Collaborate Disseminate
I have a question in my mind regarding the inner workings of Kerberos protocol. If the generation of the session key is somehow insecure, does this compromise the security of the Kerberos protocol?
I am thinking at the point of the Ticket … Continue reading Kerberos protocol attacks?
I have Kali inside the internal network, and I’m local admin on another computer (windows 10) on the same network as the Kali.
What other attack options do I have, besides those in the title?
I have a pretty good understanding of HTTP Request Smuggling vulnerabilities but one thing I still need some clarification on is if they are domain/subdomain wide or directory wide?
Here’s what I mean: If HTTP Request Smuggling vulnerabili… Continue reading Is HTTP Request Smuggling domain/subdomain wide or directory wide?
I’m looking to shift my job / skillset over to the cyber security field. I’m currently in the script kiddy stages of my knowledge and wanted to move past this and locate/identify vulnerabilities without having to rely on scripts.
Does anyo… Continue reading Cyber Security skills development advice
What are the common attack vectors for a Microsoft Exchange Server?
My online searches only yield discussion into various APT groups, and technical write-ups of different 0day exploits. There does not seem to be an OWASP top 10 vulnerabili… Continue reading Common attack vectors for Microsoft Exchange Server?
Recently, our data centers have been migrated from Ukraine to central Europe. Instead of shutting down, we intend to dedicate the infrastructure to launching cyber attacks against Russian state services and state-related businesses. In par… Continue reading Legal implications of using corporate infrastruture in cyber attacks against Russia [migrated]
My company is looking to allow Google Chrome to self-update, a necessity as we are finding it difficult to keep up with their release cycle in order to mitigate vulnerabilities.
On the pro side, letting the software auto-update helps us re… Continue reading Does Google Update perform cryptographic checks against releases?
My company is looking to allow Google Chrome to self-update, a necessity as we are finding it difficult to keep up with their release cycle in order to mitigate vulnerabilities.
On the pro side, letting the software auto-update helps us re… Continue reading Does Google Update perform cryptographic checks against releases?
I was doing the MITRE ATT&CK SOC Assessment course and had a question about the right assessment of techniques and sub-techniques.
The sub-technique that we want to assess is "Application or System Exploitation"(ID: T1499.004… Continue reading How do we indicate if a sub-techniques or techniques have a low or high detection confidence via MITRE ATT&CK?
I am using python to create a security testbed program. There is a recorded audio file and in it attacking is happening. I am able to read the audio file and got a result in digital. The audio file is stereotyped and it has two channels le… Continue reading how to detect a threat in a signal processing?