16Haz
Would it be more secure or not if all computers in the network use the same operating system?
If all the computers use the same operating system, attackers only need to focus on one operating system, would it be unsafe?
12Haz
Plausible PayPal phishing… with no evidence credentials were stolen
Yesterday my housemate was almost scammed by someone on the internet, or so I thought. She was selling some goods on a ebay-like website, and someone contacted her to buy her stuff. She then received a false email from “Paypal” telling her…
11Haz
Google Chrome and Certificate Problem
When I try to connect google.com and youtube.com with Chrome, I got the error below;
1.
2.
Your connection is not private
Attackers might be trying to steal your information from www.google.com.tr (for example, passwords, messages, o…
8Haz
Can SIM card be locked to the specific equipment?
I’m curious if SIM card can be “personalized” to operate only in the specified mobile equipment in addition to usual PIN security. So the SIM extracted from “legitimate” phone and placed into arbitrary one won’t reveal it’s data.
I reali…
7Haz
Credentialed scanning through SSH tunnel
If I wish to run Nessus against a Windows server that is only accessible from another machine, I can setup an SSH tunnel like so:
ssh user@10.99.5.6 -L 127.0.0.1:445:10.0.0.45:445 -L 127.0.0.1:139:10.0.0.45:139
Then I would configure Ne…
3Haz
How to make a file detected by anti virus
I know this question is kind of stupid but I am testing a virus database and I would like to know any kind of code in c++ or C#/VB.net that would be detected as virus by an antivirus, without actually having do download an antivirus.
Than…
3Haz
How do 2FA (and other account verification) systems identify true mobile numbers vs VoIP numbers?
I’ve been dabbling with VoIP carriers which offer SMS with relatively mixed results when trying to use VoIP numbers to receive 2FA messages.
My goal was to have a dedicated DID/number which I don’t publish publicly that receives SMS messa…
2Haz
Powershell Empire – Token Impersonation
I have been struggling trying to get token impersonation to work in Empire 2.0.
I use the credentials/mimitokens module to list and elevate to use a specific users token – I see mimikatz’ output saying the token is impersonated, but using…
24May
Which Elliptic curve cryptography (ECC) algorithm to choose with GPG?
I want to generate a key pair with gpg2 2.1.11 and libgcrypt 1.6.5.
I use the command gpg2 –expert –full-key-gen. This allows me to choose an ECC:
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elg…
24May
How trustful are KeePass plugins?
KeePass is great, I love it but after several years using it, sometimes I wish to install a plugin but I don’t because I’m scared of what this plugin can really do without my consent.
The documentation about plugin development is really s…
