x23.ai’s Post

Mastering the tabletop: 3 cyberattack scenarios to prime your response https://trib.al/KPKsBT6

Mastering the tabletop: 3 cyberattack scenarios to prime your response

Mastering the tabletop: 3 cyberattack scenarios to prime your response https://lnkd.in/g9N36PXe

The Magic of the S-Box A substitution box — or S-box — is one of these things used in encryption that many people don’t quite understand. But they are actually quite simple. With AES, we go through various rounds. For 128-bit AES, this is 10 rounds, and where we use a part of the 128-bit key for each round. Overall, we take a block of 16 bytes and then perform the rounds. These 16 bytes are arranged in a 4x4 matrix. The substitution bytes elements are known as the S-box. Each round then uses an S-box to scramble the bytes. After the S-box, we shuffle the rows of the 16-byte matrix, and then shuffle the columns. On the decryption part, we just do this in a reverse order and perform a reverse operation. This is a little like shuffling a deck of cards and then handing someone the shuffled deck. These cards should now look randomly placed. The receiver of the cards — if they have a secret — can then reverse every move of the shuffle to get the cards back in their original place in the deck. Read more: https://lnkd.in/dT6Brufn

Mastering the tabletop: 3 cyberattack scenarios to prime your response

Mastering the tabletop: 3 cyberattack scenarios to prime your response

🔧 "Boot Device Not Found" decoded: Check out our expert guide to diagnosing, fixing, and preventing computer startup failures 👉 https://bit.ly/4crxShu #TechTips #ComputerHelp #TechSupport #ComputerMaintenance

Did you understand the concept of assigning bdf to devices if not watch this. Concept taught with different examples. https://lnkd.in/eTzuftCH.

🎈 The web server on the default port 80 hosts a demo virtual host, accessible with guest credentials. While reviewing the links, I discover a MinIO Metrics section that is visible due to a Line Feed (LF) injection vulnerability. This allows me to analyze the logs, leading to the discovery of a new virtual host. This new virtual host uses the MinIO platform and reveals the service version, which is vulnerable to CVE-2023-28432. This is an information disclosure vulnerability that exposes the root user's credentials of the platform. After a thorough analysis, I determine that a specific version of a bucket leaks critical information related to an identity-based secrets and encryption management system. Finally, privilege escalation is achieved by leveraging a program that can be executed with elevated privileges by a user.

I am creating a video tutorial on SSL handshakes. This is the first video of that series- Symmetric Encryption. Hope you find it helpful! https://lnkd.in/g3Rk2pZW