All Questions
-3
votes
0answers
7 views
How to test HIDS(OSSEC, Sagan, KasHIDS, EsetHIDS) system? [on hold]
how to test HIDS(OSSEC, Sagan, KasHIDS, EsetHIDS) system?
Any body can help me?
0
votes
0answers
20 views
How to craft Invalid packet to test for TLS Poodle vulnerability?
I need to test if a server is vulnerable to TLS Poodle.
To do this I need to send an invalid packet to the server and check if it closes the connection.
But I am not sure how I create that packet ...
-2
votes
0answers
25 views
Is this XOR OTP cipher crackable?
Consider a substitution cipher where the key length (which is randomly generated) is n bits and that accepts plaintext of n bit size exactly.
Substitution takes place in a order where every plaintext ...
0
votes
1answer
10 views
OpenSSL certificate revocation check in client program using OCSP stapling 2
Pretty much this is request for additional information for the question: http://stackoverflow.com/questions/9607516/openssl-certificate-revocation-check-in-client-program-using-ocsp-stapling
I want ...
-3
votes
0answers
13 views
SQLMAP: can't dump password hash
I am trying to exploit an sql vulnerability using sqlmap.
I can retrieve other columns but the password column fails. Any way around this?
0
votes
0answers
13 views
Disadvantages of self signed and cross signed certificates?
Can anyone explain what are the disadvantages or loopholes in self signed and cross signed certificates?
0
votes
1answer
20 views
How is last line of defense for physical security “people”
According to CISSP
The last line of defense in a layered security architecture is the
remaining workforce of the company, excluding the security guards.
I've also read "people" are the last ...
1
vote
1answer
11 views
Security implications of revealing internal IP addresses
What are the security implications of a web app firewall/load balancer revealing internal IPs of the web sites behind it to the outside world?
I get that learning the internal IPs would be part of ...
0
votes
0answers
8 views
Azure Networking VPN
Company is exploring the option of connecting Azure VNET to the on premise network using either Site-to-Site or ExpressRoute. There are concerns regarding potential vulnerability of internal resources ...
1
vote
1answer
7 views
SHA 1 no impact to root certificate
I ran a scan on a server and the results of the authentication for digital certificate was as follows :
Certificate 1 (root) signature algorithm: Sha256withRSA
Certificate 2 (chain of trust) ...
0
votes
0answers
5 views
Connection refused when trying to SSH. But port 22 is not blocked. Pings work [migrated]
Connection refused when trying to SSH. But port 22 is not blocked. Pings work.
I'm running CentOS 7 VMs and open source Docker. I want to SSH to Docker containers from other VMs or other Docker ...
0
votes
0answers
21 views
How to analyze netstat for suspicious connections? [on hold]
Somebody accessed my Microsoft account this morning and the IP that did it came from Thailand. A couple of days prior the incident, I noticed that my Command Prompt opened and closed immediately many ...
0
votes
0answers
7 views
AES 128 CBC in Python, cannot generate same cipher text by decrypting and encrypting again [migrated]
I am reading binary data from a .db file. It consists of a master-key, IV and some values.
The first encrypted value is (say enc_val) with hex of 0abd4e92a8986ee1ae234e51f0783c79
After decrypting ...
2
votes
1answer
22 views
Exploiting an XSS vulnerability
This question is related to a class project involving a team of 2 students against another team of two students. We both have servers with a default plugin that we have a week to patch vulnerabilities ...
3
votes
3answers
33 views
Can a TCP connection be terminated by an attacker if SSL/TLS has been used to protect data in the TCP segment?
I understand that SSL/TLS is built on top of TCP. That is after a TCP connection is established, an SSL handshake can be started. When it is completed, all communication will be encrypted and ...
