Collaborate Disseminate
For three of the past four months, I’ve had to call customer service regarding my credit card, which is issued by a major U.S. bank. I am suspicious that some of these calls were highjacked.
How can I determine whether there’s actually s… Continue reading Are some of my calls to my bank being intercepted?
Let say there is a client want to connect over https to a server. There is me, the attacker, in the middle between the client to the gateway.
The attacker (me) see that the client want to do TLS handshake (client hello) with some server.
N… Continue reading Stolen certificate attack in MITM attack [duplicate]
I have been reading about the IP-MAC binding security feature on routers, and have found a possible technique to bypass it (have yet to test it, currently in the theory phase). Let’s assume the following scenario: a router gateway acting a… Continue reading Possible workaround for IP-MAC binding security feature on routers
My school require me to install a CA to do connect to the school Wi-Fi network. In android, I can install it into Wireless CA list, and based on my understanding, that won’t give the CA owner privileges to perform the MITM attack. But it l… Continue reading How to limit the Wireless CA can only use in wireless connection on Windows?
I have recently successfully demonstrated a simple ARP spoofing attack on my home network. The setup in my home network, described to the best of my abilities is as follows:
Optical network router (fiber optic router): connected directly … Continue reading ARP Spoof: Will it work on public wifi networks as compared to a home network?
I am a beginner in cyber security and they asked me to build a secure architecture for time servers. I have 3 three NTP servers on Ubuntu, each configured with chrony, nptd, NTP (In order to test them and find out which of them is the fast… Continue reading How to Protect NTP Servers from Cyberattacks? [closed]
Security vendor InkBridge Networks calls urgent attention to the discovery of a decades-old design flaw (CVE-2024-3596) in the popular RADIUS protocol.
The post BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS Protocol appeared first on S… Continue reading BlastRADIUS Attack Exposes Critical Flaw in 30-Year-Old RADIUS Protocol
I’m being asked to investigate a possible attack vector that I don’t understand and I don’t want to take action that is useless or even negatively affects users if it isn’t going to address something real.
The current interaction is:
Atta… Continue reading Possibility of eavesdropping on app-server comms after redirect to deep link
There is a general national login ID system used in the Nordics called BankID.
Very often a user will go to a website that employs the BankID login and click "login with QR". Having done so a QR code is displayed on the screen, a… Continue reading BankID and QR codes attacked by man-in-the-middle?
I work at a small-to-medium business. Most of my coworkers were born in the 1960s and do not have a background in computer science. I have a background in computer science, but I specialize in artificial intelligence, as opposed to informa… Continue reading How should I report a Man-in-the-Middle attack in my workplace?