XSS over IdP Federation
Today I come to you with a new idea. What if we could bring XSS payloads into third-party applications without attacking them directly? Would be a nice approach, right? Let’s call it […]
Category: Cloud
all-about-cloud-stuff
Secure Azure AD connect
Let’s talk about Azure AD Connect. This is an application that connects your local Active Directory with the Azure Active Directory or rather synchronizes the objects. This is an application that connects […]
Defender IOC by abuse.ch
Hello wonderful security minds out there, let’s talk about indicators of compromise (IOC). One way to defend against threat actors is through “indicators of compromise” (IOC) or “tactics, techniques, and procedures” (TTP). […]
Sender forgery in Exchange Online
Imagine you could easily send internal emails in M365 in the name of any person and that without authentication and from the outside, would you do it? Well, I don’t want to […]
JWT CTF
Hello flag catchers out there, I am starting here my first CTF that I would like to make available to you. I thought this would be fun and bring something to everyone […]