asteroza + ssl   244

OpenConnect VPN server.
Cisco compatible SSL VPN server
SSL  VPN  server  software  opensource 
june 2019 by asteroza
Firefox to Import Windows Root Certs To Avoid Antivirus SSL Scanning Issues
Uh, no , part of why Firefox doesn't suck is that it used an independent certificate store. sucking in the windows cert store is asking for trouble.
firefox  browser  security  NSS  SSL  TLS  certificate  CA  store  windows  root 
march 2019 by asteroza
Publications | Outflank
DoH turning into a Doh! You may begin to hate yourselves...
virus  C2  secondary  communications  channel  beacon  DNS  DoH  HTTPS  SSL  TLS  SPF  security  hacking  pentesting  redteam 
october 2018 by asteroza
Let's Encrypt SSL for ESXi
offboard script to generate ESXi SSL certs from Letsencrypt
VMware  ESXi  SSL  TLS  certificate  letsencrypt  sysadmin  tools  utilities 
october 2018 by asteroza
CSR Viewer
A not broken CSR decoderthat doesn't choke on let's encrypt CSR's that are mostly empty
SSL  TLS  certificate  CSR  decoder  letsencrypt 
september 2018 by asteroza
Trying SSL with ALPN protocol for Amazon MQTT data, connects but no ALPN negotiation · Issue #31894 · dotnet/corefx
Huh, so Schannel for Windows 7 doesn't support ALPN, thus to can't actually connect properly to Amazon iot-core MQTT over TLS.
windows  7  bug  SSL  TLS  ALPN  schannel  AWS  IoT  MQTT 
september 2018 by asteroza
LAteral Movement Encryption technique (a.k.a. The "LAME" technique)
I wonder why let's encrypt didn't isolate the internal IP range DNS entry SSL certificates to a child CA cert that enterprises could explicitly distrust, which would quash this in a heartbeat.
internal  IP  range  SSL  TLS  certificate  letsencrypt  lateral  movement  encryption  security  hacking  pentesting 
september 2018 by asteroza
TLS 1.3 middleboxes test
Cloudflare's test for middlebox compatibility with TLS 1.3
TLS  1.3  middlebox  protocol  security  test  service  SSL 
june 2018 by asteroza
Oh god, smuggling C2 commands in TLS cert subject names. I suppose it should be possible to be bidirectional using both server and client selfsign certs....
covert  channel  TLS  SSL  certificate  subject  name  C2  command  security  hacking  pentesting 
february 2018 by asteroza
WrapAPI: APIs for the whole web
Build an API on top of any existing website or find an API for a site that you need
SSL  TLS  webAPIU  debug  proxy  service  wrapper  API  network  traffic 
december 2017 by asteroza
letsencrypt/boulder: An ACME-based CA, written in Go.
FOr setting up a private CA with ACME support. Usable for short lived certs?
CA  certificate  authority  software  ACME  protocol  on-premisis  server  PKI  SSL  TLS 
october 2017 by asteroza
KeyStore Explorer
tools for fiddling with java certs
java  SSL  CA  certifcate  sysadmin  tools  utilities  security 
july 2017 by asteroza
ssl - Create self signed certificate with subjectAltName to fix [missing_subjectAltName] in Chrome 58 - Super User
So the short version is a v3 certificate, plus SAN of IP.1 = for self signed IP address sites
SSL  certificate  chrome  self-signed  SAN  v3  PKI  OpenSSL 
july 2017 by asteroza
HTTPS Interception Weakens TLS Security | US-CERT
Middleboxes/UTM suck at telling endpoints about TLS connections, ad nauseum...
HTTPS  interception  interceptor  middlebox  UTM  firewall  security  advisory  CERT  SSL  TLS  MitM  Delicious 
march 2017 by asteroza
Interesting, using DNS-over-HTTPS to improve security of lookups, assuming you trust google DNS.
NSS  module  DNS-over-HTTPS  DNS  SSL  TLS  certificate  pinning  domain  name  lookup  hardening  security  Delicious 
october 2016 by asteroza
Using tor as a second circuit to check for MitM SSL/TLS attacks. Not entirely out-of-band, but close enough?
