Hardening Chrome based browsers
Go to
Then,
Disable - The Following Flags
==========================
#enable-offline-auto-reload
#disable-webrtc-hw-decoding
#disable-webrtc-hw-encoding
#enable-webrtc-hw-vp8-encoding
#clear-old-browsing-data
#enable-usermedia-screen-capturing
#disable-hyperlink-auditing
#contextual-search-ml-tap-suppression
#contextual-search-ranker-query
#enable-password-generation
#enable-manual-password-generation
#wallet-service-use-sandbox
#enable-chrome-home-survey
#vr-browsing-native-android-ui
#enable-gamepad-extensions
#webxr
#webxr-gamepad-support
#webxr-orientation-sensor-device
#webxr-hit-test
#vr-icon-in-daydream-home
#safe-search-url-reporting
#keep-prefetched-content-suggestions
#content-suggestions-debug-log
#enable-breaking-news-push
#interested-feed-content-suggestions
#enable-ntp-article-suggestions-expandable-header
#enable-ntp-remote-suggestions
#enable-ntp-suggestions-notifications
#PasswordExport
#PasswordImport
#password-search
#enable-nostate-prefetch
#enable-new-preconnect
#enable-async-dns
#enable-mark-https-as set to: Enable (mark as actively dangerous) this option will be removed
#BundledConnectionHelp
enable-omnibox-voice-search-always-visible
#enable-viz-test-draw-quad
#enable-framebusting-needs-sameorigin-or-usergesture
Enable - The Following Flags
==========================
#num-raster-threads (4)
#enable-offline-auto-reload-visible-only
#enable-tcp-fast-open
#enable-scroll-anchoring
#enable-new-photo-picker (enabled)
#enable-fast-unload
#enable-history-entry-requires-user-gesture
#smooth-scrolling
#enable-quic (see explanation)
#enable-android-spellchecker
#enable-chrome-modern-design
#enable-modal-permission-dialog-view
#reduced-referrer-granularity
#enable-site-per-process
#offline-bookmarks
#enable-brotli
#force-show-update-menu-badge
#tls13-variant set to: Enabled (Draft23)
#disable-audio-support-for-desktop-share
#enable-content-suggestions-new-favicon-server
#important-site-in-cbd
#enable-font-cache-scaling
#new-audio-rendering-mixing-strategy
#expensive-background-timer-throttling
#modal-permission-prompts
#lsd-permission-prompt
#language-settings
#enable-custom-context-menu
#enable-custom-feedback-ui
#omnibox-display-title-for-current-url
#autoplay-policy set to: Document user activation required
#enable-async-image-decoding
#dont-prefetch-libaries
#sound-content-setting
#enable-parallel-downloading
#enable-overflow-icons-for-media-controls
#enable-downloads-location-change
#enable-block-tab-unders
#stop-in-background
#clipboard-content-settings
#enable-modern-media-controls
#unified-consent
By Chef Koch
Taken from @EnergizedProtection ⚡️
#hardening #chrome #browser
Go to
chrome://flagsThen,
Disable - The Following Flags
==========================
#enable-offline-auto-reload
#disable-webrtc-hw-decoding
#disable-webrtc-hw-encoding
#enable-webrtc-hw-vp8-encoding
#clear-old-browsing-data
#enable-usermedia-screen-capturing
#disable-hyperlink-auditing
#contextual-search-ml-tap-suppression
#contextual-search-ranker-query
#enable-password-generation
#enable-manual-password-generation
#wallet-service-use-sandbox
#enable-chrome-home-survey
#vr-browsing-native-android-ui
#enable-gamepad-extensions
#webxr
#webxr-gamepad-support
#webxr-orientation-sensor-device
#webxr-hit-test
#vr-icon-in-daydream-home
#safe-search-url-reporting
#keep-prefetched-content-suggestions
#content-suggestions-debug-log
#enable-breaking-news-push
#interested-feed-content-suggestions
#enable-ntp-article-suggestions-expandable-header
#enable-ntp-remote-suggestions
#enable-ntp-suggestions-notifications
#PasswordExport
#PasswordImport
#password-search
#enable-nostate-prefetch
#enable-new-preconnect
#enable-async-dns
#enable-mark-https-as set to: Enable (mark as actively dangerous) this option will be removed
#BundledConnectionHelp
enable-omnibox-voice-search-always-visible
#enable-viz-test-draw-quad
#enable-framebusting-needs-sameorigin-or-usergesture
