Collaborate Disseminate
Can a malicious WiFi router that doesn’t have a login page open a malicious link without my consent to hack my computer by simply connecting to it?
What about one with a login page? Can it open the login page without consent? (I connect to… Continue reading Can a malicious WiFi router open a malicious website without permission?
I’m using Kali on a virtual machine. Do I need to be in monitor mode if I want to run an attack on other wireless network?
I was reading: IP Spoofing with real IP when TCP 3-way handshake has been made
Where the answer says:
First of all, every TCP packet has a sequential identifier, which
starts at a random position. (explained briefly in this discussion) So… Continue reading TCP with IP Spoofing, Is It Really Impossible?
I bought a purchase online several weeks ago from eBay and had received a typical text message with the order updates/shipping details and did not include any links or anything. Today I gained a new contact, completely unrelated, who has t… Continue reading New contact came as an old order details msg and multiple other issues can you help? [closed]
Let’s say a country or ISP is malicious, forces citizens/users to install trusted root certificate on their devices so they can view all HTTPS traffic, but why is this even necessary? why can’t they just redirect all the traffic to a netwo… Continue reading Why a malicious ISP/government would need to install certificate on users’ devices instead of any device in the middle of the data transit route? [duplicate]
Can websites, server-side apps such as those that rely on a constant connection with server e.g. messaging apps, server-side online games such as those that rely on constant server connection for player movement, inventory data etc. tell t… Continue reading Can applications or websites know if their traffic is decrypted and re-encrypted by Fiddler? [duplicate]
While reviewing Root CA certificates in Windows Trusted Root CA Store I came across a stange Root CA certificate with Issuer Desktop-XXXXXXX and Subject Desktop-XXXXXXX, enhanced key usage for server authentication and validity of bit less… Continue reading Strange Root CA certificate in Windows Trusted Root CA Store
I have read RFC 5056, RFC 5929, and RFC 5802.
They say channel binding can prevent MITM attacks in an insecure environment where the client does not or cannot verify the authenticity of the server.
If I understand correctly, the key idea i… Continue reading Why does channel binding prevent MITM attacks?
Inspired by this comment from Can DDNS provider perform a MITM attack?, I was wondering if there is an automated way to check the Certificate Transparency logs for malicious/unexpected certificates.
For example, if I run some ACME client o… Continue reading Comparing ACME client logs against Certificate Transparency logs
I’m using duckdns as my free ddns provider. The domain is in the form domain.duckdns.org.
I believe it would be technically possible for them to copy the files my server hosts, redirect "my" domain to their own server and create … Continue reading Can DDNS provider perform a MITM attack?