All Questions

Disclaimer: I'm a computer programmer, not a security analyst or anything to do with security. I have zero experience in the world of cryptography, so bear with me please. Situation: I was given the ...

I have been struggling trying to get token impersonation to work in Empire 2.0. I use the credentials/mimitokens module to list and elevate to use a specific users token - I see mimikatz' output ...

I've recently been working on a number of A&A tasks for the RMF for a US Government entity, and I'm having a hard time properly understanding the IA-7 control of NIST SP 800-53 and the supplement ...

My email provider still supports old SSL_RSA_WITH_RC4_128_SHA ciphers. What does that mean for me? If I use an updated system (Ubuntu 16.04) and an updated client (Thunderbird 52), shouldn't it use ...

In my lecture on formal methods in IT security as-well as on Wikipedia it is stated that the BLP model is a mandatory access control model. It is not clear to me why this is the case. We have defined ...

We received a large number of error messages from our django application, like this: Invalid HTTP_HOST header: ‘target(any -froot@localhost -be ${run{${substr{0}{1}{$spool_directory}}usr${substr{0}{1}...

When a DDOS attack takes place I believe that packets/data are ignored at the receiver's end, but we don't stop the attacker from flooding the packets/data. How can you handle that? If we say we are ...

There is someone who managed to hack and steal my code source of the website and asking for money in order to tell how did he manage to hack it. - I have checked and tested my website from file upload ...

I am using OpenSSL and aescrypt for encryption and decryption so how key management happens in both OpenSSL,aescrypt and how to save key after encryption? For example I giving a sample code openssl ...

I was scammed and I thought those scammers were really from Microsoft so I let them remotely connected to my computer. I don’t know what they installed on it. After I realized that it was a scam, I ...

What are the high level steps on building a penetration testing team? What are the factors to consider? Thank you!

Scenario: In a company there are Raspberry Pis which are connected to its network environment. A person with bad intentions could swap the SD card and replace it by his own which makes the Pi to a "...

As we know most of the malwares create thousands of domains and subdomains using DBA for setting C&C communications. The domain names are controlled by Internet Corporation for Assigned Names and ...

I've just participated in a boot2root capture the flag event where I got close to solving an item but couldn't quite get it over the line and want to learn what I could have done differently. In the ...

I have installed and configured Actylic DNS proxy to block all TLDs with a wildcard. But before this in the AcrylicHosts.txt file, I listed certain specific work related IPs which users need access ...