Add 8.7 and 8.8 for android and ios: show how you can delay the attacker or report tampering to the backend as a response to a tamper detected
8.7: The app implements multiple mechanisms in each defense category (8.1 to 8.6). Note that resiliency scales with the amount, diversity of the originality of the mechanisms used.
8.8: The detection mechanisms trigger responses of different types, includ

Hello spoooopyyy hackers 🎃

This is a Hacktoberfest only issue! 👻

Find our contributing guidelines here, this walks you through how to add a decoder / cracker!
https://github.com/Ciphey/Ciphey/wiki#adding-your-own-crackers--decoders

Don't worry if it looks hard, we will walk you through everything! :)

Write this issue in Python!

Links

These links will

Hi All,

So I'm trying to use hydra to bruteforce a login on a system that uses custom http headers to receive the username and password. Hydra does not seem to be doing substitution of ^USER^ and ^PASS^ when used as HTTP headers. If I issue issuing a call to hydra like this:

hydra "http-post://0.0.0.0:8000/:H=username\:^USER^:H=password\:^PASS^" -l admin -p admin

I see the following r

⭐ Challenge idea

Description

I notice that the Cards API returns the full credit card number, while the UI only shows the last digits

Underlying vulnerabilities

• entire card storage -> PCI/DSS
• returning more info than what's displayed

Expected difficulty

| ✔️ / ❌ | Difficulty |
|:------------------------

RustScan has an accessible mode, rustscan --accessible which should promise not to have any weird ASCII text in it.

Write CI that runs RustScan with --accessible a few times, with different flags / options and check the terminal output to see if it contains one of these:

1. [!]
2. [~]
3. [>]
4. | {}

If any of these characters appear in any of the tests, fail the CI. E

Context

Please select one:

• I use the docker image ullaakut/cameradar
• I use my own build of the docker image
• I use the pre-compiled binary
• I use my own build of the binary
• None of the above / I don't know

Please select one:

• I use a specific version:
• I use the latest commit of the master branch
• I use the latest comm

so if the password is correct it accepts it .... and if it's wrong it says the entered password is wrong .. and asks for the password again .. just like what the real sites do :)