Outer Web | Explore

Explore >> Select a destination

You are here		mike.sherov.com The Rise of Man In The Middle (MITM) Based Session Hijacking Attacks \| Mike Sherov
\|	\|	endtimes.dev .dev and HSTS preload \| endtimes.dev	5.4 parsecs away Travel
\|	\|		5.4 parsecs away Travel
\|	\|	labanskoller.se Laban Sköllermark \| Man-in-The-Middle Session Fixation in Securitas Direct My Pages	3.2 parsecs away Travel
\|	\|	During 2021 I had access to a facility equipped with an alarm system from Securitas Direct. I had access as a regular user to Securitas Direct's My Pages at mypages-pro.securitas-direct.com, which is used to administer some aspects of one's security alarm installation. That web application suffered a CWE-384 Session Fixation vulnerability which can be used by an attacker in a so-called Man-In-The-Middle (MiTM) position. Home page of Securitas Direct My Pages In summary, if an attacker is on the same netw...	3.2 parsecs away Travel
\|	\|	adsecurity.org » Another SSL Attack: POODLE » Active Directory Security	3.9 parsecs away Travel
\|	\|	[AI summary] The article discusses the POODLE vulnerability in SSL 3.0, explaining its risks, exploitation scenarios, and mitigation strategies such as disabling SSL 3.0 and implementing TLS_FALLBACK_SCSV.	3.9 parsecs away Travel
\|	\|	www.sentinelone.com XZ Utils Backdoor \| Threat Actor Planned to Inject Further Vulnerabilities	27.3 parsecs away Travel
\|		Analysis suggests that CVE-2024-3094, a backdoor deliberately planted into XZ Utils, may have been only the first on the threat actor's agenda.	27.3 parsecs away Travel