Tag: understanding
Golden SAML Negation and Understanding
Information Security Stack Exchange is a question and answer site for information security professionals. It only takes a minute to sign up.
Sign up to join this community
Anybody can ask a question
Anybody can answer
The best answers are voted up and rise to the top
Asked
Viewed
7 times
I read this answer around mitigation and detection of the Golden SAML attack but I wanted to investigate further about how preventable it is and how an organization could nullify an attack before it happens.
My understanding here is that the entire ability of Golden SAML to be a threat is through compromising a trusted Identity Provider. Once that entity is compromised, an attacker can generate a SAMLResponse that is signed/encrypted by the private key of the compromised host, thus tricking the Service Provider (with the public key to decrypt/authenticate) into believing that the response comes from a valid provider.
Two questions arose out of this:
 Where does an SP get its list of usable public keys to compare against the SAML Response from an IdP?

Is this something like a browser CA where the browser developers control who’s trustworthy? (In this case, the Service Provider would control) and there’s a universal list with every (browser) service provider?

Or is it controlled by the actual SP admin and part of the SAML Configuration agreed upon between the SP and IdP?

Or maybe a third option I haven’t thought of.
 Depending on the answer above, what approaches should be taken besides “secure your IdP against attacks and compromise”?

Can the IdPs rotate their keypairs every so often and update the registered public key with the SP?

Can there be a separate “reverify” step between IdPs and SPs every so often, where a trusted entity ensures that the IdP is who they say they are through another method besides public/private key exchange (in line with bullet point one above). One of the reasons I thought of this was HashiCorp’s vault unseal where multiple keys are required. Maybe the “multiple keys needed” in this scenario to reverify are other mechanisms than the IdP/SP exchange, like a third party verifying IdP identity.
sql server – Understanding CPU time to measure workload
There is a resource in SQL Server called the Resource Governor, which is an Enterprise/Developer only feature.
https://docs.microsoft.com/enus/sql/relationaldatabases/resourcegovernor/resourcegovernor?view=sqlserverver15
Without this, the SQL instance is not governed and why it has developed a reputation for being “All or nothing” or “Hungry”. There’s nothing more satisfying than seeing somebody who doesn’t know about the Governor open it up for the first time and seeing “DEFAULT = 100%”.
When you run a long transaction, it doesn’t take long for the CPU to commit 100% of resources to a task, which is why it is ESPECIALLY important to always be optimising your queries and keeping your transactions short on nonenterprise editions.
In terms of SQL commitment, there are some reports you can use to monitor historical usage. Without the risk of repeating somebody else’s work, here’s an article that may be helpful for furthering your understanding.
Right Click the DB > Reports > Performance Dashboard.
Understanding a proof of $text{[meas]} implies text{[mean]}$
The following is from Bruckner’s Real Analysis:
I don’t understand the followings:
Red : Even if $g in L^1$ does not imply that $mu({{x: 2g le alpha})< infty$ so how do we choose $alpha>0$ such that the mentioned integral is arbitrarily small?
Green : How $int_{B_n} 2g d mu < frac{epsilon}{3}$ ?
lebesgue integral – Understanding the $1$norm of $L^1(mathbb{R}^d)$
I have a quick question about a proof I was reading. The proof is basically asking about the continuity of the translation operator in the $L^1$norm. Here is a snippet of the proof
I am not sure how their integral over $mathbb{R}^d$ turned into just an integral over $E$ (first line to second). It seems to me that this is not too clear. Unless I am missing something very simple…
Thanks in advance!
algorithms – Need help understanding Knuth’s proof that: The set of all pure words is wellordered by the relation >
In the paper linked below by Knuth and Bendix, theorem 1:
The set of all pure words is wellordered by the relation ‘$>$‘
has a proof that I can’t seem to follow despite staring at it all day. I can’t even decipher what the notation is trying to represent.
So, we have four fixed sequences:
 An infinite sequence of variables $v_1, v_2, v_3, …$ etc. (not relevant for Theorem 1)
 A finite sequence of operators $f_1, f_2, f_3, …, f_n$
 A finite sequence of degrees $d_1, d_2, d_3, .., d_n$
 (i.e. degree of $f_4 = d_4$)
 and a finite sequence of weights $w_1, w_2, w_3, …, w_n$
 (i.e. weight of $f_4 = w_4$)
A word is then defined inductively as either a variable alone or an operator followed by an appropriate number of other words depending on the degree of said operator.
A ‘pure word’ is a word with no variables and the weight of a pure word, $alpha$ is defined as follows:
 $w(alpha) = sum_j w_jn(f_j , alpha)$ where $n(f_j, alpha)$ is the number of occurrences of $f_j$ in the word $alpha$
Finally the relation $>$ that orders all pure words that is proved to be wellordered is defined as:
$ alpha > beta $ if and only if:

 $w(alpha) > w(beta) $
 (I’m assuming the ‘$>$‘ here is strict integer inequality and not the same ‘$>$‘ that is being defined.)

