Collaborate Disseminate
I have an PHP API that I want to be consumed only by one static website.
However the HTTP is not secure as from what I suspect any header can be spoofed (IP – I may be wrong here, domain name, and so on), so what are my options to ensure … Continue reading How to limit web API microservice communication to specific list of machines?
I have successfully done a MAC Spoofing Attack on my open (ad-hoc) network using the macchanger tool (OS: Kali linux).
I would like to know what are the common techniques to keep the connection alive (so, the way to keep the… Continue reading MAC Spoofing – Keep victim out
Microsoft is No. 1 again—for all the wrong reasons. The latest “Phishers’ Favorites” report, which highlights brands with the most unique phishing URLs detected by Vade Secure, ranked Microsoft the top impersonated brand in phishing attac… Continue reading Microsoft Again Most Spoofed as Office 365 Phishing Evolves
I’m currently experimenting with mitm relay attacks using Responder.py and MultiRelay.py tool and running into problems. I have the following LAB setup:
Kali Box:
IP: 192.168.1.13
Domain: none
V… Continue reading Problems relaying NTLMv2 with Responder and MultiRelay
When I want my device to connect to a WiFi router and make the router not recognize the device I have to change the MAC and the hostname. Is this right? And what information will also be usually collected by a WiFi router? An… Continue reading What information for identification does a WiFi router get from a connecting device (Android)? What information can be spoofed?
Here’s a 30-second video you can show your friends and family if they freak out after receiving a scam email apparently from themselves… Continue reading Sextortion mail from yourself? It doesn’t mean you’ve been hacked…
I’m trying to map the threat catalog released by the BSI (german information security department) to the STRIDE methodology.
How could replay attacks fit into the model?
In the CIA goals model I think it’s a threat to Inte… Continue reading STRIDE in context of replay attacks
I am talking about the apps that allow using my google account for login. Nothing against Postman, just using its login screen for example –
My concern is that an app could be spoofing this whole screen to steal my credenti… Continue reading What if the Google account login screen is spoofed
I am trying to execute an attack that requires a full-duplex MiTM position. This is the reason why I choose to use Ettercap. I have picked DHCP spoofing as the attack of choice.
The problem that I am facing is that Ettercap executes the … Continue reading How can Ettercap act as a client instead of a gateway?
We received some strange inbound MMS messages on our Twilio account today. Our account was not compromised, as there are no suspicious outbound messages sent from our number via Twilio.
We first received a message from a Go… Continue reading Strange inbound MMS messages