User Soufiane Tahiri - Information Security Stack Exchange

50 votes

Accepted

How to prevent users from executing commands through browser URL?

answered Feb 28, 2019 at 8:54

21 votes

How do I investigate where personal information in a fraudulent email was leaked from?

answered May 16, 2017 at 12:23

16 votes

How is the "WannaCry" Malware spreading and how should users defend themselves from it?

answered May 15, 2017 at 11:48

14 votes

Accepted

WPA3 announced. Really needed?

answered Jan 10, 2018 at 8:47

9 votes

Why are users tracked?

answered Feb 14, 2019 at 11:04

8 votes

Can a website download documents, images, or other information onto my iMac without my consent or awareness?

answered May 29, 2017 at 7:47

7 votes

How would a backdoor gain persistence

answered Oct 4, 2017 at 9:11

6 votes

Accepted

Using sqlmap --crawl without asking questions

answered Jan 4, 2018 at 9:06

5 votes

Accepted

How to check if Windows computer has SMB accessible over the internet?

answered May 15, 2017 at 8:45

5 votes

How long would it take to brute force an 11 character single-case alphanumeric password?

answered Apr 24, 2018 at 12:54

5 votes

Qualys SSL Scan weak cipher suites which are secure according to ciphersuite.info

answered Jan 25, 2021 at 12:02

4 votes

Accepted

Is there benefit to an Anti-forgery cookie with sameSite:none?

answered Dec 21, 2020 at 13:53

4 votes

Penetration Testing List

answered Aug 13, 2018 at 10:40

4 votes

How to analyze malware to find out where keylogger sent data?

answered May 15, 2018 at 12:55

4 votes

Accepted

Software for testing XSS and other web sites vulnerabilities

answered Jul 7, 2017 at 14:42

4 votes

How do Common Vulnerabilities and Exposures (CVEs) work?

answered Apr 4, 2017 at 12:54

3 votes

Was the 2017 NHS attack targeted?

answered May 15, 2017 at 14:00

3 votes

Should UAC be turned on or off on servers?

answered Mar 30, 2017 at 14:21

3 votes

Is a SIM card secure against governments?

answered Aug 23, 2017 at 12:05

3 votes

Accepted

How does Ransomware use vssadmin.exe with admin privileges

answered Jul 31, 2018 at 15:31

3 votes

How secure is the fingerprint sensor in the Pixel 3?

answered Nov 27, 2018 at 13:55

3 votes

Accepted

Is this test enough to proof that the web application is vulnerable to Login CSRF?

answered Jan 19, 2021 at 11:12

3 votes

In Open ID Connect, why is the id token a JWT token whereas the access token is not?

answered Feb 17, 2021 at 9:25

3 votes

How to pentest oAuth2/oidc clients

answered Jul 9, 2021 at 7:44

2 votes

Does Opera Android track me?

answered Oct 21, 2020 at 8:44

2 votes

Accepted

OAuth2 - Benefits for using Grant-Type:Password for machine-to-machine web-service calls

answered Jan 19, 2021 at 11:45

2 votes

SQLinjection prevention: parser + blacklist?

answered Jan 25, 2021 at 14:52

2 votes

Autopsy uncovering slack space of a file

answered Oct 13, 2017 at 8:38

2 votes

What compliance does my mobile application need?

answered May 17, 2017 at 13:57

2 votes

Actions to take after suspect PDF was opened

answered May 23, 2017 at 10:11

Stack Exchange Network

68 Answers

How to prevent users from executing commands through browser URL?

How do I investigate where personal information in a fraudulent email was leaked from?

How is the "WannaCry" Malware spreading and how should users defend themselves from it?

WPA3 announced. Really needed?

Why are users tracked?

Can a website download documents, images, or other information onto my iMac without my consent or awareness?

How would a backdoor gain persistence

Using sqlmap --crawl without asking questions

How to check if Windows computer has SMB accessible over the internet?

How long would it take to brute force an 11 character single-case alphanumeric password?

Qualys SSL Scan weak cipher suites which are secure according to ciphersuite.info

Is there benefit to an Anti-forgery cookie with sameSite:none?

Penetration Testing List

How to analyze malware to find out where keylogger sent data?

Software for testing XSS and other web sites vulnerabilities

How do Common Vulnerabilities and Exposures (CVEs) work?

Was the 2017 NHS attack targeted?

Should UAC be turned on or off on servers?

Is a SIM card secure against governments?

How does Ransomware use vssadmin.exe with admin privileges

How secure is the fingerprint sensor in the Pixel 3?

Is this test enough to proof that the web application is vulnerable to Login CSRF?

In Open ID Connect, why is the id token a JWT token whereas the access token is not?

How to pentest oAuth2/oidc clients

Does Opera Android track me?

OAuth2 - Benefits for using Grant-Type:Password for machine-to-machine web-service calls

SQLinjection prevention: parser + blacklist?

Autopsy uncovering slack space of a file

What compliance does my mobile application need?

Actions to take after suspect PDF was opened