SSL  TLS  security  rogue  CA  certificate  inspection  tor  checker  tester  MitM  Delicious 
october 2016 by asteroza
RFC 6844 DNS Certificate Authority Authorization
New CAA record for DNS, which in theory CA's will look at to stop issuing fake certs, assuming the CA is not a bad actor...
RFC6844  DNS  CAA  PKI  SSL  TLS  CA  certificate  authority  authorization  security  Delicious 
september 2016 by asteroza
Family Safety update improves web filtering and activity reporting in Windows 8....
So family safety features a SSL MitM proxy using a local trusted root CA. Which means firefox needs to import that cert to be able to use SSL sites.
windows  parental  controls  family  safety  local  SSL  TLS  MitM  intercept  proxy  Delicious 
september 2016 by asteroza
« earlier      
per page:    204080120160

related tags

1.3  abuse  access  ACME  active  AD  add  addon  Adito  advisory  adware  AES  agentless  AIM  AIMpro  ajax  AJAXterm  ALB  ALPN  ALS  alternative  amazon  analysis  analyzer  android  anon  anonymity  anonymizer  anonymizing  anonymous  antimalware  antivirus  apache  API  app  appliance  application  article  AS2  asynchronous  attack  attacks  attribute  audit  auditing  authentication  authority  authorization  automated  automatic  automation  AWS  axTLS  balancer  banking  BarracudaDrive  baseline  beacon  beast  Berkeley  best  bitmessage  bitnami  bittorrent  blackdog  blackhat  blacklist  block  blocker  blocklist  blowfish  bluecoat  boringssl  bouncycastle  box  branch  bridge  broker  browser  bug  BurpSuite  business  bypass  C#  C2  CA  CAA  cache  captive  capture  card  censor  censorship  cert  certifcate  certificate  chain  channel  chat  cheap  check  checker  checking  china  chosen  chrome  chromium  cipher  citrix  CLI  client  clone  cloning  cloud  cloudflare  CMS  code  coding  collaboration  collection  command  communication  communications  comparison  compliance  compromised  config  configuration  connection  console  content  controls  converter  cookie  cookies  cost  covert  credential  credit  CRL  crosslink  crossroads  cryptography  cryptomnemo  CSP  CSR  CT  CTL  cube-routed  darknet  database  datacenter  deb  debug  debugging  decoder  decryption  defense  Delicious  demo  department  deployment  DES  desktop  detection  development  device  devices  devops  DHT  diffie-hellman  digicert  directory  disable  distributed  distrust  DLL  DNS  DNS-over-HTTPS  DoD  DoH  domain  dongle  downgrade  download  dragnet  drive  DSS  Echo  EDI  EFF  elasticsearch  electronics  email  Email.NET  embedded  emotion  encrypted  encryption  enforcement  enforcer  engine  enterprise  entry  erasure  error  ESXi  ethernet  EU  europe  EV  evaluation  event  example  exchange  exit  expiry  exploit  export  extension  facebook  family  FEC  feed  file  filesystem  filtering  fingerprint  fingerprinter  firefox  firesheep  firewall  fix  flash  Foolscap  force  Force-TLS  forced  fork  forward  framework  freak  free  FreeDNS  freenet  friendnet  frontend  FTP  FUSE  fuzzing  gateway  general  generator  github  gmail  go  goo  google  goverment  government  GPL  grade  graphical  grid  group  GTK  GUI  guide  guideline  hacking  handling  HAProxy  hardening  hardware  hidden  hierarchy  hijack  hole  honeymole  honeynet  hooking  host  hosting  hotmail  howto  HPKP  HSTS  HTST  http  https  humor  I/O  I2P  IBM  ICA  IEEE  IIS  IM  image  IMAP  IMAP4  implementation  industry  infographic  informance  information  infoviz  infrastructure  injection  inline  