If a drive was previously encrypted with BitLocker, but decrypted before it could be imaged, would previously deleted files be recoverable? In other words, as part of the decryption process, does BitLocker read the data in free-space (including deleted files) and decrypt/re-write to disk that data? My intuition says no and that any deleted files would either be still encrypted on disk OR be overwritten by the encrypted files being written back to disk as part of the decryption process.
for my class I am working with 2 VMs within the same virtual lab. I have pinged them from one another and there is no packet loss or errors. However, when I attempt to "Create the forensic evidence file image by running:
sudo dd bs=16M if=/dev/xvda|bzip2 -c|nc 172.21.27.145 19000
Where the IP address is the first value when running:
I am getting the following error:
ncat: connection refused
Prior to running the initial command, I have set up a ncat listener on the other VM using:
sudo nc -l 19000|bzip2 -d|dd bs=16M of=/dev/xvdb
I have tried changing the IP address from the inet in the eth0 line to the broadcast address, tried over multiple browsers, and physical locations with different networks. What can I do to fix this issue?
Thank you in advance.
It seems that while national security and cybersecurity are both very popular topics, the discussion of the intersection between the two per se rarely get discussed. I don't mean to imply that neither national security nor cybersecurity don't talk about one another, but writing about each doesn't seem to address the others concerns directly.
For example, India and China had a dust-up in the Galway Valley, and then India banned several Chinese apps. Does that make sense as a national security issue alone, or would the ban have happened without the Galwan Valley incident? Did the later reveals that there were many weaknesses in Indian TikTok clones have anything to do with Chinese hacking, or was it just bad luck for the Indian apps?
Any recommendations are appreciated.
I keep seeing an event showing a system account (ends with a $) successfully logging into the 'administrator' account via interactive login via the loopback. I don't think it is an active event as there are no additional indicators otherwise, but I am having problems identifying what is causing this to begin with. Has anyone here seen this before?
New to this sub, let me know if there's a better place to post this.
User signs up with username and password
Password is hashed and salted with php's password functions and stored in a database
When user logs in, I use php's password_verify to check if what they typed in matches the database
If they check the remember password box:
Create a randomly generated token
Hash and salt the token and store it in the database in that user's row
Also store their IP address and the time at which the token was created
Store the unencrypted token in cookies
When they log in, if a token is stored in cookies:
Use password_verify to check the token matches the database
Check if their IP matches the database
Checks if the current date and time is within 14 days of the token creation date
Is this a good system or is it flawed? I'm somewhat new to this. I'm trying to make a website in PHP that has a login system. I want to make sure they stay logged in for 14 days.
Thank you very much for the help
I'm looking for a reputable US-based zeroday broker. Does anyone have any suggestions or good experiences? Is ZDI worth it for high value exploits if you'd rather not wait 7 months for pwn2own? Also feel free to PM me if you don't want to discuss this openly, just interested in what everyone has to say.
Note: Zerodium excluded. In my experience, they've been quite shady.
in this generally good and informative thread from 5 years ago it is claimed that:
BUT – if there's a 'download' link which is disabled until after you pay, and you edit it to make it 'enabled', that download link is giving you access to a different file. If you access it, you're breaking the law.
I dont know if this is true. I'm not a lawyer.
My objection is that, if a company provided a generic download link like
site.com/download/enabled to a paying customer, and that link was shared with a third party, how could it be possible to charge the third party with computer acts when they literally visited a publicly website link?
And in general, are there publicly accessible urls that would be strictly illegal to even access?
Lastly does all of the above also apply to post/ etc reqeusts and payload hacking? If the website i visit sends down req A to itself, and i modify the request, to say change the query from "foo" to "bar", is this strictly speaking a computer acts violation?
are we saying that the "edit and resend" button in dev console is basically a loaded gun?
I really dont know what the difference is legally between changing "foo" to "bar", vs "foo" to "\INJECTION". If they are relying on js to escape the string they havent posted yet, are they somehow "legally" protected? can I trollishly honeypot myself and sue people frivously?
Is this still a debate or these questions been fully settled?
Thanks to any lawyers who can weigh in
do i just submit vulnerabilities/exploits i find through ZDI ? does it have to be in a certain site ?
I've never understood why passwords are not hashed on the client-side for various authentication protocols that I've researched like SSH and various web authentication. From my understanding, it loosely works like this:
Client establishes an encrypted connection with the server (hopefully)
Client sends the username and plaintext password within the encrypted channel
Server hashes the plaintext password and checks it against the hash in the database
To me this seems like it's relying entirely on the encrypted connection to secure the password in transit. With MITM attacks and state actors recording traffic + researching QC that is supposed to break these types of encryption, that seems worrisome. Knowing user behavior, an intercepted plaintext password can likely be used on many sites. It can also help determine the user's password scheme (hunter1, hunter2, hunter3, etc) so that when they increment their password you can still get in. Why does auth not work like this instead:
Client establishes an encrypted connection with the server (hopefully)
Client and Server agree upon a type of hash and possible a salt scheme, similarly to how they can agree upon various types of encryption in SSH
Client sends the username and hashed password (Hash1) within the encrypted channel
Server hashes Hash1 again however they like into Hash2, and then compares Hash2 with the hashes in their database
This prevents intercepted passwords from being used elsewhere and rehashing on the server side prevents a hash stolen from the database from being used in a PTH attack.
Why is authentication built the way it is? To be very clear, I'm not suggesting ditching any existing security measures like SSL or server side hashing, just adding this additional one
What if for example it was bruteforced, would this be a risk of leaking customer information or is ldap generally a safe port to use if it has credentials etc