I used to use Deluge to download stuff from torrent (like Linux ISOs), but now I stopped doing it as it’s a huge risk security-wise. I uninstalled Deluge, but I wonder what I have to do to find out whether some torrent ports are still open and I’m at risk of being attacked.
Also, is there a way to find out if I’ve been attacked through torrent?
i have downloaded bwapp from official site and windows 10 defender showing me that it contains a reverse shell ( i know these things are there for practice ) but in earlier days it is not showing that. Is it good to use it is safe to use
Or it is just a False Positive
Some features are not yet available on the web platform and thus require cooperation with a native application in order to provide them. One method for a web application and a native application to communicate with each other is a custom protocol handler.
For instance, the web application can call "mycustomproto://some/params", where "mycustomproto" must first be registered with the operating system as a valid URI protocol. On Windows, this is done in the registry. There are a few keys/subkeys/values etc that must be added to the registry, but only one actually deals with specifying the executable and it’s parameter(s).
Note that once the protocol handler is registered with the operating system, it can be launched by any website that knows of its existence, subjecting it to potential abuse.
Example Windows registry value for this purpose
All of the examples that I’ve found documenting this show the following:
Assuming that the registered handler (e.g. "myapp.exe") has zero possible security flaws, is the above example registry value sufficient for ensuring that malicious websites are unable to piggyback additional commands and/or arguments?
- For the purpose of this question, please assume that the protocol handler (e.g. "myapp.exe") is incapable of exposing vulnerabilities of its own – it’s idle – it launches, does nothing, and quits. This question is specifically related to the browser and/or OS and the "execution" of this registry value.
- Can malicious actors somehow escape out of the "%1" double quotes and cause the browser and/or OS to run additional commands (e.g.
- Similarly, can malicious actors somehow send additional arguments to the protocol handler? Or does the "%1" ensure that the handler will only ever receive a single argument?
- If this registry value is insufficient to only ever call the protocol handler (and nothing more) with a single argument, is there a better way?
I have 2 certificates (one root and one intermediate).
In Windows OS, the Root certificate is in the trusted root store (for current user). The other intermediate certificate (signed by the root CA), is to be found (under current user also) under the Intermediate CA store.
I am using SSL verification in one of my client applications (Kafka Confluent) and realized the client only enumerates certificates in the root store. Therefore SSL handshake fails (the intermediate CA is needed).
One solution is to import that certificate into the Trusted Root Certificate Authorities. With that solution, SSL verification at client works. However, is there any concern in doing so?
From security point of view does it make a difference if the intermediate CA exists in the Root store vs the Intermediate store on Windows?
UPDATE If more context is needed as to what exactly I am facing you can check the issue here https://github.com/edenhill/librdkafka/issues/3025
I’m reading myself into the different exploit protection methods from MS. One is SEHOP, if I check it e.g. with PS:
Enable : NOTSET TelemetryOnly : OFF Audit : NOTSET Override SEHOP : False
What is "TelemetryOnly" ? Internet search was not successful so fare.
Thanks for hints and resources!
If i move a file from an non-hidden encrypted drive to my main C drive, then move the original file to a hidden container on the encrypted drive, then wipe the original file with ccenhancer/secure erase, is that doing enough to ensure the original location isnt Knowles? Or does windows log moved files by default and someone could tell if the copied file came from the encrypted drive? Additionally, do softwares like ccenhancer/secure erase remove "recently viewed" logs from applications in case they are opened from either hidden or non hidden volume?
I’m considering moving into the DBA field and have begun reading in areas of SQL and Database design theory however I’m not sure how to approach Windows and Linux.
I’ve passed the CompTIA A+ in 2006 so I’m familiar with Windows for a 1st line support perspective however should I be reading literature which is more catered toward DBA and if so can anyone suggests an appropriate book?
I will also need a suggestion for Linux.
I had a friend using my computer. It has windows 10. Is it possible to know if some files were uploaded online? Does windows keep a log of it somewhere?
I tried to find a solution but in vain.
I have recently changed my PC which is running on windows 10 (x64).
After installing GSA SER, I pasted 100 private proxies. While testing proxies, all proxies are not verified, i.e., all proxies failed.
On the other hand, I am using the same proxies on a VPS running on windows server 16 with GSA SER and they are running fine.
Therefore looking for help to configure windows 10 so that proxies should be tested properly.