In a recent update, I reworked the crawler of CVE Crowd to list more posts, especially from platforms other than Mastodon.

This blog post goes into detail what conditions accounts and posts have to fulfill to be listed. By making the mechanics more transparent, I am trying to make it easier for you to adjust your own privacy settings on the Fediverse to either include or exclude your posts.

CVSS v4.0 will be published on October 1, 2023, with major changes compared to CVSS v3.1. While the specification may still be subject to change, I have taken a look at the expected changes to the Base Metric Group.

Have you heard about prompt injection already? It's an attack vector against applications that rely on large language models (LLMs) and emerged in the end of 2022 with the release of ChatGPT. It's also security issue #1 in the new category of OWASP Top 10 for Large Language Model Applications.

This blog post covers the basics of prompt injection and provides you with some common techniques to reveal the system prompt. Finally, I try to solve a prompt injection CTF with my own ChatGPT instance.

One-time passwords (OTPs) are often used as a second factor during authentication. In 2FA, usually time-based OTPs (TOTPs) are generated on a device that you own, such as RSA tokens or authenticator apps.

Sometimes OTPs are also used as an alternative to passwords or as a token for password resets. I'll call these event-based OTPs because the OTP is generated on a specific event.

Such OTPs are usually sent to the user via email or SMS. The discussion of whether OTPs via SMS are secure is a whole different topic, I am not going to cover here.

Instead, I want to focus on an attack vector that all these implementations have in common: Brute-force attacks

If you're pentesting web applications, you certainly come across a lot of JavaScript. Nearly every web application nowadays is using it. Frameworks like Angular, React and Vue.js place a lot of functionality and business logic of web applications into the front end. Thus, to thoroughly pentest web applications, you have to analyze their client-side JavaScript.

The HSTS header is an underrated security mechanism that makes your daily browsing more secure!
— https://infosec.exchange/@kpwn

Whilst it certainly secures your daily browsing, there is more to the HSTS header when looked at in detail. Did you for example know the HSTS header can be used as a tracking mechanism? Or that Firefox caps the number of stored HSTS entries at 1024? And have you heard that HSTS can be bypassed with HTTP header injection? Starting with the very basics, this blog post will cover all of the above topics.

I passed the Burp Suite Certified Practitioner (BSCP) exam in my third attempt and compiled the insights from my attempts into this guide. Now you can learn from my mistakes! This will help you to pass the exam and get certified.

After being more than six years on Twitter, I joined Mastodon a little more than a week ago. Here are some things I have learned, which might ease your start!

Imagine Alice, Bob and Eve sit together inside a room. None of them have met before. They get to talk and after some time Alice wants to tell Bob something that Eve should not hear. Also, Eve is a talented eavesdropper, so whispering is not an option. Luckily, Alice has heard of the Diffie-Hellman-Merkle key exchange and explains it to Bob. They perform the key exchange and although Eve heard everything they said, Alice and Bob end up with a shared key that Eve does not know. They use it to encrypt their further communication and talk about their deepest secrets. From Eve's perspective Alice and Bob are only talking gibberish.

The first time I heard about the Diffie-Hellman-Merkle key exchange, this sounded like magic to me. A key exchange entirely taking place over a public channel and still leading to a shared secret between the two parties. How should this even be possible?

Some years later during my cryptography lectures, naturally the Diffie-Hellman-Merkle key exchange was discussed. We learned about commutative groups and rings, cyclic groups, the discrete logarithm problem and other advanced topics. I had the feeling that I understood everything about the key exchange in depth.

Fast forward to my job as penetration tester. The question came up whether it is secure to use SSH with diffie-hellman-group14-sha256. With everything learned during my cryptography lectures, I had to admit to myself that I could not answer this question. What's group14 and where do you even need a hashing algorithm as SHA-256 during the key exchange? Thus, I decided to take a closer look at the key exchange.