Collaborate Disseminate
I would like to use a TPM for providing tamper-evidence to my workstation, using SRTM (Static Root-of-Trust for Measurement). Currently, I plan to have the TPM seal a one-time value which only I know, similar to Qubes’ Anti-E… Continue reading Security of TPM 1.2 for providing tamper-evidence against firmware modification
We want to protect a game that is basically sold with the computer containing it. The security is done this way:
The HDD is encrypted using hardware TPM 1.2, which holds a unique key to decrypt the OS only in that specific … Continue reading Can we tamper-proof a game that’s sold along with the Windows machine it runs on?
Hello Guys I am looking for a solution that can record the log tamper event and notify(email/sms) what the change made in the log file and it should be limit to specific paragraph instead of listing complete file and highligh… Continue reading Log tampering – edit notifications
Could someone explain something to me please:
I am intercepting requests on my local proxy to a HTTPS server. The POST body has data such as “ID=4001” in plain text when I intercept it. Firstly, is this normal? Is the HTT… Continue reading Question about HTTPS & Client side tampering
Our team is trying to secure a native Android mobile app.
Amongst other things we are using Dexguard for some checks such as tamper, root and emulator detection.
Long story short: some of these checks fail in our debug buil… Continue reading Android tamper resistance: BuildConfig.DEBUG spoofing?
Our team is trying to secure a native Android mobile app.
Amongst other things we are using Dexguard for some checks such as tamper, root and emulator detection.
Long story short: some of these checks fail in our debug buil… Continue reading Android tamper resistance: BuildConfig.DEBUG spoofing?
I’ve just read the release notes of Notepad++ 7.3.3 and I’ve discovered that in the recent Wikileaks revelations about the CIA hacking tools there’s something affecting Notepad++. The program itself is fine, but it relies on … Continue reading How can I check whether Notepad++ is using a version of the SciLexer.dll library that was modified by the CIA?
I am curious about what necessary steps/precautions one should take when dealing with a situation in which you have to use an internet connection provided by a landlord.
I assume you would at least want to replace the router… Continue reading What recommended precautions should one take when using internet provided by a Landlord?
I am trying to solve a challenge from ‘Pentester Academy’ which is related to HTTP-Verb-Tampering. A ‘Linux Tiny Core’ Virtual Machine when started starts to host the challenge on the local IP ‘192.168.1.9’. I bypassed the au… Continue reading NMAP NSE Script ‘http-verb-tamper’ not working as expected
I have android applications (Mobile banking) that connect to my server and do online transactions (via Internet/USSD/SMS), I want to make sure those clients are not tampered with and are the original ones distributed by me.
Keep in mind t… Continue reading Verifying android application integrity from server side