Aggregator

As more organizations move to hardware tokens and password-less auth (e.g. Yubi-keys, Windows Hello for Business,…) attackers will look for other ways to to trick users to gain access to their data. One novel phishing technique is by using the OAuth2 Device Authorization Grant. This post describes how it works with Microsoft AAD as example. Attacker initiates the phishing flow The attacker starts a Device Code flow by issuing a request to the device code token endpoint (e.

Focus on API security as part of your digital bonding strategy, because APIs are already connecting your business activities.

友情转载

友情转载

这么重大的新闻不得提前来爆个料！

Misconfigurations with MFA setups are not uncommon when using AAD, especially when federated setups or Pass Through Authentication is configured I have seen MFA bypass opportunities in multiple production tenants. A common misconfiguration is that MFA is enforced at the federated identity provider, but AAD is forgotten and ROPC authentication still succeeds against AAD. To learn more about ROPC, check out the previous post about the topic. This post focuses on the ropci features that can be leveraged post-exploitation.

随便写写

随便写写

只要肯努力，就会有进步

小公司的DevOps原则

小公司的DevOps原则

Akamai?s partnerships with Teneo and Bytes Software Solutions help us to adapt, grow, and innovate in an ever-changing landscape.

前言

SD卡(Secure Digital Memory Card)是一种存储介质，基于NAND闪存技术，作为MMC(Multimedia Card)的替代。一般用于多媒体播放器，相机，手机，随后也大量用于IoT设备和汽车电子。根据SD卡尺寸，可以分为SD

学习完王铁磊大佬在华为的分享视频，记录总结一些有用的内容。还会根据分享的内容再额外补充一些其他相关内容。

Read about the EdgeGrid PHP client update, EdgeWorkers news, the Terraform Provider 3.0 release, and the new Build, Deliver & Secure video series.

《演化的高级威胁治理》系列，共六篇，更新完毕

《演化的高级威胁治理》系列，共六篇，更新完毕

大家好！这里是219攻防实验室！你一定没有听说过我们，因为我们刚成立不久。219攻防实验室专注于前沿攻防研究