user3280964 – WindowsTechs.com

How can authoritarian governments sniff TLS encrypted traffic on mass scale?

Posted on October 7, 2022 by user3280964

I tried sniffing TLS web traffic on my own network and I always run against the following complications:

I need to install an additional root cert on my devices
I need to root my phone to do certificate pinning bypass

For a government th… Continue reading How can authoritarian governments sniff TLS encrypted traffic on mass scale?→

In a physical pen test, is there a way to figure out FOV of a tinted dome camera?

Posted on August 5, 2021 by user3280964

With bullet cameras, this is easy. You look which way they are pointing and then either guess their FOV, or even look them up based on how the model they appear to be.
Most dome cameras are behind tinted glass and it’s hard to see where t… Continue reading In a physical pen test, is there a way to figure out FOV of a tinted dome camera?→

Is super paranoid use of HaveIBeenPawned password API going to help?

Posted on July 26, 2019 by user3280964

They way I understand HaveIBeenPawned password API is that it’s a safe system because the site “can’t do much with my partial hash even if they wanted to”. But is that really true?
Is the following scenario feasible?

… Continue reading Is super paranoid use of HaveIBeenPawned password API going to help?→

How could ASP.NET forms authentication session leak into a different site?

Posted on May 23, 2019 by user3280964

We’re dealing with a vulnerability where a forms authentication from one site can be used within a separate site. I can’t figure out how is IIS or ASP.NET allowing this to occur

Steps:

Login to site1.domain.com as user “a… Continue reading How could ASP.NET forms authentication session leak into a different site?→

Why are ASP.NET form authentication cookies deleted only on client side if client side can’t be trusted?

Posted on May 22, 2019 by user3280964

ASP.NET documentation says:

FormsAuthentication.SignOut()

Removes the forms-authentication ticket from the browser

Why is the cookie not invalidated at the server as well? It would be easy to implement. After al… Continue reading Why are ASP.NET form authentication cookies deleted only on client side if client side can’t be trusted?→

Why bother with certain types of 2fa if they can be easily bypassed?

Posted on September 6, 2018 by user3280964

In the wild, there is a method of bypassing 2fa. The gist of it is that the attacker doesn’t just phish the password, but they also phish the 2nd factor and use those for a real login on their own machine. (described in deta… Continue reading Why bother with certain types of 2fa if they can be easily bypassed?→

Security BY obscurity is horrible. Is security AND obscurity good?

Posted on May 30, 2018 by user3280964

Normally I preach that rolling your own custom crypto algorithm is a bad idea. But will it really hurt if it’s the outermost layer though? Or will it make security worse?

AES -> CipherText -> CustomEncryptionAlgorit… Continue reading Security BY obscurity is horrible. Is security AND obscurity good?→

How to maintain balance between integrity and client satisfaction in vulnerability assessments

Posted on May 11, 2018 by user3280964

I have done a number of vulnerability assessments and I’m noticing a trend. In the first assessment the clients are impressed and grateful for the massive security holes I find. During the second and third assessments, they… Continue reading How to maintain balance between integrity and client satisfaction in vulnerability assessments→