Extract the schema from a remote LDAP server
How to extract the schema from a remote LDAP server and use it on a OpenLDAP instance.
How to extract the schema from a remote LDAP server and use it on a OpenLDAP instance.
Comparing the different Wifi/WPA authentication and key distribution methods (PSK, EAP, SEA).
computer security web vulnerability webdriver firefox dns-rebinding csrf
Some context and analysis about attacks on in WebDriver implementations.
Lack of X.509 TLS certificate validation in OWASP ZAP (Zed Attack Proxy) could be used for man-in-the-middle attacks.
A DNS rebinding vulnerability I found in ReadyMedia (formerly MiniDLNA) v1.3.0 and below. This is CVE-2022-26505.
Some notes about how TLS v1.3 works. This is a follow-up of the previous episode about TLS v1.2. As before, the goal is to have a high-level overview about how the protocol works, what is the role of the different messages and be able to understand (and debug) a network traffic dump.
computer security web vulnerability webdriver csrf dns-rebinding advisory
Vulnerabilities in found on the WebDriver endpoints of Selenium Server (Grid).
computer security web vulnerability webdriver firefox dns-rebinding advisory
A DNS rebinding vulnerability I found in geckodriver which could be used to execute arbitrary shell commands. This is bug #1652612 and CVE-2021-4138.
Some notes about how TLS v1.2 (Transport Layer Security) works. The goal explain what is going on in a network traffic dump, the role of the different TLS extensions, the impact of the different cipher suites on security, etc. It includes several diagrams and many references.
The Diffie-Hellman (DH) key exchange (and variants thereof) is widely used in many protocols (such as TLS, SSH, IKE (IPSec), Signal, etc.) to bootstrap some symmetric key material which may then be used to secure communication channel between two parties. This introduction focuses on the different ways the DH key exchange is used in practice in several protocols (especially TLS) and the impact of these different approaches on the security. This is intended as a prelude for the upcoming next episodes about how TLS works.
Page 1 of 8 | Previous page | Next page | JSON Feed | Atom Feed