Collaborate Disseminate
What’s the advantage of using OCSP stapling with some OCSP response validity period compared to a TLS certificate with the same short validity period which would have to be renewed at the same interval as the (stapled) OCSP response would … Continue reading Advantage of using OCSP stapling compared to frequently renewed TLS certificates without OCSP
How can I convert the following public key to binary format?
It’s needed for a C program to verify an SSL public key. The file must be 256 bytes. I tried some online code but had no luck there.
—–BEGIN PUBLIC KEY—–
MIIBIjANBgkqhkiG9w… Continue reading How to convert public key to signature binary?
I’m new to msfconsole and want to play around with it. I’ve got a LAN Turtle that is on the same network as my computer with Metasploit. I am using metasploit v6.3.16-dev. The payload is python/meterpreter/reverse_https and I’ve verified t… Continue reading Metasploit won’t establish reverse_https connect, says "Without a database connected that payload UUID tracking will not work!" [closed]
I am not well versed on monitoring devices in my network, but I was running Wireshark as well as Angry IP and noticed this website as a host [https://www.nandedkarproductions.com/]. I see they specialize in NCS and EMG studies [https://www… Continue reading What is this website showing as a host in my network? Some EMG NCS studies website? [closed]
I’m developing an embedded server with limited CPU and RAM to handle HTTPS sessions, and I’m confused by how Chrome and Firefox are handling each TLS session. I am using Mbed TLS and I have tried a variety of cipher suites, including TLS_E… Continue reading TLS v1.2 handshake Chrome vs. Firefox differences
I have a web app that collects user SSN and driver license number. A POST API via HTTPS send the data to the server. Can I use plain text to transfer the data? Is it safe enough? Is it in accordance with the laws in the US?
Continue reading Can I send confidential information in plain text via an HTTPS POST method?
I read this, but it doesn’t say if the public keys of the root and intermediaries are inside.
I’m doing a vulnerability assessment for a whole slew of web servers, and almost every single one of them (hundreds) are misconfigured like the following two examples:
Case 1: one or more hostnames resolve to the server’s IP address (let’s… Continue reading CWE for "Misconfigured server allows insecure https request to IP-addressed URL"?
Let’s say we are the webmaster of example.com, what can we do so our visitior’s ISP know less about the site when the visitors connect to any paths the domain of example.com, like example.com/don-want-the-isp-know/? example.com/ok-to-sha… Continue reading What can a webmaster do to share as little information as possible to the ISP of its visitors? [closed]
Doesn’t it make any difference if the sites we visit are not the standard ports like 80/443? Say we visit https://example.com:554/is-this-visible-to-isp? since domain is known to the ISP, what about the ports and the paths connected to the… Continue reading Does it make any difference for what an ISP might see if we use a non-standard port for HTTP and HTTPS?