samlresponse sent from idp back to browser, who posts via form to service provider. the response is encrypted with the public key of the service provider Usually, the SP creates a SAML request, and also creates a form whose action…
Category: Security
Finding large prime numbers with python
This post will provide how to calculate the largest prime number of a 96 bit number. This was chosen as a starting point. As you can see, it took almost 27 minutes (1614 seconds) to calculate on a dual core…
Spoofed IP network behaviour
In this case, we spoof the IP of our client to 192.168.1.101. When we do this, and send only a SYN packet to the server, we see the SYN on the client… [root@cmhlcarchapp02 ~]# python spoof.py 1 09:37:52.469226 IP 192.168.1.101.49999…
Verifying an SSL certificate expiration with java
We came up with this as a one-off to alert us when a certificate was close to expiration (we were burned one too many times)… import java.net.*; import java.security.cert.*; import javax.net.ssl.*; public class GetCertDates { public static void main(String []…
Finding sensitive data in a heap dump
What is below proves the card holder PAN is in the clear in the dump… public class memSecurity { public static void main (String args[]) throws Exception { String c = “1234567887654321”; Thread.sleep(180000); } } Compile and run what is…