 $w(alpha) = w(beta)$ and $alpha = f_jalpha_1 … alpha_{dj}$, $beta = f_kbeta_1 … beta_{dk}$, and either:
 2a) $ j > k$; or
 2b) $j = k$ and $alpha_1 = beta_1,…, alpha_{t1} = beta_{t1}, alpha_t > beta_t$, for some $t, 1 leq t leq d_j$
Finally on page 266, for the proof that $>$ is wellordered the exposition states:
Now let $alpha$ be a pure word with $n_j$ symbols of degree $d_j$. It is easy to prove inductively that:
$n_0 + n_1 + n_2 + … = 1 + 0.n_0 + 1.n_1 + 2.n_2 + …,$
i.e. $n_0 = 1 + n_2 + 2n_3 + …$
I don’t know whether it really is ‘easy’ to prove the above because I don’t really know what the above is.
I’m fairly sure symbols are just operators in this context of pure words but if $n_0, n_1,$ etc. are symbols then how are they being summed? Does $n_0$ in the above actually represent $w(n_0)$. That doesn’t seem to provide any clarity as to what is going on with the proof.
I’ve reread the first four pages of the paper multiple times and nothing seems to be getting any clearer:
https://www.cs.tufts.edu/~nr/cs257/archive/donknuth/knuthbendix.pdf
Any insight would be appreciated.
Detecting and understanding malware/spyware [closed]
Recently, stumbled upon the new FB 500m+ leak and decided to satisfy my curiosity and poke around.
Basically just wanted to see how 500m+ user records were kept and what info was released( it was pretty much all publicly scrapable data with ocassional email address.)
Curiosity satisfied, I guess.
BUT.. what is this! Slowed response, unusually high resource usage, ridiculous boot times, amongst other things this laptop just got a lot worse! Could it be… has BonziBuddy finally returned? No seemingly just another piece of malware…
…no results from Defender, MalwareBytes, all the big names.
Well to be expected I guess when you download dodgy shit, but I’d love to know what is happening in the background of my computer right now.
So my hopefully decipherable question is this:
1 Ignore antivirus programs.
2 Using the simple tools we have at our disposal(taskmanager/monitoring active net connections/sniffing packets with wireshark.)
Is it possible for a layman to figure out exactly what is going on in the background of their computer?
I can open wireshark but I cannot figure out what is what, going where, or for what purpose(admittedly I know nothing about this software)
I can run netstat, which is like the simplemans wireshark without the packets displayed, look at active connections and corresponding local address and foreign address, along with PID, trace that to an executable, but do I know what is actually happening?
Is it impossible to see exactly what processes are doing what because without the original code we end up with undecipherable compiled jargon?
I can see files behaving strangely(unprecedented resource hog) but that alone is meaningless, what is it actually doing and can I find out?
To those people understand my ramblings and this field of computing a bit more and are impartial enough to want to shed light, what do YOU do when you have had an infection slip under the radar? Restore/Reformat? Do you use virtual machines on suspect files? What are your red flags? Dont you ever have a desire to pirate software you cant allow yourself to buy, because its for a short period of time or the use is not for commercial gain but simply out of good old primate curiosity?
Understanding of TIME COMPLEXITY in non deterministic and deterministic Turing Machines
If I assume that the complexity of an nondeterministic Turing machine N is T(n), where w = n, w: input string for N. What would be the time complexity of a deterministic Turing machine D equivalent to N?
mysql – Understanding Laravel relationships better
I want to make a simple project to understand better the Laravel database relationships. So I decided to make a movie storage project which is holding some movie names and some informations about that movie, it should be look like this:
So I wrote the relationships between these fields like this:
Movie AND Actor : Many To Many
Movie AND Director : Many To One
Movie AND IMDB : Many To One
Movie AND Genre : Many To Many
So now my question is, are these relationships correct or wrong ?
currencies – Understanding liquidation when trading Cryptocurrency in ByBit
I’m trying to understand how to trade cryptocurrency using ByBit but as you can see I have no idea what I’m doing.
I had $100 dollars (0.0460 ETH) and I got liquidated in less than an hour.
Can someone please explain how did that happen so quickly based on the settings below?
My understanding was that I was going enter at the Etherium price of $2,115
and that the trade would close at either $2,300
or $2,089
whichever hit first.
How did I lose the whole $100/0.0460 ETH, I’m confused.