Vulnerability Management at Lyft
The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP.
I'm joining at @firstname.lastname@example.org
GCP Penetration Testing notes
Google Roulette :)
This post is part of a series on Mastodon and the fediverse.
There are many security solutions available today that rely on the Extended Berkeley Packet Filter (eBPF) features of the Linux kernel to monitor kernel functions.
As a security researcher, as a beginner, you may see the fact of having your own CVE as the Graal.
Bitwarden has this great feature: built-in TOTP Authenticator.
This post will cover some things I'be come across in custom applications using Salesforce's API as a backend - this post does not deal with "hacking Salesforce" itself.
He connected to the production VPN and entered one of the k8s pods using kubectl exec.
Varonis Threat Labs found a SQL injection vulnerability and a logical access flaw in Zendesk
iOS/iPadOS backups where an attacker could trigger a backup without a user’s consent to steal their data
That's perfect timing to talk about how to make your GraphQL APIs secure and ready for production.
Techniques In Email Forensic Analysis
Websites, apps and services using passkeys for authentication
macOS Sandbox Escape vulnerability
Azure Backdoors presentation by Andy Robbins