Enable - The Following Flags
==========================
#num-raster-threads (4)
#enable-offline-auto-reload-visible-only
#enable-tcp-fast-open
#enable-scroll-anchoring
#enable-new-photo-picker (enabled)
#enable-fast-unload
#enable-history-entry-requires-user-gesture
#smooth-scrolling
#enable-quic (see explanation)
#enable-android-spellchecker
#enable-chrome-modern-design
#enable-modal-permission-dialog-view
#reduced-referrer-granularity
#enable-site-per-process
#offline-bookmarks
#enable-brotli
#force-show-update-menu-badge
#tls13-variant set to: Enabled (Draft23)
#disable-audio-support-for-desktop-share
#enable-content-suggestions-new-favicon-server
#important-site-in-cbd
#enable-font-cache-scaling
#new-audio-rendering-mixing-strategy
#expensive-background-timer-throttling
#modal-permission-prompts
#lsd-permission-prompt
#language-settings
#enable-custom-context-menu
#enable-custom-feedback-ui
#omnibox-display-title-for-current-url
#autoplay-policy set to: Document user activation required
#enable-async-image-decoding
#dont-prefetch-libaries
#sound-content-setting
#enable-parallel-downloading
#enable-overflow-icons-for-media-controls
#enable-downloads-location-change
#enable-block-tab-unders
#stop-in-background
#clipboard-content-settings
#enable-modern-media-controls
#unified-consent
By Chef Koch
Taken from @EnergizedProtection ⚡️
#hardening #chrome #browser
Google Autofill tests biometric authentication for passwords and payments
https://www.xda-developers.com/google-autofill-biometric-authentication-passwords-payments
https://nakedsecurity.sophos.com/2020/01/14/google-tests-biometric-authentication-for-android-autofill
#google #biometrics #password #payments #fp
https://www.xda-developers.com/google-autofill-biometric-authentication-passwords-payments
https://nakedsecurity.sophos.com/2020/01/14/google-tests-biometric-authentication-for-android-autofill
#google #biometrics #password #payments #fp
Forwarded from BlackBox (Security) Archiv
Bitwarden leaks passwords to other subdomains
Today I was on a domain that should only be available via BasicAuth. Then I was really scared when I did not have to login. Even in incognito mode the page was visible without login. Is my BasicAuth broken? Turns out: No, but @Bitwarden has automatically logged in for me.
👀 👉🏼 https://nitter.net/RitzmannMarkus/status/1307614248835731456
#bitwarden #leak #password #subdomains
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Today I was on a domain that should only be available via BasicAuth. Then I was really scared when I did not have to login. Even in incognito mode the page was visible without login. Is my BasicAuth broken? Turns out: No, but @Bitwarden has automatically logged in for me.
👀 👉🏼 https://nitter.net/RitzmannMarkus/status/1307614248835731456
#bitwarden #leak #password #subdomains
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Nitter
Markus Ritzmann (@RitzmannMarkus)
Today I was on a domain that should only be available via BasicAuth. Then I was really scared when I did not have to login. Even in incognito mode the page was visible without login. Is my BasicAuth broken? Turns out: No, but @Bitwarden has automatically…
Forwarded from BlackBox (Security) Archiv
Password manager: LastPass restricts free version
Users of the free version of LastPass will only be able to use the password manager across devices to a limited extent from March.
Starting in March and then again in May, the LastPass developers want to reduce the functionality of the free version. The password manager is available for popular systems such as Android, iOS and Windows. Users have access to their passwords stored in the password vault on all devices.
https://blog.lastpass.com/2021/02/changes-to-lastpass-free/
#LastPass #password #manager
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Users of the free version of LastPass will only be able to use the password manager across devices to a limited extent from March.
