attacks's questions - English 1answer

978 attacks questions.

Where can I find one? Is there a pot of gold at the end? How do I protect against them? From the Area51 proposal This question was IT Security Question of the Week. Read the Sep 09, 2011 blog ...

hello I am new here I am beginner with the world hacker/cracker and I would like experiment with this any day but first i would like what are the consequences legal in USA and the world if any day I ...

The goal here is to prevent identification of the users and their data. Is it a good idea to partition my database into multiple ones, one for each kind of sensitive data, hiding the links between ...

The Basic question is in the title there are more questions bellow but it is in context of the question in the title...hopefully What i have read is that it can eavesdrop the Airgap PC via acoustic ...

I'm supposed to write a script that will get the plaintext of a message which is firstly coded in base64, then URL coded (encoded ciphertext in AES-256-CBC). Padding is used as well such that the ...

Are SSL encrypted requests vulnerable to Replay Attacks? If so, what are good options to prevent this?

Recently, I started exploring threats to Virtual machines in general. The first question that popped into my head was whether a host machine can dump its entire memory onto a file, and inspect the ...

I have read about many approaches to launch and detect sinkhole attacks in wireless (sensor) networks. Yet I couldn't find any (good) articles to read about the prevention/avoidance of sinkhole ...

I just installed Linux (Ubuntu) for the first time and downloaded package OpenSSL as well. Opened command line as well and tried some commands but none of them worked. So what I have is initial ...

Say you have the secret message encrypted with AES-256 in CBC mode 5a04ec902686fb05a6b7a338b6e07760 14c4e6965fc2ed2cd358754494aceffa where the first 16 Byte is the initial vector, the second 16 Byte ...

If for example I have Magento-eCommerce and WordPress installed on the same server. Both have a database each with a different database username/password and both have different login details to the ...

Our application has been checked by PEN Test tool, and there are description of issue: An attacker can redirect the application using the host header on the below mentioned URL to redirect them ...

Since a couple of days ago my Debian server started to get login attempts (see log file below). /var/log/auth.log goes only three days back, although the server has been running for much longer. I ...

I used Truecaller for searching for a number but after around 20 to 25 searches they started asking me to prove that I am not a robot. Is this for protecting their website from a DDoS attacks or is it ...

I was told that an adversary can figure out system uptime by looking at TCP timestamps. But I'm not sure who exactly can see this information. For example, if I set up a hardware Tor gateway so that ...

I'm trying to exploit a strcpy() buffer overflow vulnerability to test ROP attack. I found a very useful gadget at address 0x0000f26c so I am obliged to insert null bytes to the stack to override the ...

How can I change a Veracrypt (master) password efficiently and securely? Based on the answers here, it is not safe to use system --> change password due to various reasons. I cannot simply image ...

I'm doing basic exploitation test on a simple program with fiew lines of code. I intend to exploit a buffer overflow vulnerability to perform a ROP attack. To gather the available gadgets I use ...

All attacks on RSA seem to require knowledge of at least the ciphertext and the public key. However, has there ever been any evidence of an attack which simply uses a sufficiently large number of ...

I understand that SSL/TLS is built on top of TCP. That is after a TCP connection is established, an SSL handshake can be started, when it is completed, all communication will be encrypted and ...

Following from: here, Let's say you have a server at a data centre, but a hacker manages to find a way in and has access to your server. What are the attack possibilities regarding Baseboard ...

So, I am trying to understand log neutralization and it seems there isn't much documentation or any live/video examples out there to help me understand this. I found a great GitHub repo that has many ...

I think my smartphone is being hacked into + controlled by a third party, possibly my internet connection as well. Some very odd things have been ongoing for many months. On my phone I hear constant ...

I recently came across some password code that hashed the password and then compared it with the saved hash in the naive way: one character at a time, short-circuiting as soon as a non-match was found....

There was some specific cyber security challenge (Cyber Cube 2018, GE). In one of the tasks, objective was to gain the access to some specific file that server included. After successfully solving ...

I've been thinking about this for a while; I know people are aware of wireless wiretapping of keyboards. However, has there been research on how to wiretap keyboards based on typing patterns? I'm ...

A few weeks ago now I received an email that someone (not me) had made some in-game purchases on an iTunes account. I logged into my iTunes account and saw the transactions and that my account was ...

Recently I discovered that passing the creds of local admin and domain admin to a remote windows 7 machine yields the same result: I gain access to that machine as NT Authority\System. The only way I ...

I am wondering if it is possible to paralyze a network by sending out a bunch of fake ARP response packets. Some basis: I recently read a moderately detailed description of how ARP and ARP poisoning ...

One of my friends, she has a lot of friends on Facebook, and uses it for marketing. Her account keeps getting broken into. Her password gets reset and/or gets locked for changing resetting password ...

Google search result of my wordpress site is different than original content. We have taken services of security expert and they have scanned the site and database but there is no modification in code ...

Is it safe to create a Veracrypt partition (on a USB) such that it takes up the whole device (ie. not a "file", but using the USB as the storage container) it contains only a standard volume (no ...

This is a vulnerable piece of code: $(document).ready(function(){ var payload = unescape(document.location.hash.substr(1)); $(payload); document.body.innerText = "The payload is: " + ...

In the Computer and network security incident taxonomy what are the differences between "Incident", "Attack" and "event"? Where does "threat" fit with them?

What could be the Relationship between threat analysis and attack modeling. Both are pretty close, have different perspectives but I need to know the relationships or in other words, how can they ...

What are the relation (difference and similarities) between Replay attack, reflection attack and relay attack? All of them together seems a mess to understand! Are they not MITM?

I know it won't work on every server because some don't allow SSLv3 but I tried many servers and my attack doesn't seem to work. For now, I attempt to downgrade to TLS 1.0 (also recognized by the ...

Diffie–Hellman key exchange protocol vulnerable to man in the middle attack? If yes, then what type of MITM is that? I believe that is a replay attack or a relay attack, not sure though.

I'm learning about securing IoT devices and starting to learn how to develop my own software for them. I wanted to know which are the most common vulnerabilities that any scriptkiddie could exploit ...

I always find in many papers discussing different kind of system security subject that the authors always trying to highlight the danger of some vulnerabilities by assuming an attacker, by exploiting ...

How often do websites (and their databases) get hacked? Hacked as in user accounts stolen, tables flushed, and all in all, damage done to the database. I'm talking about e-commerce websites, and ...

During the last week, our company website has been under a weird brute-force, this attack actually led to hacking an admin account. Our website is a wordpress site. The attacker keeps performing POST ...

I just started to learn about MITM attacks, and I can't figure out few things. I have few questions and appreciate all the answers. If the attacker is already in my LAN why does he need to trp to arp ...

I have a JBL Go bluetooth speaker paired with a Dell laptop running Ubuntu 17.10. I suspect malicious intermittent activity on that speaker, but I am not sure and I am looking for proof or evidence ...

I am performing a WPA/WPA2-PSK Attack using Aircrack-ng. The Wordlist i am using is 100 GB but i have to Shutdown my PC after a certain time so how am i supposed to continue the Attack where i left ...

During a recent visit to a coffee shop, I noticed that they hadn't bothered changing their default user name and password for their router. I realise that someone could log on and be annoying to ...

Imagine that an attacker knows: A correct ciphertext. The algorithm: AES-256-CBC. The implementation: openssl CLI. The IV. The HMAC-SHA-256 of the ciphertext. But does not know the key (let's assume ...

When talking about password security, a lot of discussion centers on the risk of a password being guessed in a brute-force attack. For websites where a user has registered an account, what are the ...

Theoretically, the answer could be yes since you increase the attack surface. However, I was wondering if in practice it really makes a difference. I am mostly worried about exploits for web facing ...

We are new to Information security and we have a question that we can not figure out how to solve. We can assume that: The malware is deployed on an infected laptop that is connected to a network, ...

Related tags

Hot questions

Language

Popular Tags