attacks's questions - English 1answer

986 attacks questions.

I am trying to understand DNS flood and DNS amplifier attack. I have read the definition and am still confused, could you give me an example of each attack or tell me the differences between them? It ...

The goal here is to prevent identification of the users and their data. Is it a good idea to partition my database into multiple ones, one for each kind of sensitive data, hiding the links between ...

I lived with another person while I was attending school online. I was using his WiFi for phone and computer. When I left, all my passwords were changed, my settings, everything that could possibly be ...

In most of the cyber attacks such as a DDoS attack or other kinds, it is sometimes hard/impossible to identify the real source IP addresses. This is because when you review the logs and lookup those ...

I have the following open redirect vulnerability: <?php $redirectUrl = $_GET['url']; header("Location: $redirectUrl"); ?> This exploit sends user from your page to evil page: example.com/?url=...

Usually a preferred DNS server will be set in router's configuration and it will be either the organization's server or some trusted public server. So how would attacker get the victim to use his DNS ...

I have read about many approaches to launch and detect sinkhole attacks in wireless (sensor) networks. Yet I couldn't find any (good) articles to read about the prevention/avoidance of sinkhole ...

I have Spring Boot API app on the server side and VueJS app on the client side. Upon successful login, the server side sends JSON response that includes accountType with value either VIEW_GOLD or ...

An IDS can accept a packet that an end-system rejects. An IDS that does this makes the mistake of believing that the end-system has accepted and processed the packet when it actually hasn't. An ...

How can an ISP with low bandwidth like 50 Gbps handle a DDOS attack with more than this? I know there is a solution called "Black Hole". Is this enough to mitigate DDOS attacks or are there any other ...

I'm trying to exploit a strcpy() buffer overflow vulnerability to test ROP attack. I found a very useful gadget at address 0x0000f26c so I am obliged to insert null bytes to the stack to override the ...

How can I change a Veracrypt (master) password efficiently and securely? Based on the answers here, it is not safe to use system --> change password due to various reasons. I cannot simply image ...

When talking about password security, a lot of discussion centers on the risk of a password being guessed in a brute-force attack. For websites where a user has registered an account, what are the ...

With attacks like Mirai and similar "script kiddie" threats giving access to so many IoT devices, how do they manage to stay online? Suppose I have a device online which can be accessed (as root) ...

I would like to know the difference between WAF and IPS/IDS? Can IPS/IDS handle an attack on a web application? If there are differences functionally between the two applications, how they work ...

On my CentOS machine, all my ports are filtered with the Iptables rule: DROP all -- * * 0.0.0.0/0 0.0.0.0/0 So from the Internet, every port timeouts. The only way to ...

I'm worried about camfecting (webcam hacking). The camera light on my mac (running OSX) is not on, but it isn't hard wired so that doesn't say a lot. I've ran a virus scan but no signs. Now my idea ...

Microsoft has stopped offering the Windows images for download. It is now only possible to get the image if one has a key of a retail version of the corresponding OS. The question is now, whether the ...

What are the security risks of scanning a QR code from an untrusted source? If the QR code was constructed by an attacker, what can the attacker do to me? Do widely used QR scanners have any known ...

Since a couple of days ago my Debian server started to get login attempts (see log file below). /var/log/auth.log goes only three days back, although the server has been running for much longer. I ...

Many popular VPN services (that provide encrypted tunnels between the users' devices and distant VPN servers) authenticate users using a pair of email address and password. What attacks would the ...

I've been trying to make use of the current wifi audition techniques in regards of Router Password retrieval. GEAR: I've been through car boot sales and acquired some of the current routers on the ...

Where can I find one? Is there a pot of gold at the end? How do I protect against them? From the Area51 proposal This question was IT Security Question of the Week. Read the Sep 09, 2011 blog ...

The Basic question is in the title there are more questions bellow but it is in context of the question in the title...hopefully What i have read is that it can eavesdrop the Airgap PC via acoustic ...

