Windows Exploit Protection: what is SEHOP setting: “TelemetryOnly” for?

I’m reading myself into the different exploit protection methods from MS. One is SEHOP, if I check it e.g. with PS:

Get-ProcessMitigation -System

I get:

    Enable                             : NOTSET     TelemetryOnly                      : OFF     Audit                              : NOTSET     Override SEHOP                     : False 

What is "TelemetryOnly" ? Internet search was not successful so fare.

Thanks for hints and resources!

Hostpoco.com*free Hosting – Free Auto Ssl – Ddos Protection -99.99% Uptime.

[b]We are offering a lifetime Free Hosting services.[/b]
Start your personal blog/ website with Hostpoco.com Today!
We are proud of the service we offer to our customers.

[b]***Feature of free Hosting***[/b]
*SINGLE DOMAIN HOSTING
*MAX WEB SPACE
*TIER 1 SUPPORT
*SINGLE CLICK INSTALLER
*MAX BANDWIDTH
*OWN EMAIL ADDRESS
*FREE AUTO SSL
*1 MYSQL DATABASES

[b]The free plan resources are limited but are more than enough to a fully working website.[/b]

[b]*Free plan includes:[/b]
– Single Domain Hosting
– 200MB Web Space
– 200MB Bandwidth
– 2 Email Accounts
– 2 Sub Domains
– Tier 1 Technical Support

For more Details: [b]Hostpoco | World’s #1 Free Trial Web Hosting, $1 unlimited hosting[/b]

Thank You. 

Insecure Binary protection IOS Pentest Report

Thirdparty pentest company reported their findings in our IOS app. In the report explanation for this vulnerability is

Apple provides default encryption for applications; however, the encryption could easily be bypassed by using publicly available tools such as Clutch. This was verified by performing static analysis that shows that the application code has not been encrypted, using a strong encryption mechanism, which makes it easy for an attacker to reverse engineer the application and to explore and modify its functionality.

For the remediation they suggested

The recommendation is to use a custom encryption solution for the iOS application. Is it possibile to build IOS app with custom encrytpiton solution? Is that something that is a feature when compiling IOS app?

Is there a way to use custom "encryption" for IOS app?

Is this change to the Protection fighting style balanced?

I feel the Protection fighting style has some problems that make it mechanically marginal at best, and not very much fun to play with. In brief, while it’s a decent defense bonus, your chance of actually being useful is pretty low. There’s around a 20% chance, each time you use Protection, that you’ll do any good — that is to say, the attacker’s initial roll would have hit, but their disadvantage roll has failed to hit. Add to that the positioning requirement and the cost of your reaction, and it often feels like a waste to use this ability.

I’ve been considering a few ways to beef up the Protection style to make it feel better without making it completely overpowered, and I want to get some feedback.

My proposal is instead of giving the disadvantage against just the one attack, make Protection act a bit like the Shield spell — it’s a reaction to use it when an ally is attacked, and then any attacks on that ally have disadvantage until your next turn.

What do you think? Is this too powerful?

Does the +1 AC bonus from the Warforged racial trait Integrated Protection and the Forge Domain cleric’s Blessings of the Forge stack?

The Warforged race (from Eberron: Rising from the Last War, p. 36) has a racial feature called Integrated Protection, which among other things, grants the following:

  • You gain a +1 bonus to Armor Class

The Forge Domain for the cleric (from Xanathar’s Guide to Everything, p. 19) has a class feature called Blessings of the Forge, which grants the following:

At 1st level, you gain the ability to imbue magic into a weapon or armor. At the end of a long rest, you can touch one nonmagical object that is a suit of armor or a simple or martial weapon. Until the end of your next long rest or until you die, the object becomes a magic item, granting a +1 bonus to AC if it’s armor or …

Recently, a player wanted to make a Warforged Forge Domain cleric and wondered if these two features would stack (meaning, the racial +1 stacking with wearing magical armor enchanted via Blessings of the Forge), allowing effectively +2 to AC. Is there any reason this wouldn’t work?

