Collaborate Disseminate
I am trying to follow the OWASP test guide on a Kali Linux machine. As the first step in “Information Gathering” I am trying to fingerprint the server. The guide instructs me to use NetCat:
$ nc www.xxx.yy 80
But after sev… Continue reading How to fingerprint a server with Netcat?
This post covers the information disclosure bugs in Internet Explorer and Edge that we sometimes refer to as ‘fingerprinting’. We review past flaws as well as a currently unpatched one used in the wild before exploring some long term mitigations.Catego… Continue reading Browser-based fingerprinting: implications and mitigations
The last high profile malvertising activity we had seen was on June 7th with a drive-by download incident on Yahoo that used Neutrino EK instead of Angler EK. This was rather unusual and was later confirmed as not just an anomaly, by the switch of expl… Continue reading Malvertising slowing down, but not out
Since the disappearance of Angler EK, exploit kit activity is at one of its lowest it has been in a long time. The focus is therefore on Neutrino EK, which has somewhat picked up the pieces, although at a much lower rate. In this post we look at a chan… Continue reading Neutrino EK: fingerprinting in a Flash
I am performing research on the security of control panel software for shared hosting providers, and I am interested to know if there is a way to identify the version of the control panel software that the server is using, fo… Continue reading Is there a way to guess a shared server’s control panel’s version?
I have searched online about this topic and the only information I got is that TCP SYN/ACK can be used to know the type of the target OS. If that is true, I don’t understand how this occurs? Does TCP handshaking lead to OS fi… Continue reading OS fingerprinting via TCP
I don’t want certain websites to track me, but they don’t work without js. I found a few plugins that all require “reading and changing all data on all websites”, so I needed something else. I was thinking about coding a tiny python browse… Continue reading How well Tor protects against fingerprinting?
I need to find out what Windows and Service Pack system is currently running. All I have is ftp access, it means I cannot run any the software.
Is there a way to determine what version of Windows, Service Pack, and what Language is instal… Continue reading How to find Windows version from the file on a remote system
While trying to watch a Youtube videos using Tor browser, the Tor browser opens an alert window:
This website (www.youtube.com) attempted to extract HTML5 canvas image data, which may be used to uniquely identify your compu… Continue reading Youtube.com trying to extract HTML5 canvas data: is Youtube trying to fingerprint users’ browser?
For privacy and security reasons, it would be strongly recommended to deactivate the Flash plugin in the browser. But I don’t want to deactivate it, I want to fake privacy relevant information. Companies can create a fingerpr… Continue reading Is it possible to feed Firefox Flash plugin with controlled data for privacy reasons?