Collaborate Disseminate
I am a beginner in Windows Server management. Currently, i have a VPS which already has a website running in IIS 10. Also have a domain which already point out to the Server’s IP Address for that running website.
I use Gophish for windows … Continue reading How to deploy Gophish in a running IIS Server [migrated]
I’ve read about this but I don’t fully understand how to choose.
I have two options:
Public client
"A native, browser or mobile-device app. Cognito API requests are made from user systems that are not trusted with a client secret.&qu… Continue reading Public client or Confidential client: should I generate a client secret?
Context
I’ve been recently looking at UUIDs (mostly v4) and their uses to maybe start using them in some of my apps. I started asking myself some question about security as one does. Then I fell on the Is it safe to rely on UUIDs for priva… Continue reading Are webservers’s file serving safe against timing attacks?
I can create a server using the operating system using the graphical interface and create a simple backdoor in PHP:
<?php echo exec($cmd);
In another computer, I can run any command in the terminal as the user server. But, how can I hav… Continue reading How to run graphical interface in pentest?
Here is the scenario:
Server A is an authentic server (A.com).
Server F is a fake server (F.com) that also has a valid cert for
F.com has a copy of A.com certificate to it (to fake as A.com).
Client C is trying to connect to A.com via a r… Continue reading Detect invalid cert Android client if URL being redirected to a fake server
We are currently working on setting up new Android handheld devices (RF guns) to read/write to our SQL Server 2019 database and are at a fork in the road in deciding what to do. Both options below would work, but option 1 is a lot faster t… Continue reading Which is safer – using the sql_conn Flutter package or using a web server as a middle layer for requests against a SQL Server database?
Using things like Shodan and Zoomeye we can find tens of thousands of exposed Prometheus endpoints with queries like service:prometheus port:9090 etc..
Now let’s say we know that there are entities on the internet that are serving a specif… Continue reading Identify hosts that are serving specific metric on Shodan
I want to create a website for internal secure chat. I want to be able to give people a user name and log in and then they can log in to a portal at a website; then I can chat to them solely in a chat interface on this website. If they hav… Continue reading How to secure a web-only chat with message persistence and ability to delete a message?
I’m currently working on some modules on hackthebox. In that regard, I recently set up a web service: sudo python3 -m http.server 8080
When I did a wget to my server, it showed up in the log as usual, however I also got some random IP’s do… Continue reading How to prevent attacks on a personal webserver
Does it makes sense to create two separate docker hosts (VMs) for reverse-proxy and web application?
My first idea was to put the web-exposed application in my separated VLAN (DMZ) where only ports 80 and 443 are exposed to the internet th… Continue reading Reverse proxy server in DMZ with separate server for nginx (docker)