Collaborate Disseminate
Today, data centers are taking on new shapes and sizes and are existing in all-new locations, from traditional on-site operations to subsea locations with special cooling mechanisms. But one simple fact remains: Securing data centers is vital to any n… Continue reading Stop Treating Your Data Center Like a Block Tower
I’m currently doing research on evasion attacks that seek to bypass a Deep-learning based Network Intrusion Detection System.
In order to achieve this, I need to know what the constraints are for the TCP window size field in the TCP packet… Continue reading What happens if a sender changes the TCP window size over multiple packets that have the same ACK number?
A bot network(?) has been after my website for quite a while now. Here is a breakdown of what they do:
They register several accounts using random characters for building a first and last name which look like this:
HludvkxTGVIwP oBScrLdvJ… Continue reading Website attack: What is the attacker’s goal?
Let’s say the following scenario exists:
A git repository exists on Azure DevOps Repos.
The repository uses yaml pipelines (azure-pipelines.yml).
The repository has branch policies to ensure that changes go through pull requests.
The bui… Continue reading How to prevent azure pipelines (yaml) from being used as an attack vector?
logcheck fished out some suspicious log records for me:
May 11 15:50:50 mailserver dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=1.2.3.4, lip=10.0.0.1, TLS handshaking: SSL_accept() failed: error:1408F… Continue reading Do such network events indicate attack attempts? [closed]
MMOs have been around along time. As a result, there are lots of past attacks on MMOs that we can learn from and apply to a modern MMO.
As a security novice, I was wondering if in today’s climate you were to create a MMO, would it be pos… Continue reading Creating a Secure Modern MMO From the Ground Up [closed]
I’ve written a little utility that, given a web site address, goes and gets some metadata from the site. My ultimate goal here is to use this inside a web site that allows users to enter a site, and then this utility goes and gets some in… Continue reading Possible attack vectors for a web site scraper
New technologies often present interesting challenges for security teams, with cloud services such as AWS, Azure and GCP providing particularly novel cases in comparison to “classic” on-premise systems. As cloud services race to add new fea… Continue reading Auditing Cloud Administrator Behavior as a Matter of Data Breach Preparedness
We all know there are a number of different security devices that need to be continually monitored because they represent attack vectors. That’s why understanding configuration management is critical to security hygiene. As practitioners, we need… Continue reading What Security Leaders Should Consider When Building a Business Case for Integrity Monitoring
I’m using hydra to test my organization’s security since our GitLab is accessible online, I wanted to make sure the security of the login itself before implementing other types of security measure (e.g. hiding the subdomain, or .htaccess o… Continue reading Hydra Brute-force attack on Gitlab doesn’t work!