Top new questions this week:
|
|
Way back in 2016, our government’s Commission on Election database was hacked. I am one of those 55 million people whose personal data was leaked and exposed including our fingerprints. We are now at …
|
|
I am initiating and doing a basic penetration testing course and have come across one doubt. For example in this URL: webapp.thm/index.php=?page=1 I get that I am requesting the index.php file …
|
|
I want to log IP addresses visiting my site, for aggregated statistics only and to see if the same IP address has visited twice. But I don’t want to expose them. My Idea is in my database. $…
|
|
I’m using Envoy as the gateway of my micro-service backend. Envoy provides me the JWT mechanism, which means that with the help of a public key, Envoy can validate tokens generated with a private key. …
|
|
My company recently switched to an MDM solution to manage our Apple computers fleet. This is all good and well to maintain up-to-date software, and make handle lost/stolen laptop issues. But I can …
|
|
I want to monitor systemcalls with bpftrace (github.com/iovisor/bpftrace/). For most systemcalls, this works without problems, but I have problems to monitor applications, where the suid bit …
|
|
I would like to open/decrypt an encrypted gpg/pgp file in the main memory without leaving any footprints on the file system including swap,etc. what is the safest option on a gnu/linux debian from …
|
Greatest hits from previous weeks:
|
|
Why is Ctrl+Alt+Del required at login on certain Windows systems (I have not seen it elsewhere, but contradict me if I’m wrong) before the password can be typed in? From a usability point of view, it’…
|
|
If I use the following openssl req -x509 -days 365 -newkey rsa:2048 -keyout private.pem -out public.pem -nodes I get private.pem and public.pem If I use ssh-keygen -t rsa -f rsa I get rsa and …
|
|
There is a new WhatsApp-killer application called Telegram. They said that it’s open source and that it has a more secure encryption. But they store all the messages in their servers and WhatsApp …
|
|
How easily could someone crack my keepass .kdbx file if that person steals the file but never obtains the Master Password? Is this a serious threat, or would a brute force attack require massive …
|
|
I think that it’s fundamental for security testers to gather information about how a web application works and eventually what language it’s written in. I know that URL extensions, HTTP headers, …
|
|
Google Chrome is showing new information in the certificate section. Is this a big deal? If so how can I fix it on the server end? EDIT: Thanks for the answers but I’m not skilled in cryptography so …
|
|
I get confused with the terms in this area. What is SSL, TLS, and HTTPS? What are the differences between them?
|
Can you answer these questions?
|
|
I am experimenting with the volatility2 tool. I have created a memorydump of a windows 7 machine where i had a batch script file on the desktop of the machine. I used the mftparser command as : …
|
|
Today I typed in a URL of a site I know. Unfortunately I missed one letter of the TLD. I typed .co instead of .com. No problem, I’ll quickly retype the URL. Unfortunately, this was not possible. The …
|
|
I am not an infosec professional, but I’m working on a project that requires designing and implementing a permission system for a customer. The system the customer proposes is as follows: Users are …
|
