Collaborate Disseminate
Using things like Shodan and Zoomeye we can find tens of thousands of exposed Prometheus endpoints with queries like service:prometheus port:9090 etc..
Now let’s say we know that there are entities on the internet that are serving a specif… Continue reading Identify hosts that are serving specific metric on Shodan
I want to create a website for internal secure chat. I want to be able to give people a user name and log in and then they can log in to a portal at a website; then I can chat to them solely in a chat interface on this website. If they hav… Continue reading How to secure a web-only chat with message persistence and ability to delete a message?
I’m currently working on some modules on hackthebox. In that regard, I recently set up a web service: sudo python3 -m http.server 8080
When I did a wget to my server, it showed up in the log as usual, however I also got some random IP’s do… Continue reading How to prevent attacks on a personal webserver
Does it makes sense to create two separate docker hosts (VMs) for reverse-proxy and web application?
My first idea was to put the web-exposed application in my separated VLAN (DMZ) where only ports 80 and 443 are exposed to the internet th… Continue reading Reverse proxy server in DMZ with separate server for nginx (docker)
I am using a non-HIPAA-compliant vendor (Vercel) for the hosting of my site. This includes serverless functions on Vercel’s infrastructure that serve HTML/CSS/JS. However, the entire backend/database infrastructure lives in my own AWS acco… Continue reading HIPAA Compliance for Frontend Hosting
Placing the CF proxy in front of a site has many benefits, the most basic being that your host’s IP isn’t exposed directly to whoever is querying DNS for your domain name.
What avenues could be employed to find the host IP? For the sake of… Continue reading What are the security implications of using Cloudflare’s proxy feature
For instance, suppose we have a request that uses the field name in a request’s body or query params, but the client sends the params name and age. Some web server frameworks allow us to strip properties outside a whitelist so this age par… Continue reading What vulnerability query params or body outside a whitelist can allow?
Some creator I support on SubscribeStar hosts their files on a dedicated AWS web storage server of theirs and the names are easily accessible and sometimes guessable without any kind of security or authentication. I got curious to see what… Continue reading Unlisted directory discovery of a web server without using bruteforce attacks
Currently I’m trusting my web hoster to run my code on my behalf without tampering with the execution at some point.
What are some techniques to protect against this?
For instance, preventing the hoster from arbitrarily skipping some instr… Continue reading How can you make sure a remote web server is processing the right data and executing the code you expect? [closed]
Why ChatGPT is not allowing to intercept the traffic in BurpSuite? What type of security they are using to detect it and not allowing it? As soon as I turn ON foxyproxy (intercept still OFF) I get 403 Forbidden response. I want to learn ab… Continue reading How to intercept ChatGPT requests/response in BurpSuite? [closed]