Unanswered Questions
43
votes
1answer
1k views
WPA2 ephemeral key derivation
I'm trying to learn how ephemeral keys in WPA2 4-way handshake are derived.
Starting from 4 EAPOL packets sniffing, I successfully derived PMK and PTK reading ANonce, SNonce, and knowing ASCII-PSK ...
15
votes
1answer
271 views
Principles of cache attacks
There are many scientific publications that deal with cache attacks. Most recently, the CacheBleed attack was published which exploits cache bank conflicts on the Intel Sandy Bridge architecture. Most ...
13
votes
0answers
545 views
Vulnerability in popular Javascript Framework (Angularjs)
I found a bug that allows you to escape the AngularJS template sandbox. Angular is a mustache based template language. It allows you to put expressions that are evaluated in your html. For example, {{...
13
votes
1answer
1k views
MPPE-Send and Receive key derivation from MS-CHAPv2
I am trying to get the MS-MPPE-Send-key and MS-MPPE-Recv-key from the MS-CHAPv2 challenge material. I am able to follow the RFCs 2548 3078 and 3079 to the step of getting the GetNewKeyFromSHA() it is ...
10
votes
0answers
276 views
Are shatter attacks still possible in the days of User Interface Privilege Isolation?
Before Windows introduced User Interface Privilege Isolation, any application could send all kinds of window messages to any window on the same desktop (a shatter attack), allowing elevation of ...
9
votes
1answer
995 views
Heap Buffer Overflow - AddressSanitizer output - what is needed to exploit this condition?
This is the AddressSanitizer output, for different input I get READ and WRITE errors. From Heap Buffer Overflow perspective which are more interesting? I want to execute my shellcode. Can somebody ...
9
votes
2answers
244 views
Mobile API Authentication
I'm trying to design an Android Analytic service where every user's application who register in this service needs to download our SDK. The SDK itself need to communicate with our API server. The ...
8
votes
1answer
296 views
Using cat to overcome 'Stack smash detected'
I'm trying now buffer overflow exercise from the site pwnable.kr
I found the string that should be entered to the gets frunction but got "Stack Smash Detected" then I found a solution in
rickgray.me
...
8
votes
1answer
162 views
How to understand QEBEK (Honeypot Monitoring Tool)?
I've been trying for some time to find recent or meaningful documentation regarding QEBEK, but all I've found is the Intro and KYT Paper for Installation 2010. The links are just a formal introduction,...
7
votes
2answers
473 views
Microservice to Microservice Auth
We're planning a new architecture which will utlize a backend of many different microservices that will need to talk with each other as well as field requests from systems not part of the service. In ...
7
votes
2answers
161 views
How the AWS signature works in depth
I'm trying to understand how the AWS signature 4 works. I read the docs and I found a Python example where a signature is computed.
I also ran into this answer which explains HMAC a bit.
I'm curious ...
7
votes
1answer
111 views
GnuPG expiration date differs between public and secret key
I exported the secret part of my master key for security reasons. Now I had to extend the expiration date of my key for six months.
When typing gpg --list-keys in my console, the following appears
...
7
votes
0answers
249 views
Secure backup encryption with OpenSSL
I know, the general advice is "keep your hands off crypto stuff". And the standard way to encrypt backup data securely would be using GnuPG. However, for a rather academic exercise, I would like to ...
6
votes
1answer
103 views
Why doesn't PCI DSS requirement 4.1 match the SAQ?
In the PCI DSS standard (v3.1), 4.1(i) reads:
For all other environments using SSL and/or early TLS: Review the
documented Risk Mitigation and Migration Plan to verify it includes:
...
6
votes
0answers
233 views
Universal clipboard iOS10 and macOS. How secure?
New iOS10 and macOS Sierra has a feature called universal clipboard. You can copy something (text, image) on one device and paste it on another. How secure is it and does that mean that everything ...