I'm supposed to write a script that will get the plaintext of a message which is firstly coded in base64, then URL coded (encoded ciphertext in AES-256-CBC). Padding is used as well such that the ...

Are SSL encrypted requests vulnerable to Replay Attacks? If so, what are good options to prevent this?

Recently, I started exploring threats to Virtual machines in general. The first question that popped into my head was whether a host machine can dump its entire memory onto a file, and inspect the ...

Say you have the secret message encrypted with AES-256 in CBC mode 5a04ec902686fb05a6b7a338b6e07760 14c4e6965fc2ed2cd358754494aceffa where the first 16 Byte is the initial vector, the second 16 Byte ...

If for example I have Magento-eCommerce and WordPress installed on the same server. Both have a database each with a different database username/password and both have different login details to the ...

Our application has been checked by PEN Test tool, and there are description of issue: An attacker can redirect the application using the host header on the below mentioned URL to redirect them ...

I used Truecaller for searching for a number but after around 20 to 25 searches they started asking me to prove that I am not a robot. Is this for protecting their website from a DDoS attacks or is it ...

I was told that an adversary can figure out system uptime by looking at TCP timestamps. But I'm not sure who exactly can see this information. For example, if I set up a hardware Tor gateway so that ...

I'm doing basic exploitation test on a simple program with fiew lines of code. I intend to exploit a buffer overflow vulnerability to perform a ROP attack. To gather the available gadgets I use ...

All attacks on RSA seem to require knowledge of at least the ciphertext and the public key. However, has there ever been any evidence of an attack which simply uses a sufficiently large number of ...

I understand that SSL/TLS is built on top of TCP. That is after a TCP connection is established, an SSL handshake can be started, when it is completed, all communication will be encrypted and ...

Following from: here, Let's say you have a server at a data centre, but a hacker manages to find a way in and has access to your server. What are the attack possibilities regarding Baseboard ...

So, I am trying to understand log neutralization and it seems there isn't much documentation or any live/video examples out there to help me understand this. I found a great GitHub repo that has many ...

I think my smartphone is being hacked into + controlled by a third party, possibly my internet connection as well. Some very odd things have been ongoing for many months. On my phone I hear constant ...

I recently came across some password code that hashed the password and then compared it with the saved hash in the naive way: one character at a time, short-circuiting as soon as a non-match was found....

There was some specific cyber security challenge (Cyber Cube 2018, GE). In one of the tasks, objective was to gain the access to some specific file that server included. After successfully solving ...

I've been thinking about this for a while; I know people are aware of wireless wiretapping of keyboards. However, has there been research on how to wiretap keyboards based on typing patterns? I'm ...

A few weeks ago now I received an email that someone (not me) had made some in-game purchases on an iTunes account. I logged into my iTunes account and saw the transactions and that my account was ...

Recently I discovered that passing the creds of local admin and domain admin to a remote windows 7 machine yields the same result: I gain access to that machine as NT Authority\System. The only way I ...

I am wondering if it is possible to paralyze a network by sending out a bunch of fake ARP response packets. Some basis: I recently read a moderately detailed description of how ARP and ARP poisoning ...

One of my friends, she has a lot of friends on Facebook, and uses it for marketing. Her account keeps getting broken into. Her password gets reset and/or gets locked for changing resetting password ...

Google search result of my wordpress site is different than original content. We have taken services of security expert and they have scanned the site and database but there is no modification in code ...

Is it safe to create a Veracrypt partition (on a USB) such that it takes up the whole device (ie. not a "file", but using the USB as the storage container) it contains only a standard volume (no ...

This is a vulnerable piece of code: $(document).ready(function(){ var payload = unescape(document.location.hash.substr(1)); $(payload); document.body.innerText = "The payload is: " + ...

In the Computer and network security incident taxonomy what are the differences between "Incident", "Attack" and "event"? Where does "threat" fit with them?

What could be the Relationship between threat analysis and attack modeling. Both are pretty close, have different perspectives but I need to know the relationships or in other words, how can they ...

Related tags

Hot questions

Language

Popular Tags