Azure Key Vault – hardware vs software protection

I was wondering if I correctly understand the difference between hardware and software protected keys.

Quoting the Applied Cryptography in .NET and Azure Key Vault (page 146 available on Google books)

Azure Key Vault Hardware Mode

When you configure Key Vault to work in hardware mode, you get the most benefit from the service because not only are keys stored in the hardware, but all operations such as encryption, decryption, and digital signatures are also performed on the device, which gives you the high level of protection when using Key Vault. The extra level of security that this affords does come at a cost as you need to use a premium service plan, but the additional cost gives you the extra protection that you would want in a production system.

Azure Key Vault Software Mode On the flip side, when you configure Key Vault to work in software mode, your keys are stored on the hardware, but any other operations, such as encryption, decryption, and digital signatures are performed outside of the HSM hardware using standard Azure compute virtual machines. Since there is less work on the HSM, you save money. From a software interface point of view, there is no difference in how you use Key Vault between hardware and software mode; the differences are transparent to a developer. When you are planning your testing and production environments for your software application, it is a good idea to use Key Vault in software mode for your testing environments as you can keep the costs low, and then use the hardware version for your production environment as this gives you the most significant level of protection.

In summary, my secret key is safe with hardware protection as long as the encryption key used to secure my secret key is not read from the HSM (which requires tampering with it and it leaves evidence). My secret key does not leave the HSM which performs all the operations using my secret key on its own. However, the software protection doesn’t have this extra security layer and my secret key is given away to Azure compute virtual machines, and my secret key could therefore be stolen without leaving any physical evidence whatsoever. Is that correct?

*Lifelong Free Hosting – FREE Auto SSL – DDOS Protection – Hostpoco.com

Everyone attract to Free Web Hosting in Google Search. Yes, it’s true and Hostpoco.com always trying to give the best possible features with our services, and hence most of the clients are now moving with us. Our features like max space and bandwidth perfectly suit for startups..hence we are requesting everyone to try our services once and then decide.

*FREE Startup Plan:$0 /Lifetime
– Single Domain Hosting
– 200MB Web Space
– 200MB Bandwidth
– 2 Email Accounts
– 2 Sub Domains
– FREE Auto SSL
– DDOS Protection
– 99.99% uptime
– Softacolous Supported
– Tier 1 Technical Support

We also offer you the freedom to upgrade your existing Free Web Hosting plan to Paid Unlimited Web hosting service plan and we guarantee that there won’t be any type of data loss of such upgrades. You simply suppose to initiate an upgrade from the client area and need to pay the respective amount and a new package will be assigned as soon as you are done with the payment!

For more information: https://hostpoco.com/free-hosting.php

Thank You.

Interaction of Intellect Devourer’s actions with the Protection from Evil and Good

How do Intellect Devourer’s actions interact with the “Protection from Evil and Good”? Am I right that:

  1. if “Body Thief” was not successfully used and the target creature is already under spell, than:
    1. “Claws” attack has disadvantage on attack rolls,
    2. if ID uses “Devour Intellect” does the target have an advantage on Intelligence saving throw (looks like it’s not stated directly in the spell’s description, there is just said about this only if the target is already “charmed, frightened, or possessed”) when ID uses this attack for the first time? For the next time, if previous failed?
    3. ID cannot use “Body Thief” at all.
  2. if “Body Thief” has already been used successfully and the target creature was not under the spell (which is a consequence of the previous statement, otherwise it cannot be), than:
    1. ID’s attacks (on the first target) have no meaning because the target’s brain is magically consumed and ID is in the target’s skull,
    2. casting “Protection from Evil and Good” on the target with ID inside with 100% chance drives the ID out.

Am I right? Please, pay attention to the 1.2 statement.

Actually, this question is not a duplicate of this: Protection from Evil and Good and Intellect Devourer because there was asked only if the Protection from Evil and Good can drive the intellect devourer out of the body as is stated in the monster description while in the spell description it is stated that it can affect only the creature (not body).