denver
Joined May 2009
Kos retweeted
Calling all hackers! You can now find the bug of your dreams with @Tinder's #bugbounty program, which has just gone public! Check out their program page for more details: hackerone.com/tinder?type=teโ€ฆ #happyhacking
6
31
3
93
GIF
Kos retweeted
Less than ONE WEEK left to submit your research! The beach is calling ๐Ÿ’ป๐ŸŒด๐Ÿ˜Ž sandiego.toorcon.net/talks
0
8
0
7
Kos retweeted
ToorCon San Diego 2021 is a GO! Now with new shiny COVID-19 safety reqs ๐Ÿ’‰ Talks. Demos. Fun! Oct 12-14, 2021. CFP and Reg NOW OPEN. Submit your research for a chance to join us on the beach this October! ๐Ÿ’ป๐Ÿ˜Ž๐Ÿ–๏ธ sandiego.toorcon.net/talks
4
28
3
45
I don't remember seeing this event at the Olympics.
0
1
0
6
Lmao printing this out to start my deck, Hacker, Trading Card Game.
Announcing our first ever Keynote speaker: ๐—”๐—น๐—ถ๐˜€๐˜€๐—ฎ ๐—ž๐—ป๐—ถ๐—ด๐—ต๐˜!! Be sure to check out her talk on Friday, Aug 6th @ 10am! "Hacking State and Federal Law Enforcement Vehicles" #Defcon29 #defcon #chv #keynote
0
0
0
3
Of course client side security mechanisms are reliant on the client being trusted, but the only extrs protection added was cert-pinning. Injected Frida into the APK didn't throw any other red flags. Could have at least used Device Attestation for such a sensitive app.
Spent a good amount of my weekend looking at Colorado's "myColorado" app. At one point I was having a difficult time reversing the QRcode data share format from decompiled source. Luckily they have a working sample QR code for some reason.
Show this thread
2
0
0
3
The "secure driver's license" is a bit of security theater. A very simple JSON object defines all the values available to it, no secondary validation or signing of the data. I guess the assumption is that your ID # can be identified out of band. Probably a safe enough assumption.
0
0
0
0
Spent a good amount of my weekend looking at Colorado's "myColorado" app. At one point I was having a difficult time reversing the QRcode data share format from decompiled source. Luckily they have a working sample QR code for some reason.
1
1
1
9
The QRcode sharing is actually ... not good. It only tells the server what you want to share. None of the sharing is done client side, you have to trust that the server is only sharing what you requested it to share.
2
0
0
0
Other than that, everything is done in a probably-mostly okay way. I don't have a test account (it uses gov info for you to register,) so there's some things I can't easily (or legitimately) test. But no egregious sec issues. From what I could tell, backend is all Laravel.
1
0
0
0
Mostly everything is bound by your session, so no IDOR. There is a way to request vehicle registration that combines your license plate and a verification code, but the code is only (presumably) printed on your physical registration card.
1
0
0
0
The verification code is [A-Z0-9]^5, and even if 60m request isn't noticeable to them (hopefully it is,) their responses are slow enough to make it less that feasible to brute.
0
0
0
0
oh no
0
0
1
5
After becoming a pentester AFTER I ran a large PKI environment, I generally tried to avoid touching AD CS. Not because it wasn't useful, but the impact, and subsequent required remediation, of violating a CA (even internal) was just not something I wanted to force on admins.
no wonder @gentilkiwi says a CA server should be secured as if it was a DC, got access, exported certificate, imported the certificate in another host and I'm generating TGTs for any user in the domain with it
1
0
0
1
After that, moving into defense of an SMB environment, rotating the CA (and krbtgt, ADFS signing key, & other high privileged secrets) was high on my priority list. Protecting AD CS, AD FS, Azure Sync hosts (probably more) as if they were DCs was right in line with that too.
0
0
0
1
Dear intern, I once partially shutdown a factory because I forced thousands of machines to refresh their AV database at once, saturating the wireless network and causing tons of client disconnects. I learned about the benefits of staggered deployments that day.
We mistakenly sent out an empty test email to a portion of our HBO Max mailing list this evening. We apologize for the inconvenience, and as the jokes pile in, yes, it was the intern. No, really. And weโ€™re helping them through it. โค๏ธ
2
2
0
17
CC fraud alert, which is a good catch because I've ordered from AliExpress a few times in the last year. Then immediately got subscription bombed, hundreds of random subscriptions. Guess they were mad the bank blocked the transaction. ๐Ÿ˜‚
2
0
0
6
Great feature, Gmail.
0
0
0
3
A few months ago Cellebrite announced that they would begin parsing data from Signal in their extraction tools. It seems they're not doing that very carefully. Exploiting vulnerabilities in Cellebrite's software, from an app's perspective: signal.org/blog/cellebrite-vโ€ฆ
124
2,282
880
6,159