Collaborate Disseminate
In a layered enterprise security architecture with a Web Application Firewall (WAF) deployed in the DMZ, should there be shared responsibility between the WAF and application layer/ microservices for mitigations the WAF supports, specifica… Continue reading WAF vs. Application Layer for Bot Mitigation
A website from a faraway and foreign country blocked my google account so that even when I try to create other accounts with different emails I am still blocked from doing so on the signup page.
I manage to circumvent this with Tor. Throug… Continue reading What traces a Website can use to block you? [closed]
I know that the TZ variable aka TimeZone can be read by servers, especially with fingerprinting.
What are the exposed variables to browser’s ?
Continue reading Which system variables are exposed from browser JavaScript context?
I know that wget and curl can mitigate fingerprinting (aside from http header and user agent), but will yt-dlp give away more data?
Setup: I clear cache and history in firefox, then visit reddit.com in a private window and browse/read three very specific subreddits while NOT logged in. Then, I close that private window entirely and re-open a new one. When I visit re… Continue reading How does reddit maintain visit history after clearing cache, cookies and de-fingerprinting? [closed]
I am trying to understand how does engines like Shodan is able to fingerprint remote Bacnet devices with the responses as shown in the screenshot below.
I tried using a sample python code using BAC0 library.
import BAC0
bacnet = BAC0.lite… Continue reading Fingerprinting Remote BACnet devices
I played around with the about:config settings in the Tor and Firefox browser and tried to test it on Cover Your Tracks.
The lowest point I got was with 5 bits of identifiable information, with Tor while using the following modifcations:
a… Continue reading How do I get the lowest amount of identifiable information on Cover Your Tracks with a Firefox based browser (Tor)? [closed]
Despite using a VPN, an application natively running on an Android device can get lots of information about its host (like hardware IDs or sim card information) which defeats the whole point of using a VPN with the purpose of anonymizing y… Continue reading What are some ways to prevent an application from getting a device "fingerprint"? [migrated]
Does YouTube and or Google use browser fingerprinting? For instance using JavaScript to test various characteristics of the browser like how the canvas looks the fonts installed webtl data etc to create a unique hash to identify a user wit… Continue reading Google & YouTube Browser Fingerprinting [closed]
Let us assume that we have a public API, for example, company.com/publicEndpoint, that can accept requests from any source. Various websites, like foo.com and bar.com, use JavaScripts that call this endpoint to retrieve a list of strings, … Continue reading Is there any secure way to make sure that a request comes from a browser and via a specific domain (by just using frontend)?