current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help

Unanswered Questions

44
votes
2answers
1k views

WPA2 ephemeral key derivation

I'm trying to learn how ephemeral keys in WPA2 4-way handshake are derived. Starting from 4 EAPOL packets sniffing, I successfully derived PMK and PTK reading ANonce, SNonce, and knowing ASCII-PSK ...
16
votes
0answers
405 views

Are shatter attacks still possible in the days of User Interface Privilege Isolation?

Before Windows introduced User Interface Privilege Isolation, any application could send all kinds of window messages to any window on the same desktop (a shatter attack), allowing elevation of ...
13
votes
1answer
1k views

MPPE-Send and Receive key derivation from MS-CHAPv2

I am trying to get the MS-MPPE-Send-key and MS-MPPE-Recv-key from the MS-CHAPv2 challenge material. I am able to follow the RFCs 2548 3078 and 3079 to the step of getting the GetNewKeyFromSHA() it is ...
11
votes
1answer
374 views

Secure backup encryption with OpenSSL

I know, the general advice is "keep your hands off crypto stuff". And the standard way to encrypt backup data securely would be using GnuPG. However, for a rather academic exercise, I would like to ...
10
votes
1answer
354 views

What technologies does ChromeOS use to secure saved passwords?

I have read that Chrome will use the system's native credential tools to manage saved passwords (e.g. KeyChain on OSX, libsecret on Linux/GNOME etc). Does anyone know what tools are used on ChromeOS?
8
votes
1answer
207 views

How to understand QEBEK (Honeypot Monitoring Tool)?

I've been trying for some time to find recent or meaningful documentation regarding QEBEK, but all I've found is the Intro and KYT Paper for Installation 2010. The links are just a formal introduction,...
8
votes
3answers
313 views

Can an intruder still possibly succeed with pass-the-hash or pass-the-ticket on Windows 10 / Server 2016 networks where Credential Guard is enabled?

In sum: Does Credential Guard make passing-the-hash and passing-the-ticket attacks effectively unavailable on networks of Windows 10 / Windows Server 2016 machines? If not, how do you still acquire ...
7
votes
0answers
170 views

Iframe inheriting parent's Content Security Policy

I have a parent page that has a Content Security Policy on it. The main purpose of CSP is not to prevent XSS, but to prevent network access. This page has to run some user generated/submitted HTML/CSS/...
7
votes
0answers
95 views

Hooking into firefox memory

I am trying to learn how to hook into the browser memory. The Frida tool is a good start to this. My goal is to extract the client random, server random and symmetric session key established at the ...
7
votes
2answers
200 views

How the AWS signature works in depth

I'm trying to understand how the AWS signature 4 works. I read the docs and I found a Python example where a signature is computed. I also ran into this answer which explains HMAC a bit. I'm curious ...
7
votes
1answer
134 views

GnuPG expiration date differs between public and secret key

I exported the secret part of my master key for security reasons. Now I had to extend the expiration date of my key for six months. When typing gpg --list-keys in my console, the following appears ...
7
votes
1answer
563 views

Prevent phishing attacks through abuse of IOS URL scheme

I am building an IOS application that will have the following flow: A user completes registration from the web. Upon completion of registration, a link is sent to his email. Once the link is clicked ...
6
votes
0answers
107 views

What is known about the capabilities of AMD's Secure Processor?

I've found a fair amount of research about what Intel's ME does, including the "Intel x86 considered harmful (Chapter 4 is about ME)" survey paper by Joanna Rutkowska, but I'm having a much harder ...
6
votes
0answers
75 views

Which memory modules are known to be vulnerable to or secure against Rowhammer/Flip Feng Shui?

Many memory modules from different manufacturers have been tested for vulnerability to the Rowhammer exploit. However, some researchers have anonymised their results, possibly for responsible ...
6
votes
0answers
150 views

Is Thunderbolt still insecure?

Has Apple fixed the Thunderbolt DMA attack when the computer is unlocked or is it unfixable since DMA is built into Thunderbolt? I don't want to get hacked simply by plugging my Mac into a modified ...

15 30 50 per page
1 2 3 4 5 188