Cybersecurity professional with an interest/background in networking. Beginning to delve into binary exploitation and reverse engineering.

  • 0 Posts
  • 53 Comments
Joined 1 year ago
cake
Cake day: March 27th, 2024

help-circle



  • No. You can have control over specific parameters of an SQL query though. Look up insecure direct object reference vulnerabilities.

    Consider a website that uses the following URL to access the customer account page, by retrieving information from the back-end database: https://insecure-website.com/customer_account?customer_number=132355 Here, the customer number is used directly as a record index in queries that are performed on the back-end database. If no other controls are in place, an attacker can simply modify the customer_number value, bypassing access controls to view the records of other customers.












  • Yeah, I do to. We’re not talking about theoretically blocking access to a site nation wide. We’re talking about the TikTok ban, which doesn’t stipulate any sort of network blocking, it’s just a delisting from the app stores.

    The government has never required dns providers to remove records for a domain, or required ISPs to null route traffic to IPs. That’s almost certainly a First Amendment issue, and I can only imagine that such an order would be immediately challenged in court.




  • I feel like I might get a ton of downvotes for this, but I kind of disagree. Maybe when it comes to things like texture detail, we certainly don’t need every single hair on Roach modeled with full physics or anything.

    That’s only a subset of what constitutes graphics in a game though. I think that while it is computationally expensive, the improvements in lighting that we’re seeing contribute to making graphics more realistic and do matter.

    I get that people meme on Ray Tracing and the whole RTX On thing, but lighting techniques like Path Tracing, Global Illumination, and Dynamic Illumination are just as much a generational shift as physics was in HL2. Output resolution and texture resolution got pushed to a point where any further gains are marginal improvements at best. Physics is getting to that point, although there’s still room for improvement. Look at how well the finals handles destruction physics, or the ballistics models used in Arma 3. Lighting is the next thing being refined, and it has a ways to go. I’d bet that in 10 years full, real time, dynamic, ray traced lighting will be taken for granted, and we’ll be arguing whether there’s any value or added realism benefit to increasing the number of individual rays cast by each light source, or how many bounces they take. I’d also not be surprised if people were memeing about RTX Sound On at that point and saying that game audio peaked with HRTF or Spatial Audio.



  • You’re asking how to set up c2 infrastructure. You’re asking this question on a programming community, not a cybersecurity community, which is an odd decision by itself. You have made it abundantly clear that you are not asking this bc you’re trying to start up some red team ae program at your work, you’re doing this to perform illegal activity.

    Nobody is going to help you with this. No security professional is going to help you bc it’s completely unethical, and maintaining appropriate ethics is a huge part of maintaining employability in that sector. No one who does this stuff criminally will help you bc you’ve proven to have zero discretion and helping you will probably lead to the feds taking their front door off its hinges. Also you’re competition.

    If you don’t know how to do this already, which you obviously don’t, you put in the work to learn this skill set. Once you’ve done that, doing it professionally is much more stable, and has a much better risk vs reward, than doing it illegally.