Trying to bypass my college firewall(fortinet) but failing.

Comments Off on Trying to bypass my college firewall(fortinet) but failing.

So we have tried making a wireguard vpn on azure which works completely fine but since azure is too expensive, I got a OVHcloud vps and did the exact same thing but it doesn’t work. I cannot connect to the OVH vpn idk why. My friend is the one who setup the server on the vps and I tried connecting to the ssh but then we found out most ports are blocked on my side and seems like 80/443 are from the few that worked. Tried wireguard over 80/443 didn’t work. Tried openvpn on tcp mode over 443 didn’t work. Tried shadowsocks server over 443 even that didn’t friggin work. Oh and all these works fine for my friend over at his home and even for me over mobile data. looking at the logs, the common behaviour seems to be that the server is receiving the handshake but my client side setup cannot receive the handshake back from it therefore connection does not establish or drops right after it establishes. We are basically out of ideas as nothing seems to be working but we know we gotta be doing something wrong as all these methods seems to be used in much more heavy duty bypassing so no way my college can just block all these and the fact that just wireguard alone easily bypasses on azure. Any help would be appreciated.

submitted by /u/XPookachu
[link] [comments]

Read More >>

Ukraine war scuttles Biden arms control agenda

Comments Off on Ukraine war scuttles Biden arms control agenda

The State Department is preparing its annual report on compliance with arms treaties and is expected to call out Moscow for failing to comply with the terms of the New START nuclear arms accord, complicating U.S. hopes for more weapons deals to come.

Read More >>

Insecure Direct Object Mapping or IDOMs is an underrated bug class and way more severe then IDORs

Comments Off on Insecure Direct Object Mapping or IDOMs is an underrated bug class and way more severe then IDORs

So IDOMs is a category to describe web app bugs that have been around since at least 2008. In different programming languages it’s known as different names in Ruby it’s called Mass Assignment, in Java and .NET ASPX it’s called Data Binding or Reflection Binding. All these bugs have been categorized under the new IDOM name to prevent confusion. How they work is if a framework let’s you append new objects depending on the parameters you place in your request they get mapped into the application which is a dangerous practice and the only way to prevent an IDOM is to explicitly whitelist object names in the programming logic so if you don’t do this you are automatically vulnerable out of the gate. I’ve found IDOMs in so many big companies web apps especially java MVC based apps. At a recent blackhat conference in 2022 there was a presentation called “Data Binding 2 Shell” where a bunch of researchers have found severe IDOMs in popular java frameworks that led to RCE so the problem is still very much relevant to this day. Think of IDOM as writing to object data and think of IDOR as reading from object data there opposites of each other.

submitted by /u/TheCrazyAcademic
[link] [comments]

Read More >>