Collaborate Disseminate
Stopping attackers and their malicious intent is every security practitioners’ goal. But there are times when we need to grant unfettered access to network resources for day-to-day operations. Better known as whitelisting, I have seen scenarios where a… Continue reading Tales from the Front Lines: Whitelist and Forget, A Cautionary Tale
I have a few outdated and unpatched devices (e.g. Android tablet and network camera) that I’d like to use for “trivial” tasks like watching YouTube, reading PDFs, and being a baby monitor.
Assuming that I am careful to not sign into accou… Continue reading Steps to secure unpatched devices behind home network
I am currently pentesting a webserver running MySQL, managed to obtain its db configuration (w/ login credentials) but the hostname is in a Local Area Network. The server has white listing enabled, so i cannot login remotely.
Is there any… Continue reading Pentesting Webserver Dead End (MySQL White Listing Bypass) [closed]
I’m a well established software company. For more than 30 years, my business has been delivering both hardware and software.
My Windows software is being quarantined by some of my customer’s antivirus.
How I handle it, up to now, is that… Continue reading As a Software Industry Editor, how to avoid my software being quarantined?
The URL with the exercise is: https://portswigger.net/web-security/ssrf/lab-ssrf-with-whitelist-filter
The solution is:
http://localhost:80%2523@stock.weliketoshop.net/admin/delete?username=carlos
A little simplified (no port specified):… Continue reading Why does Portswigger’s solution to the lab "SSRF with whitelist-based input filter" work?
I am not a network expert but; a recent conversation has come up with a client asking to whitelist a range of ip’s (let’s say 250 odd for now) to transfer their data to us for processing.
I should add here that we would provide an IP addr… Continue reading The security of IP whitelisting large ranges
Is the use of SSO sufficient enough to leave an application open for ease of use or should we also implement IP whitelisting on top of SSO?
Continue reading Is SSO enough to protect applications? [closed]
I have defined the following:
whitelist /home/user/.mozilla/firefox/
noblacklist /home/user/.mozilla/firefox/
blacklist /home
However I get:
ls: cannot access ‘/home/user/.mozilla/firefox’: Permission denied
If I try
blacklist /home
w… Continue reading Firejail Blacklist/Whitelist Priorities
I’m attempting to create a domain-based whitelist to allow Google Chrome to be updated.
Where can I discover the current list of domains that Google Chrome uses for its self-update?
The twist is that the Google search engin… Continue reading Which domains does Google Chrome contact for self-updating? [on hold]
We are running a simulated phishing campaign and one of the landing pages has been blacklisted by google. If you try to visit it in chrome you get the big, red warning page “Deceptive site ahead” (works OK in other browsers)…. Continue reading Whitelist Simulated phishing landing page