I am asked about my opinion in a case as follows:
Someone visited a (totally legal, in fact US government) website A and identified themselves. At a very different point in time they – allegedly – visited a (doubtlessly very) illegal website B.
US law enforcement claims there is no doubt that the access to B was by the same person/from the same PC as the access to A. If the identification were based on the client’s IPv4 address (outside the US!), say, I’d argue that these are typically reassigned to new client’s every few hours or days (not to mention shared/NATed use by multiple entities, including WiFi guests), hence is at most very weak evidence. In addition, it currently seems that the non-US ISP was not asked to reveal the identity of their customer associated with the IP in question at the point of time in question. Rather the claim of identity is by comparison with said access to A. Meanwhile, it seems that the identification is not claimed to be done by IPv4 address, but rather by something referenced as a “GUID” identifying the PC. I am not aware of a standard or wide-spread use of any such GUID in any internet protocol that would allow cross-site identification between sites that do not even wish to collaborate on such an issue.
Note that the term GUID was specifically mentioned, i.e., we are not talking about browser fingerprinting or cookies.
Q: Is there anything “GUID-like” that can act as described to identify a PC/device across multiple unrelated(!) sites? In TCP? In http? In TLS? “Anywhere else” in the process?
I’m facing a surprising problem : A windows 10 computer seem to use keyboard and mouse by himself on the login screen.
So I’m guessing :
It’s not a software intrusion, because it that way the program should have access to the shell and should use command by programs instead of attempt to login;
It may be a hardware attack, there is some (know and buy) device connected by USB on this computer;
So here is my question : There is a way to identify the malicious device? And even better, to record what kind of command it’s attempt to use ?(Yea, I’m playful.)
— A bit more context I observed this behavior after just open this laptop and leave him alone around 10 min. The virtual keyboard was open, and the program seem quite lost by clicking on empty space where there is usually the menu icon.
I have constructed a DCEL using the procedure described in How do I construct a doubly connected edge list given a set of line segments?.
This correctly identifies all faces, however I’m struggling to come up with a way to identify the unbounded face surrounding my graph.
So far my only idea is that by building a polygonal representation of every face, I could find the face polygon which ‘contains’ all the others, but this seems kind of messy.
I had a disagreement with one of my groups recently: They believe that the identify spell is the only way to identify a magic item, while I believe a high enough Intelligence (Arcana) check is able to do the same.
What I came here to ask is: What are all the possible ways to identify a magic item?
We have certain Ubuntu (18.04) servers operating .NET Core apps on Kestrel. Recently the apps and OSes have been hanging, requiring entire VM restart.
What we found was the app had way too many file descriptors for network sockets. i.e. /proc/
Correspondingly, a query with lsof would reveal an ever-growing pool of “protocol:TCP” of type sock the dotnet process leaks.
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME dotnet 6905 www-data 675u sock 0,9 0t0 96816 protocol: TCP dotnet 6905 www-data 676u sock 0,9 0t0 96863 protocol: TCP dotnet 6905 www-data 677u sock 0,9 0t0 96910 protocol: TCP dotnet 6905 www-data 678u sock 0,9 0t0 96959 protocol: TCP dotnet 6905 www-data 679u sock 0,9 0t0 97006 protocol: TCP dotnet 6905 www-data 680u sock 0,9 0t0 97053 protocol: TCP dotnet 6905 www-data 681u sock 0,9 0t0 97101 protocol: TCP
From another thread with similar reported problem, https://serverfault.com/questions/153983/sockets-found-by-lsof-but-not-by-netstat we understand that is due to some code (likely some library) in the .NET app that is opening sockets without binding IP address or port to it.
However, what we particularly like to know in this case is, what are DEVICE 0 and 9 in this context? I have seen other reports list 0,5 or 0,7 but nobody explains what those numbers represent which type of device.
We are using SharePoint 2013 and there is multiple content types are created. Some of them are currently in use with multiple list and document libraries but now I want to identify un-used content type and remove them. Can anyone suggest how can I do this or Is there any PowerShell script available to achieve this.
so I am total noob at this , just starting out. I found online an web app that is vulnerable to blind sql injection, I manage to get in users table and I looked at my password, in the table was the hased version, this one->57b0fcbe39b9336d, now I know that my password is dinamo, knowing the hashed version and the original password how I can use this informations to find out the hashed method?
AWS amazon machine, nmap claims it’s likely Linux but it’s obviously running both windows and linux software.
a) Windows machine using docker on windows and then virtualizing the Linux programs shown; b) Linux machine using vmware or something then installing windows and showing IIS and others…
In any case whoever uses this is a fan of docker.
It uses VNC for log on to graphical interface…
Why am I curious? I have reasons to believe said host is either used by foreign hackers or setup by them to use a large botnet + originally host the “antipublic database” which created minihavoc recently. In any case whoever had root access to this was super competent and talented hacker.
Again I need to know at least the host OS on top. Thanx!
I see three checksums in a .deb package: 1. md5sum 2. sha1 3. sha256
Q.1: Why do we need 3 checksums Q.2: Can we use any one of these to uniquely identify a debian package
I’m on Windows Server 2019 with AD/DC,DHCP,DNS,Remote Access and CA roles installed on it. I created a VPN certification (for SSTP and IKEv2) on my server, issued it and installed it in the personal certificate store. now I want my clients (basically Windows 10 pro machines) to automatically receive the CA Certificate Chain so that they can trust certificated issued on my server like the VPN cert. I’m gonna do this using group policy but the problem is I can’t tell which one of the installed certificates in the certificate store of the local machine (Server 2019)is actually the CA Certificate Chain.
I have 3 identical CA certificates, 2 of them are in the Trusted root certificate authority store and one of the is in the personal store.
here is the details of those 3 certs, the screenshots i took from the details are the same in all 3 certificates.
View post on imgur.com
I’d appreciate if someone can help me find the right one.