encryption

Encryption

Encryption – CISSP Domain 3

We’re circling back to some more CISSP-related materials.  Today’s topic will be encryption, which can be found in CISSP Domain 3. By its very nature, encryption is meant to hide the meaning or intent of a communication from unintended recipients.  This process takes place when a message is converted from plain text (text that is …

Encryption – CISSP Domain 3 Read More »

Encoding

Encoding – CISSP Domain 3

Today we’re going to take a quick look at encoding, as covered in Domain 3 of the CISSP common body of knowledge (CBK). There is often some confusion between encoding and encryption, so one of the purposes of this article is to look at how the CBK defines encoding. Encoding is the action of changing …

Encoding – CISSP Domain 3 Read More »

Proxying HTTPS Traffic with Burp Suite

This is easy to fix. All we need to do is tell our browser that the Burp CA can be trusted. Because every new installation of Burp generates a different CA, this doesn’t create a risk of somebody else intercepting your traffic surreptitiously with their Burp instance. The actual steps to perform this vary slightly by operating system.

Creating SSL Certificate Requests Using Certreq.exe and Enable LDAPS

This post picks up on my last about creating and authorizing an internal certificate authority.  We are going to shift gears a bit and start looking at how to use this newfound infrastructure.  There are tons of tutorials online about how to create a certificate signing request (CSR) using IIS on Windows.  However, there are …

Creating SSL Certificate Requests Using Certreq.exe and Enable LDAPS Read More »

SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority

In this post, I wanted to give something directly to the Blue Teams out there.  I also thought I would call us out a bit for sending mixed messages to our users.  All too often we find internal websites using invalid SSL certificates when we are on an engagement.  Almost every user awareness document or …

SSL Certificates: Setting Up and Authorizing the Internal Certificate Authority Read More »

Scroll to Top