Tools that check TLS client side
There are so many tools such as testssl, sslyze to test the TLS configurations on webservers. I wanted to know, why aren’t there any tool that checks the TLS client side? What makes it difficult?
There are so many tools such as testssl, sslyze to test the TLS configurations on webservers. I wanted to know, why aren’t there any tool that checks the TLS client side? What makes it difficult?
I installed kali linux, that comes with John the ripper. I have a password-protected zip file. I’m pretty sure the password is complex. I first convert the zip into a hash:
sudo zip2john FILE_LOCATION > zippedzip.txt
It took around 20 …
I have my own CA(CA) and 2 intermediate(ICA1 & ICA2) CA’s(generated using the root CA).
Using ICA1, generated a server cert(for server S1) and 2 user cert(for user U1 & U2).
Now, user certs is distributed to the user-U1 & U2(in…
I run this command python sqlmap.py -u https://acme.com/post.php –data "id=1" –tamper="between,randomcase,space2comment" -v 3 –random-agent –dbs but SQLMap only returns information_schema database.
Is there somethin…
Im trying the phoenix vm, challenge stack-five on exploit.education (http://exploit.education/phoenix/stack-five/).
I run onto a problem while exploiting a stack overflow. The challenge is run execve(‘/bin/sh’) through shellcode. I grabbed…
I am testing some exploits over WAN with a port-forwarded server and am attempting to use a specific exploit module with the payload being a windows/meterpreter/reverse_tcp shell. This is all executed within the metasploit console and not …
As discussed in this answer, gpg does not offer the capacity for subkeys to certify (eg. "sign") other keys, though there may be good reason why it should, and they do sign at least one key. As a practical matter, for those of u…
I’m working on some software that can be self-hosted, and it includes a component that can be downloaded and installed on end user machines (Windows only). The download comes from the self-hosted server, not from a central location, and th…
This blog post outlines the work that Microsoft is doing to eliminate uninitialized kernel pool memory vulnerabilities from Windows and why we’re on this path.
For a background on why uninitialized memory matters and what options have been used in the …