56,368 questions
-1
votes
0
answers
23
views
Kali linux Faild to fetch mirror [closed]
Im trieng to install "VIEL" but at the end of installing it outputs this
Error: Failed to fetch http://mirror1.sox.rs/kali/kali/pool/main/g/gcc-mingw-w64/gcc-mingw-w64-x86-64_15.2.0-7+28_all....
Best practices
0
votes
0
replies
20
views
How to add a request timestamp not to many forms with Spring Boot with possible override in testing scenarios
We want to ad a request timestamp to some forms in Spring Boot. We need the timestamp in production and testing for various reasons.
public interface TimestampForm {
ZonedDateTime getTimestamp();
...
- 9,302
-2
votes
0
answers
38
views
Efficiently detect bot actions as per TLS JA4 fingerprint [closed]
I've deployed Crowdsec as a Daemonset on our GKE Clusters.
As we maintain an ecommerce website, we are prone to bot crawling or bruteforce.
That's why I'm having Crowdsec parse several logs from my ...
- 7
-3
votes
0
answers
74
views
Wrong response for a log in in a website for an exam [closed]
I'm trying to find the good password of a website (fake facebook) for an exam.
I've used Python and Selenium to make a connection and put the mail and password in the website.My idea is to dynamically ...
0
votes
1
answer
57
views
Volatility3 Analyze Ransomware can not make dump of a process
I encountered a problem where I tried to dump a process using volatility3. But volatility3 couldn't do it. Here's the error:
┌──(kali㉿kali)-[~]
└─$ vol -f ../../../mnt/hgfs/BRIC-20251113-181108.raw -o ...
0
votes
0
answers
18
views
SBOM (CycloneDX) from .dll - why OST doesn't find vulnerabilities?
I have the following problem:
I generate an SBOM CycloneDX (both manually and automatically) from .dll files and then use open-source tools (OST) to search for vulnerabilities.
The relevant CVEs are ...
- 1
Tooling
2
votes
4
replies
96
views
Is there a service or tool for getting notifications for new security releases?
I would like to get notifications for new security releases of all the stuff in my tech stack – not CVE:s, just the latest version that got security fixes. Or, instead of notifications, a script or ...
- 395
Tooling
1
vote
5
replies
164
views
Transferring basic Powershell scripts to a full secure windows program
I reviewed many suggestions posted, but didn't find an exact match. I've created PS scripts where there is one parent script that runs its functions and then calls upon 25 other subscripts in sequence ...
- 3
Advice
1
vote
1
replies
70
views
The difference between Credential Manager and Windows Vault
I'm confused with the difference between Credential Manager and Windows Vault.
Windows says
Credential Manager lets users store credentials relevant to other systems and websites in the secure ...
- 21
0
votes
0
answers
51
views
CredUIPromptForWindowsCredentials with CREDUIWIN_SECURE_PROMPT causes clipped text
I am prompting a user for credentials using the CredUIPromptForWindowsCredentials function using the CREDUIWIN_SECURE_PROMPT flag. As soon as the “Windows Security” dialog is displayed on the secure ...
- 21
0
votes
0
answers
93
views
How to recognize a user even after clearing cache and data?
I'd like to implement a system that allows recognizing a user even after the app's cache and data have been cleared from the system settings, as X (Twitter) appears to do.
However, I can't figure out ...
- 4,618
1
vote
0
answers
54
views
WebDAV using SQL storage opens office document in read-only mode
I am building a proof-of-concept WebDAV server with SQL storage, not physical on disk storage in ASP.NET Framework. This server needs to integrate with an existing ASP.NET Framework application.
I’m ...
- 11
0
votes
0
answers
61
views
Zendesk Nonce not Working for CSP Compliance
I am trying to use a nonce to avoid allowing unsafe-inline/unsafe-eval in my CSP for my site where I am using the new (messenger) version of the Zendesk chat widget.
I followed the steps here -> ...
0
votes
0
answers
58
views
Why does WITH SECURITY_ENFORCED throw "Insufficient permissions" when querying EmailTemplate in Salesforce?
I’m trying to query the EmailTemplate object in Salesforce with WITH SECURITY_ENFORCED to respect CRUD/FLS, but I get an error even though the user has access to Email Templates.
List<EmailTemplate&...
1
vote
0
answers
34
views
Istio egress gateway with External Authorization: cannot enforce policy on HTTPS external sites
**
Question: Is it possible to apply External Authorization on HTTPS
external traffic routed through an egress gateway
**
I am trying to configure Istio so that all outbound traffic from workloads ...
- 23
0
votes
3
answers
118
views
Secure ways to add credentials
I am creating an email service using ASP.NET Core. Here I am adding my email credentials to appsettings.json:
"SmtpSettings": {
"Host": "smtp.office365.com",
"...
2
votes
1
answer
133
views
How can I securely encrypt spatial fields (GeoDjango / PostGIS) in Django?
I’m working on a Django project with GeoDjango models that store user location data (e.g., PointField, LineStringField). Because location data is highly sensitive, I want to ensure it’s secured (?...
- 33
1
vote
1
answer
58
views
Should I add android:networkSecurityConfig="@xml/network_security_config"?
I need your take on this. The target SDKs of my android app are android:minSdkVersion="28" and android:targetSdkVersion="35". Is it okay if I won't create Network Security ...
- 11
0
votes
0
answers
82
views
How to use WSS with Elytron
I'm trying to secure a webservice application (running in Wildfly 36) with WSS (username + password digest). Elytron has to be used for security. My problem is, that there is no information available ...
- 185
0
votes
0
answers
101
views
Load of WASM with CSP enforced
TLDR (Conclusion - decision made)
We reached the conclusion confirming unsafe-eval will be required by WASM itself. It's now part of the CSP since there's no way to really mitigate unless
WASM does ...
- 3,060
1
vote
1
answer
109
views
How do I properly implement the logout behavior from the Blazor Identity template into my existing project?
First of all, this question thread, as of this writing, is the successor of this thread:
How to create and apply a new layout with _Imports.razor's directives then embed this into existing templated ...
- 1,920
0
votes
0
answers
63
views
Can Apache Kafka handle two Certificates in Keystore (Usecase mTLS)?
Can Apache Kafka handle two certificates in it keystore ?
Usecase:
We have mTLS enabled on Kafka and have 2 different Certificate Authorities (CA): One for issuing Server Certificates (...
- 1,394
1
vote
1
answer
91
views
IFrame integration within salesforce
I'm developing an CPQ system and I want to integrate it as an iframe within salesforce or any other CRMs.
There are few problems,
A Session needs to be maintained for authentication and authorization
...
- 55
0
votes
0
answers
75
views
Why does DLL injection with CreateRemoteThread+LoadLibrary fail with exit code 0 in a 64-bit Windows process?
I'm trying to inject a DLL into a 64-bit target process using the CreateRemoteThread + LoadLibraryA technique on Windows 10. Both the injector and the DLL are compiled as 64-bit binaries, and the ...
0
votes
1
answer
89
views
Spring Boot requestMatchers permitAll always return 403
Im not sure with rhe reason why spring is keep returning 403 even I added permitAdd in requestMatchers. Im using custom JWTAuthenticationFilter, but I dont think that is causing the issue.
Tried all ...
