Collaborate Disseminate
Background: I think I understand how the state parameter is used in oAuth to prevent CSFR attacks against the redirect_uri.
Situation: I am looking at this in the context of implementing a Shopify App and am having problems … Continue reading Shopify OAuth: State parameter useful when the auth server also returns a signed shop id?
I recently came across reports in media that Whatsapp’s services were exploited by a malware Pegasus for illegal surveillance of certain individuals. Pegasus, which exploits 0-day vulnerabilities, is known to infect a device just by visit… Continue reading How do I protect myself from Pegasus and alike malwares?
We all know that attacks on web browsers are entirely possible. This includes attacks such as drive-by downloads, MITB (man-in-the-browser) attacks and keylogger browser plugins/extensions.
However, although we know how thes… Continue reading How do attacks on web browsers succeed?
I have try to cahnge path as you can see but he find it again changed admin he found the new one
what can i do to stop him?
I have a log file i like to send to you
Jan
PS Prestashop 1.7.5.2
Please excuse the terminology as I’m no expert in information security.
My question is pretty straightforward:
How can I guarantee* that I am the only one with access to my local machine’s data (screen, microphone, camera, files)?
* With… Continue reading How to Prevent Access to Local Machine’s Data
AWS has a feature called Instance Metadata, which on EC2 gives you access to the AWS credentials through HTTP calls:
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/<role>
The feature itself is intentional, t… Continue reading How to harden against credential stealing in EC2 via the http://169.254.169.254 API?
I don’t think there’s a need to go into the background here, but identification of the process may be better explored.
From a developer pov, at a high level, the files are modified, by virtue of the attack and attacker, the… Continue reading Ransomware aversion and identification techniques
I am trying to understand how a CDN (like Cloudflare e.g) does protect against a DDoS attack.
I would think that the internet traffic is routed through a CDN’s reverse proxy, then filtered. This assumes that the DNS record o… Continue reading How does a CDN actually prevent DDoS attacks, when an origin server accepts direct connections?
I would like some advice on how to troubleshoot a problem on Wordpress/Apache/PHP/MySQL
I am looking at the following:
select *
from wp_options opt
where option_name like ‘%wp_user_roles%’
order by option_name
Yesterday, fo… Continue reading user_roles getting deleted from wp_options table in wordpress
I am looking into insights on how to detect an ongoing execution of Malware and prevent further execution of it. How does AV programs do that programatically? I am trying to find resources online, but have no luck, so I fallb… Continue reading How do anti-virus detect and prevent execution of malware?