Starting in March and then again in May, the LastPass developers want to reduce the functionality of the free version. The password manager is available for popular systems such as Android, iOS and Windows. Users have access to their passwords stored in the password vault on all devices.
https://blog.lastpass.com/2021/02/changes-to-lastpass-free/
#LastPass #password #manager
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Lastpass
Changes to LastPass Free - The LastPass Blog
Update as of May 20, 2021 Free users will continue to receive support for technical issues until August 23, 2021 to assist through the transition of selecting an active device type. After this dat[..]
#France Supreme court: Refusing to provide your phone #password is a crime.
https://www.lemonde.fr/societe/article/2022/11/07/le-refus-de-communiquer-le-code-de-deverrouillage-d-un-telephone-portable-peut-constituer-un-delit-juge-la-cour-de-cassation_6148834_3224.html
https://www.lemonde.fr/societe/article/2022/11/07/le-refus-de-communiquer-le-code-de-deverrouillage-d-un-telephone-portable-peut-constituer-un-delit-juge-la-cour-de-cassation_6148834_3224.html
Le Monde.fr
Le refus de communiquer le code de déverrouillage d’un téléphone portable peut constituer un délit, juge la Cour de cassation
L’instance était appelée à se prononcer sur une affaire de trafic de stupéfiants dans laquelle une cour d’appel avait relaxé un suspect qui avait refusé de donner le code de déverrouillage de ses deux téléphones, malgré la jurisprudence de la Cour de cassation.
Media is too big
VIEW IN TELEGRAM
OffensiveCon24 - Solar Designer - Keynote - Password Cracking: Past, Present, Future
Passwords (or phrases) remain a distinct and ubiquitous authentication factor. They are also widely used to derive encryption keys for data or other keys. Password cracking is used in security audits, penetration testing, to recover or gain access to data, keys, or funds, and for a variety of other purposes. Focus of this talk is evolution and optimization of offline password cracking. At a high level, we break down the optimization problem into that of speed (how many candidate passwords we test per second) and focus (which candidate passwords we test against which targets and in what order). Also included is plenty of historical context starting with 1960s and until the present day, with a look into the future.
https://www.offensivecon.org/speakers/2024/solar-designer.html
#Password #Craking #PasswordCraking
Passwords (or phrases) remain a distinct and ubiquitous authentication factor. They are also widely used to derive encryption keys for data or other keys. Password cracking is used in security audits, penetration testing, to recover or gain access to data, keys, or funds, and for a variety of other purposes. Focus of this talk is evolution and optimization of offline password cracking. At a high level, we break down the optimization problem into that of speed (how many candidate passwords we test per second) and focus (which candidate passwords we test against which targets and in what order). Also included is plenty of historical context starting with 1960s and until the present day, with a look into the future.
https://www.offensivecon.org/speakers/2024/solar-designer.html
#Password #Craking #PasswordCraking
Pandora
A red team tool that assists into extracting/dumping master credentials and/or entries from different #password managers.
This is a red team tool that assists in gathering credentials from different password managers. They are separated into three categories, Windows 10 desktop applications, browsers, and browser plugins. This may work on other OS, like Linux, but it is not tested yet. In this release (v1.0), the tool supports 14 password managers, with 18 different implementations (e.g., the tool could dump credentials either from the desktop app, or the browser plugin of the same product). Specifically, in most cases, password managers must be up and unlocked for the tool to work.
https://github.com/efchatz/pandora
A red team tool that assists into extracting/dumping master credentials and/or entries from different #password managers.
This is a red team tool that assists in gathering credentials from different password managers. They are separated into three categories, Windows 10 desktop applications, browsers, and browser plugins. This may work on other OS, like Linux, but it is not tested yet. In this release (v1.0), the tool supports 14 password managers, with 18 different implementations (e.g., the tool could dump credentials either from the desktop app, or the browser plugin of the same product). Specifically, in most cases, password managers must be up and unlocked for the tool to work.
https://github.com/efchatz/pandora
GitHub
GitHub - efchatz/pandora: A red team tool that assists into extracting/dumping master credentials and/or entries from different…
A red team tool that assists into extracting/dumping master credentials and/or entries from different password managers. - efchatz/pandora