inspection  instant  intecept  integration  intercept  interception  interceptor  interface  intermediate  internal  internet  intranet  IO  iOS  IoT  IP  iphone  IPSEC  IRC  issuance  jabber  japan  java  javascript  JTAN  JustSystems  key  keyless  keylogger  knowledge  komodia  L2TP  L7  lateral  learning  length  lenovo  letsencrypt  library  lifehacks  line  link  linux  list  littleblackbox  live  LiveCD  lived  load  local  localhost  log  logging  login  logjam  logon  longhorn  lookup  low  Lua  mac  machine  malware  management  mbedTLS  MDN  memory  message  messaging  microservice  microsoft  middle  middlebox  military  MIME  Mirage  MitM  MITM  mixed  model  module  mod_ssl  Mojo  monitoring  monnitoring  movement  mozilla  MQTT  msking  MTA  multi  multiple  multiplexer  multisourced  myremotefiles  MySQL  MyVPN  name  Namecheap  Nation  network  networking  nginx  Nmap  node  node.js  non-blocking  non-repudiation  notary  npm  NSS  obfuscated  obfuscator  observatory  obstcp  on-premisis  OneSwarm  online  open  opensource  openSSH  openSSL  OpenSSL  openvpn  opportunistic  order  OSX  Outlook  overlay  overview  p2p  PA-DSS  packet  page  parental  passphrase  password  patch  PCI  PCIDSS  penetration  pentest  pentesting  perfect  performance  perl  personal  perspectives  PFS  PGP  PHP  picture  pin  pinning  PKI  plaintext  plugin  point  PolarSSL  polarSSL  policy  POP3  port  portal  post  postgeSQL  powershell  PPP  PPTP  practice  practices  prediction  preload  prime  privacy  private  problem  processing  programming  project  proof  proof-of-concept  protection  protocol  provider  proxy  psiphon  public  punching  python  QA  query  quote  rails  range  RDP  reader  realtime  recognition  recommendations  recon  recovery  redirection  redteam  reference  registrar  remote  removal  renewal  repeater  repository  reputation  request  requirement  research  resolver  retrieval  reverse  review  revocation  RFC  RFC6844  Rizzo  rogue  root  routing  RSA  RSS  ruby  rust  safe  safety  samba  sample  SAN  SBPA  scan  scanner  scanning  schannel  script  search  secondary  secrecy  secure  SecurID  security  selector  self  self-signed  server  service  session  setting  setup  SHA-1  shadowsocks  shakespeare  sharing  shell  shopping  short  shuriken  side  sidejacking  signed  signing  simple  site  slow  smartcard  SMTP  SNI  sniffing  socket  software  source  sovereign  SPF  SRI  ssh  SSK  ssl  SSL-Explorer  SSL3  SSLbridge  SSLsnif  sslsnoop  sslstrip  SSO  SSTP  standard  StartSSL  state  steganography  stick  storage  store  streisand  stunnel  subject  subscription  suite  superfish  survey  sweden  Symantec  symantics  syntax  sysadmin  system  Tahoe  tcp  terminal  test  tester  testing  threat  tinc  TinyCA  TinyCA2  tips  titus  TLS  TLS1.0  tools  tor  torrent  traffic  transaction  transfer  transparency  transparent  transport  tree  tricks  trust  trusted  tunnel  tunneler  tunneling  Tunnelr  tutorial  tweaking  twisted  U2F  U3  UC-Key  UDRW  UI  unit  unwrapping  update  upgrade  URL  US  usage  USB  user  utilities  UTM  v3  V8  vCenter  VcubeV  VDI  vendor  verification  verisign  viewer  virtual  virus  vista  visualization  VM  VMware  VoIP  vpn  vtunnel  vulnerability  wall-of-shame  wallofsheep  warning  web  webAPIU  webapp  webDAV  webdev  WebEx  webhosting  webmail  webserver  webshell  website  wifi  wildcard  windows  wireless  wireshark  wiretapping  WordPress  WoSign  wrapper  WTF  x.509  XMPP  yahoo  zero  ZFEC  zone  ZTIC 

Copy this bookmark: