All Questions
69,169
questions
1
vote
0
answers
35
views
Trying to send a POST request using curl to a HTB machine
I`m trying to perform a SSRF attack on a Hack The Box machine (editorial.htb). I'm trying to send a POST request using curl with the command
curl --data "hckyou.txt" -X POST http://...
- 11
1
vote
1
answer
26
views
Segmentation fault without rip even getting overwritten Buffer Overflow
I was trying to overflow the return pointer of a simple program. I have asrl disabled and I compiled like this gcc returnexp.c -o returnexp -fno-stack-protector.
(I would disable noexecstack later on ...
2
votes
0
answers
47
views
What's the point of users having to authorize their SSH keys and tokens they created themselves when SAML single sign-on is enabled on GitHub?
In GitHub's Enterprise Cloud docs it says:
To use an SSH key with an organization that uses SAML single sign-on (SSO), you must first authorize the key.
I understand that organization admins could ...
- 121
1
vote
0
answers
43
views
How does "on.quad9.net" know whether a user is using quad9? [closed]
To be able to know if a user is using quad9 by browsing https://on.quad9.net/, I was expecting the same technique as DNS leak test to be used (see How does dnsleaktest.com find my DNS provider).
...
- 111
12
votes
3
answers
3k
views
Does Event Viewer have any sensitive information like password, or such info?
In this desktop management app, they are allowing access to view event viewer of remote windows machine even for guest privileged users of that app. But other features like RDP, command execution, etc ...
- 121
3
votes
1
answer
219
views
OWASP CRS - Is "%00" in request form body is false positive?
We have a HTTP POST endpoint for a web form and when sending a request the request has Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryLOAPHJhA1BQSTatn set.
When the payload contains ...
- 133
3
votes
2
answers
174
views
How can there be incoming connections when using a VPN?
I've the following nftable configuration (/etc/nftables.conf) to enforce a "VPN kill switch". Except for ICMP and IGMP, connections are only allowed through tun0. This works well as a "...
- 31
1
vote
0
answers
32
views
What is the comprehensive list of SSL/TLS protocol vulnerabilities? [closed]
I am aware of the following SSL/TLS protocol vulnerabilities:
BEAST
CRIME
Lucky13
POODLE
Logjam
Sweet32
(I am not including implementation vulnerabilities like Heartbleed).
Are there any others?
- 34.2k
1
vote
0
answers
37
views
Best way to distribute a PSK when all communication is compromised? [closed]
Before you see this as a “duplicate,” this question is similar, but the circumstances of mine are very different. My scenario is purely hypothetical, but could definitely apply to people in real life.
...
- 1,129
2
votes
1
answer
31
views
Cache-control and TLS termination proxies
My website is served with TLS and does not use a (TLS-terminating) CDN. Is it still advisable to use Cache-Control: private for protected pages to account for (e.g. corporate) TLS termination proxies ...
- 123
1
vote
1
answer
62
views
How to limit the Wireless CA can only use in wireless connection on Windows?
My school require me to install a CA to do connect to the school Wi-Fi network. In android, I can install it into Wireless CA list, and based on my understanding, that won't give the CA owner ...
- 11
6
votes
1
answer
2k
views
Does CrowdStrike Falcon get validated by the Windows kernel as being crash-free?
With Linux, eBPF programs are validated as not causing crashes. Apparently that validation has had errors previously because of bugs in the Linux kernel.
How is CrowdStrike Falcon implemented on ...
- 2,955
5
votes
2
answers
4k
views
Can trusted timestamping be faked by altering some bytes within the document?
Consider the following scenario:
I prepare a document with a "Lorem ipsum bla bla" content (Document_A) and get a trusted timestamp for this document (Timestamp_of_document_A).
After some ...
- 169
9
votes
4
answers
4k
views
Passphrase generator using German word list and Python's "secrets.choice()" to select from the list. Are those strong passphrases?
There are a numerous passprase generators out there, but all (I have found) use English words to build the passphrase. I'd rather use German words, so I wrote a generator in Python that selects words ...
- 199
3
votes
1
answer
127
views
why there is a need to use two access tokens in OpenID Connect?
according to https://darutk.medium.com/diagrams-of-all-the-openid-connect-flows-6968e3990660
there are two access tokens, one from Authorization endpoint and one from Token endpoint, which is kind of ...
- 153