Collaborate Disseminate
Problem
I am currently working on a web project which makes certain API requests with the user’s data.
I am using the Moodle API (Moodle is a platform for school related stuff) and the WebUntis API (also school related information).
For bo… Continue reading Saving sensitive data unencrypted
I have a client requirement to implement login without password. During sign in an otp will be sent to the user’s email address and the user can use it to login. This will have an expiry.
No password will be used here. Is the implementatio… Continue reading Is passwordless OTP based authentication SOC2 compliant?
As I understand from reading another question here, SRAM may be more dangerous than traditional volatile RAM in terms of storing passwords and other sensitive information.
I know that when a computer is shut down, any data in the RAM (if i… Continue reading Static RAM: Detecting presence and wiping?
How to pipe a characterset on Hydra ,Something like this which can be done on hashcat
(crunch 8 8 123456789| hashcat -m 0 ce5cff0195a6b059a32411b6202ab49)
To properly assess password strength, I have been trying to research what the fastest known password cracking rig is in hashes per second.
HashCat claims that their software is the world’s fastest, and the current version is v6.2.5. I also… Continue reading With password cracking, what is the fastest known password cracking rig in hashes per second?
Since the start of the pandemic, the modern workforce has become increasingly distributed, while employers have not been able to keep up with the changes in the way employees work. As a result, many high-risk activities and human behaviors continue to … Continue reading Employees are often using devices in seriously risky ways
In a recent study, Beyond Identity gathered responses from former employees across the United States, the United Kingdom, and Ireland and found 83% of employees admitted to maintaining continued access to accounts from a previous employer. The cybersec… Continue reading 83% of employees continue accessing old employer’s accounts
I’m using Debian + sddm + KDE with ONLY home directory encrypted with gocryptfs.
Decrypting is performed with gocryptfs as follows:
PC boots as usual and starts the sddm service
I enter my login credentials (which equal to my encryption p… Continue reading Attack on home dir encryption with sddm pam_mount by using password in /etc/shadow
A report from HYPR and Cybersecurity Insiders, reveals that despite the zero trust initiative, many organizations are still highly exposed to credential attacks due to insufficient multi-factor authentication (MFA) methods and overall lack of urgency a… Continue reading Traditional MFA is creating a false sense of security
Recently I came across a website and when clicking on one of hyperlinks it displayed a HTTP 500 error page as shown in the image, which indicated that it is using Java Server Pages and on line 23 the code read as
Connection con = Driverma… Continue reading Backend database username and password revealed in JSP Page