Documents released under freedom of information rules show Microsoft’s lawyers admitted to Scottish policing bodies that the company cannot guarantee their sensitive law enforcement data will remain in the UK, despite long-standing public claims to the contrary.
Vous souhaitez apprendre le Markdown ? Ce langage de balisage léger est très utilisé pour les documentations techniques, mais aussi sur GitHub, GitLab, etc.
Guacamole with docker-compose using PostgreSQL, nginx with SSL (self-signed) - boschkundendienst/guacamole-docker-compose
In this article, we'll walk through how to load balance high availability clusters in bare metal environments using Traefik Proxy.
Un guide détaillé sur Crowdsec pour les administrateurs systèmes
Découvrons ensemble comment utiliser le GPG pour sécuriser ses échanges (fichiers, mail, commits) et comment stocker ses clés sur une Yubikey pour plus de sécurité !
Dans ce tutoriel, nous allons effectuer une prise en main complète de Nuclei, un scanner de vulnérabilité web, et nous allons écrire notre premier template.
Related-domain attackers control a sibling domain of their target web application, e.g., as the result of a subdomain takeover. Despite their additional power over traditional web attackers, related-domain attackers received only limited attention from the research community. In this paper we define and quantify for the first time the threats that related-domain attackers pose to web application security. In particular, we first clarify the capabilities that related-domain attackers can acquire through different attack vectors, showing that different instances of the related-domain attacker concept are worth attention. We then study how these capabilities can be abused to compromise web application security by focusing on different angles, including cookies, CSP, CORS, postMessage, and domain relaxation. By building on this framework, we report on a large-scale security measurement on the top 50k domains from the Tranco list that led to the discovery of vulnerabilities in 887 sites, where we quantified the threats posed by related-domain attackers to popular web applications.
Cet article regroupe un ensemble de bonnes pratiques à respecter pour l'écriture des scripts PowerShell : commentaire, indentation, code aéré, alias, etc.
How long does it take to steal your Bitlocker keys? Try 43 seconds, using less than $10 in hardware. Encrypting your hard drive is good security. If you're running Windows, the most popular system is ...
L’origine des failles est souvent involontaire, mais résider dans la conception du logiciel. Voici des conseils pour renforcer votre code.
Les DOM-based XSS sont des failles web particulièrement méconnues. Principes, exploitations, nous détaillons les DOM XSS et les bonnes pratiques sécurité.
FIDO consists of 3 protocols for strong web app authentication: Universal 2nd Factor (U2F), Universal Authentication Framework (UAF), and WebAuthn (FIDO 2)