An attacker successfully infiltrates the LAN and infects a device that acts as a future bridge. Once inside, the infected device can communicate with a malicious source outside of the local area network. We assume that only one device is infected and that the malware is located anywhere in the computer but it’s unable to migrate to other devices in the same LAN. I’d imagine that the tools available today are much more sophisticated and can probably spread across devices by itself, in this case you can provide an answer with this alternative scenario described.
The scenario should be realistically simulated which means that there are some security measures put in place, like there are in most homes today. In this case, the scenario described that the attacker was already inside and had successfully infected a device, which means that the security measures were penetrated.
The infected device is turned off and the power input is active. Can the infected device still function as an access-point from the outside of the LAN?
If so, what measures are needed to completely cut off the malicious communication?
I used TWITTER MEDIA DOWNLOADER on chrome and MS edge for quite a while.
Its a extension that enables to download all media on a specific twitter account.
Enables download with button in the targeted account web page.
Since it says on the dashboard that it collects NEARLY EVERY DATA THAT CAN BE PRODUCED ON A WEBSITE,
I am quite concerned, however i have used it for a long time and i would like to check if this extension really does collect KEYLOGS, MOUSE CLICK RATES and so on….and of course.. any threats that it can have..!
I used CRX VIEWER to view the source .
(Please use to view full code)
But i dont really know much about .js and all other coding words..
Creator name: furyutei
Has github page https://github.com/furyutei/twMediaDownloader
Bitcoin has always been against that type of centralization, but if one of these entities decided they wanted to gain centralized control, could they do that by taking the action of acquiring a majority of the coins in circulation?
Bitcoin network’s token (currency) BTC can be accumulated by anyone in the world by:
Exchanging other currencies for BTC
Get paid in BTC
There is nothing in the protocol that takes care of distribution. Everyone owning similar amounts is only possible in an ideal world or some game. In practice some people will always own more than others.
Do they control Bitcoin?
No. Alice has 1000 BTC and Bob has 1 BTC. Alice has no special permissions to change the consensus rules.
Process for soft forks:
Create BIP and share with others. Discuss everything involved.
Miners signalling readiness
Locked in if signalling % according to BIP
Else if UASF:
Miners signalling readiness
Locked in irrespective of signalling %
Miners can follow the new consensus rules else their blocks will be rejected by full nodes. Economic nodes play an important role.
None of the above mentioned things involve supply of bitcoin. Maybe people with more money can have some influence but 2017 soft fork proved that closed door meetings, corporates, miners etc. cannot decide things for Bitcoin ignoring users, devs and decentralization.
Given a web domain. What are the available online threat hunting platforms which
could help in doing a threat hunt for that domain?
Also does Metasploit exploits for web applications can be considered as threat hunting?
Volunteers info has to go to Vrijwilligers Lijst Tab
Kids 1 to 4 are mandatory 5 and 6 are optional and sometimes not filled in.
Volunteer 1 is mandatory and 2 till 6 are optional.
I have no what has been going wrong and I kind of gave up but I am in really dire need this needs to get digital cause doing it all by hand it taking way to much time we could use else where as an non profit organisation. We do this to let the kids have some fun in their last week of Summer Holiday. Can someone please help me out here, I am just stuck and non of the video’s nor formula’s seem to work. For some reason the moment I put a , as shown in the other formulas my entire formula stops working.
If I am passing a PSBT (Partially Signed Bitcoin Transaction) between multiple people, and I pass on my signature for my UTXOs for given inputs, can someone take advantage of malleability and cheat me out of the outputs I’m expecting?
What are the full ramifications of this? What is the most I can be taken advantage of, and is there any defense other than using funding with segwit spends? Can you be specific on how exactly such an attack would occur, and what portions of the PSBT might a malicious actor pay most attention to
Information Security Stack Exchange is a question and answer site for information security professionals. It only takes a minute to sign up.
Sign up to join this community
Anybody can ask a question
Anybody can answer
The best answers are voted up and rise to the top
Are there any methodologies or frameworks that help in preparing a list of threat taxonomies for a specific environnement? I don’t have a specific use case yet, so I can’t use threat modeling techniques. I am wondering if NIST or ISO have a methodology to follow for creating a threat taxonomy?
asked 40 mins ago
A video file is normally just image and sound data, with additional metadata involved. It normally does not contain any sort of executable code, and therefore, generally video files are safe.
However, it is possible that the video player you’re using has a security problem like a buffer overflow, and that a video file could be specially crafted to exploit that video player and run malware. This is true of virtually every non-trivial program that processes untrusted data and is not specific to video players.
This is also not, in general, a great way to spread malware because people tend to use a variety of different video players which will contain different codecs for processing data. Therefore, even if someone distributed a malicious video file that exploited video player A, it probably just wouldn’t be malicious (or might not even render) on video player B. That isn’t to say it couldn’t happen or hasn’t happened, but there are more effective ways to spread general-purpose malware.
The only time I’d be seriously concerned about this as a threat model is if it were a targeted attack, where an attacker would have created a malicious file to exploit you or your company specifically and would have targeted it to software they know you use. However, you are probably not in that case, and even if you are, following standard best practices around security is the most effective way to prevent this.
It is likely that transcoding the file would prevent the malware from being exploited if the problem is in a codec (which is where many such security problems tend to occur), but the problem could also be in a metadata parser or other format-independent piece of code, in which case it wouldn’t have any effect. I would not transcode a video on the off chance that it might contain malware.
Your best defense here is to keep your software up to date with security patches. That means keeping your web browser, operating system, and other software you use, including any video players, up to date. If you’re using a cell phone for this purpose, be sure that you’re using a model that ships with regular security updates for as long as you own it, and apply them promptly.
You may also choose to prefer more reputable sites for content. For example, it is unlikely that Netflix is going to serve you malware. I realize that people live in the real world, though, so that may not always be practical, but if you’re very concerned about this possibility, then maybe you’d like to adopt that approach.
I want to create a threat model to guide a security-oriented review on a project. I found the OWASP Threat Dragon and would like to do it in that, but from the documentation and example I am unsure how to use the elements provided.
The diagrams can contain following elements:
Actors (represented with boxes)
Processes (represented with circles)
Storage (represented with over and underline)
Data flows (represented with arrows)
Trust boundaries (represented with dashed lines)
The latter three seem obvious, but there is an example model and that shows Actor “Browser” and Process “Web App”. I would expect actor to mean user, but then on the other hand what would represent the browser? Or should it be represented at all?
And each function should be a separate process, no? I suppose the component itself does not really need to be represented, though where would I then put cross-process concerns like authorization? Or should I mention them for each and every function?