Blind callback environment
Hello my dear technically interested friends, It’s been a long time, but today we’re looking at an exciting topic. You may be familiar with Canary Tokens or similar services that allow you […]
Tag: Education
XSS over IdP Federation
Today I come to you with a new idea. What if we could bring XSS payloads into third-party applications without attacking them directly? Would be a nice approach, right? Let’s call it […]
Secure Azure AD connect
Let’s talk about Azure AD Connect. This is an application that connects your local Active Directory with the Azure Active Directory or rather synchronizes the objects. This is an application that connects […]
Defender IOC by abuse.ch
Hello wonderful security minds out there, let’s talk about indicators of compromise (IOC). One way to defend against threat actors is through “indicators of compromise” (IOC) or “tactics, techniques, and procedures” (TTP). […]
Sender forgery in Exchange Online
Imagine you could easily send internal emails in M365 in the name of any person and that without authentication and from the outside, would you do it? Well, I don’t want to […]
Jackpoting Online Slots – part four
Another sunny day in the cyber security world, welcome back security folks. Today, in the fourth and for now last part of this blog series, we will focus on how to build […]
MitM Proxy on Kali
Mahatma Gandhi’s quote “Distrust is a sign of weakness” may be true in the real world, but certainly not in the cyber world of networks and Zero Trust. There are simply too […]
what about: JWT
In a world full of web services, APIs and clouds, authentication and authorisation needs to be rethought. Basic methods such as Kerberos are no longer applicable, or only partially applicable, to these […]