options for encrypting remote cloud storage following different security models and different philosophies. To name a few:
encfs (I guess it’s legacy)
cryfs (still in beta)
gocr… Continue reading Which of these filesystem encryption philosophies and methodologies are better for which purpose? [closed]
Rather primitive Malware using Python3 and similar already available software on the victim’s machine (which can also be compiled using PyInstaller/pycom if not) has the capability to override the user’s processes in memory while they’re r… Continue reading Can malware override and execute any memory location or it has to be specific?
My threats are: MitM basically, eavesdroppers
I have a Nextcloud instance and I was thinking of mounting sshfs locally and selecting local as the external storage type and then putting the data there, but is it the most secure option?
Next… Continue reading What’s the most secure mounting method for external storage in Nextcloud when not using encryption on rest for performance reasons?
My threats are: MitM basically, eavesdroppers
I have a Nextcloud instance and I was thinking of mounting sshfs locally and selecting local as the external storage type and then putting the data there, but is it the most secure option?
Next… Continue reading What’s the most secure mounting method for external storage in Nextcloud when not using encryption on rest for performance reasons?
I’ve found a question with an answer here on Security StackExchange or on Unix StackExchange, but I can’t find it anymore apparently 🙁 If you find this answer already, help would be appreciated, I already searched both places extensively…. Continue reading How do you trust two different cloud provider servers?
I mean this has certainly been implemented by some scummy PRNG developers, which thought of the economics behind it (especially in the casino and similar businesses). So it might be even legal in some cases, but this not Law StackExchange … Continue reading What’s the best approach to make PRNGs favourably deterministic a.k.a. biased and how to protect yourself against this?
Cheat Engine is a rather known memory editing and manipulation tool for Windows.
It has this feature to screw up your randomness generation, how does it achieve it?
My guess would be that it makes the initial conditions (like static noise,… Continue reading How do in-memory unrandomizers (like in Cheat Engine) work?
I was wondering whether you need to have Microsoft Office installed to be vulnerable to CVE-2022-30190 RCE.
As far as I understand, MSDT is the issue here (the attack vector so to say) and as shown here https://docs.microsoft.com/en-us/win… Continue reading Does only having Microsoft Office installed make you vulnerable to the CVE-2022-30190 RCE or having Windows as your OS is enough?
We’ve all certainly heard about the widely overhyped BadUSB exploits on the Physon microcontrollers.
There’s certainly a high potential of gaining something by targeting such a specific device, which is designed to only contain secrets.
Ev… Continue reading What security measures does YubiKey take to secure its hardware from malicious firmware tampering? [closed]