current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help

Unanswered Questions

38
votes
0answers
920 views

WPA2 ephemeral key derivation

I'm trying to learn how ephemeral keys in WPA2 4-way handshake are derived. Starting from 4 EAPOL packets sniffing, I successfully derived PMK and PTK reading ANonce, SNonce, and knowing ASCII-PSK ...
32
votes
4answers
2k views

What attacks, if any, are possible against Security Support Provider Interface (SSPI)?

I've been looking at SSPI recently, as it is used for authentication in a variety of Microsoft products. From the looks of it, it's based on GSSAPI and provides an abstraction for wrapping various ...
13
votes
0answers
399 views

What unique device fingerprinting information can an iOS8 app collect?

As a follow-on to this question: What unique fingerprinting information can an iOS7 app collect? What remaining device fingerprinting privacy / security vulnerabilities still exist as of iOS 8? Can ...
12
votes
1answer
1k views

MPPE-Send and Receive key derivation from MS-CHAPv2

I am trying to get the MS-MPPE-Send-key and MS-MPPE-Recv-key from the MS-CHAPv2 challenge material. I am able to follow the RFCs 2548 3078 and 3079 to the step of getting the GetNewKeyFromSHA() it is ...
11
votes
0answers
72 views

Preventing a site from appearing in the 'Most Visited' or 'speed dial' section of a web browser

Are there any established ways of preventing a website from appearing as an icon on the 'Most Visited' / 'Speed dial' / start page of a web browser? One example of this is the tab that opens by ...
9
votes
0answers
94 views

What LDAP schema is recommended for PKI?

In my research, I found some RFCs that have not been updated in over a decade, e.g draft-ietf-pkix-ldap-crl-schema-01. I also explored several public directories used in PKI (e.g. x500.bund.de) and ...
8
votes
0answers
118 views

What's eating my entropy?

Below are graphs with the value of /proc/sys/kernel/random/entropy_avail on a Raspberry Pi. As I understand it shows the number of random bits that /dev/random supplies. The pattern always comes to ...
8
votes
0answers
181 views
+100

Which protocols exist for end-to-end encrypted group chat?

I am looking for existing protocols for a group chat with two things: End to end encrypted. Just what you would expect: messages are only decipherable by the chat members and message tampering is ...
8
votes
1answer
156 views

Prevent and/or detect installation of root certificates on Windows?

I noticed that some applications installed root certificates on my computer. Is it possible to prevent this? Or is there a firewall or such that notifies me?
8
votes
1answer
181 views

Using cat to overcome 'Stack smash detected'

I'm trying now buffer overflow exercise from the site pwnable.kr I found the string that should be entered to the gets frunction but got "Stack Smash Detected" then I found a solution in rickgray.me ...
8
votes
0answers
415 views

CERT FOE Fuzzing Framework documentation

So I read another post here about fuzzing local standalone applications. I have understood how to exploit basic buffer overflow vulnerabilities in standalone applications and am now looking on how to ...
7
votes
1answer
126 views

What is the current EU standard for data destruction?

I have been hunting around for a couple of weeks trying to find what the current standards for sensitive data destruction in the EU/UK are. If you look at the destruction companies they have several ...
7
votes
3answers
308 views

How to compile java_atomicreferencearray (CVE-2012-0507) exploit to run calc.exe on system?

I got interested in java exploits and stumbled upon this: https://github.com/redcreen/exploits/tree/master/CVE-2012-0507/redcreen It is source code for Java exploit, so even though my knowledge of ...
7
votes
0answers
473 views

Heap Buffer Overflow - AddressSanitizer output - what is needed to exploit this condition?

This is the AddressSanitizer output, for different input I get READ and WRITE errors. From Heap Buffer Overflow perspective which are more interesting? I want to execute my shellcode. Can somebody ...
7
votes
2answers
269 views

Microservice to Microservice Auth

We're planning a new architecture which will utlize a backend of many different microservices that will need to talk with each other as well as field requests from systems not part of the service. In ...

15 30 50 per page
1 2 3 4 5 141