Newest Questions
70,191 questions
-2
votes
0
answers
29
views
Attacking TVs to show your own image [closed]
How café televisions get hacked? How the original signal is cut off, and how an image or video is displayed on the TV? Is it hard?
0
votes
3
answers
45
views
What are the reasons behind the Delta Skymiles website password restrictions?
The Delta Airlines SkyMiles website has an unusual set of password restrictions:
MUST CONTAIN
Between 8 and 20 characters
At least 1 number
At least 1 uppercase letter
At least 1 lowercase letter
...
- 101
4
votes
1
answer
292
views
What are the security implications of having the same password for BIOS startup, GRUB editing, LUKS2 encryption and the user account?
I am running Linux on my laptop with disk encryption. In addition, I want to protect BIOS settings and startup with a password, and I guess adding a password to GRUB entry editing and command-line won'...
- 43
0
votes
1
answer
47
views
Is that possible to send externel GET request via SVG file
Is it possible for an SVG file to trigger an external GET request simply by being viewed on a mobile device (specifically within an app like WhatsApp or Telegram, rather than a mobile browser)? I know ...
0
votes
1
answer
35
views
Correct Certificate Type for JWKS & Barclays [closed]
Barclays Bank enforce API developers to have a Authority provided Digital Certificate to be presented via a JWKS file - see here and the key section of their help page states;
Client certificates can ...
- 103
0
votes
1
answer
24
views
Msfvenom: Genymotion Command shell session 3 closed
While I tried to demonstrate acessing android device (Genymotion) with msfvenom generated apk, i encounter error Command shell session 3 closed., I used exploit/multi/handler and configure required ...
0
votes
0
answers
20
views
Cracking affine LCG with varying increment? [migrated]
My question is related to this but based on comment of Thomas Pornin.
i have:
$s_i = as_{i-1}+b_i ,mod, m$
where $b_i$ is different 32 bit odd value on every state, so its not constant like $a$ but $a$...
0
votes
0
answers
23
views
Signal recovery to same phone same sim backup [closed]
I took my phone to Hong Kong. I was intending to bring an old phone, but the SIM wouldn't transfer and my tickets were all on my phone. So I just backed it up. I checked the Signal documentation and ...
- 101
0
votes
0
answers
9
views
v2r5 V-230492 RHEL-08-040010 says RHEL 8 must not install packages from EPEL? [migrated]
not present in v2r3, I don't have v2r4, this seems to be a new decision in U_RHEL_8_V2R5_STIG.zip
https://stigaview.com/products/rhel8/v2r5/RHEL-08-040010/
https://www.cyber.mil/stigs/downloads/
Rule ...
- 463
0
votes
0
answers
33
views
What are the correct technical terms for OS-level and application-level management of TLS and cryptographic policy?
When writing technical documentation, I want to accurately describe the different parts of an operating system that manage secure communications, such as TLS protocol versions, cipher suites, and ...
- 101
-1
votes
0
answers
34
views
Burpsuite: This browser or app may not be secure [closed]
I'm using the embedded chromium browser in burpsuite. When I try to log in to my Google account, I get
"This browser or app may not be secure. Try using a different browser. If you’re already ...
0
votes
1
answer
35
views
Rule Id 941390 from OWASP Coreruleset is detecting the malicious request, but it's not blocking it
I'm making a request like this
https://10.34.51.25/dana/home/launch.cgi?url=:/%22-alert(Object.keys(window))-%22.cgi
In the modsec_audit.log I see that it is being detected and there is a warning log....
- 81
0
votes
0
answers
336
views
My website was hacked. How do I understand the damage? [closed]
I have a simple Next.JS website with a login portal for my small organization. We use Azure Entra ID for login purposes. There were spikes on the website hosting virtual machine in CPU Percentage, ...
- 1
-3
votes
0
answers
47
views
How do cybersecurity professionals retain technical skills and tools long-term? [closed]
I’m studying cybersecurity (networking, Linux, common tools, vulnerability/attack–defense techniques) and my memory for commands, workflows, and multi-step methods decays quickly if I don’t use them.
...
- 1
0
votes
1
answer
98
views
What command for hashcat to crack a 12-lowercase + 3-digit password
I've recently started to practice penetration testing on my own home wifi router specifically trying to crack the WiFi password hash. I know the password, it's dailycoconut482
What hashcat command ...
- 1