Collaborate Disseminate
Let say there is a client want to connect over https to a server. There is me, the attacker, in the middle between the client to the gateway.
The attacker (me) see that the client want to do TLS handshake (client hello) with some server.
N… Continue reading Stolen certificate attack in MITM attack [duplicate]
76% of security leaders recognize the pressing need to move to shorter certificate lifespans to improve security, according to Venafi. However, many feel unprepared to take action, with 77% saying the shift to 90-day certificates will mean more outages… Continue reading Shorter TLS certificate lifespans expected to complicate management efforts
My school require me to install a CA to do connect to the school Wi-Fi network. In android, I can install it into Wireless CA list, and based on my understanding, that won’t give the CA owner privileges to perform the MITM attack. But it l… Continue reading How to limit the Wireless CA can only use in wireless connection on Windows?
I have just started to study the TLS 1.2 protocol and would like to know what checks are performed on the client side by the browser when checking the server certificate. I would be glad if you could describe it in as much detail
Continue reading TLS Server Certificate Validations 1.2 [duplicate]
In this Help Net Security interview, Koma Gandy, VP of Leadership and Business at Skillsoft, addresses the critical aspects of the cybersecurity skills gap, the need for diverse talent and continuous upskilling in areas like AI and cloud computing. Gan… Continue reading Exploring the root causes of the cybersecurity skills gap
I wanted to secure my apps running in a private subnet with SSL. Albeit not necessary, it is very nice to have.
Because of my constant changes, I opted for a wildcard ssl certificate through my DNS provider Cloudflare by providing Nginx Pr… Continue reading How did I obtain a wildcard SSL certificate without port 80 opened for a challenge?
If a company creates a self signed Root CA certificate and then install that in their computers’ store for trusted root certificates, then create a leaf certificate and install that on their internal server, then that certificate will be t… Continue reading What is the technical reason why HTTP/3 is not available when certificate is from private CA? [closed]
my question is about using mTLS for API access control and authentication.
I understand in mTLS, both the server and client (making the API request) will verify each other’s identity. This allows the server to verify if the client certific… Continue reading Using mTLS for API access control and authentication
I noticed that some binaries on my machine were showing up as "Invalid Signature", and looking closer at one of them in particular (Microsoft’s "widgets.exe") I noticed something that seemed odd.
Why does it end up wit… Continue reading A certificate chain processed but terminated in a root certificate which is not trusted by the trust provider
Post-quantum cryptography (PQC) is a hot topic. A recent paper from Tsinghua University raised doubts about lattice-based cryptography for PQC, though an error was found. This has sparked questions about the strength of soon-to-be-standardized PQC algo… Continue reading Preparing for a post-quantum future