"Traitor packages up a bunch of methods to exploit local misconfigurations and vulnerabilities (including most of GTFOBins) in order to pop a root shell."

github.com/liamg/traitor

#security #testing

Together with the Internet Society, we have written an open letter to the EU to explain why an encryption backdoor for the 'good guys only' is simply impossible. Keep fighting for a secure internet with us! 💪👇
internetsociety.org/resources/

What is it that makes logout's with and token revocation such a minefield? Are logout's deprecated?

RT nitter.net/@chaosupdates
Die Tickets zum #rC3 werden für den Logged-In-Bereich benötigt: Interaktionen zwischen den Teilnehmenden, Workshops, Entdecken der Assemblies-Flächen und ein paar Überraschungen events.ccc.de/2020/12/03/rc3-t

SSOs gave me so many identity crisis this year. Always sign any and message completely.

Conviced them to use authorization code flow with pkce instead.

Show thread

Why would anybody use Resource Owner Password Credential Grant with Basic Auth in a mobile app developed in 2020?

Hello Fosstodon, I'm alcastronic. OpenSource user and fulltime hacker. Doing pentests and forensics. Found one or two bugs in OpenSource projects and hope to be of help fixing such.

Just posted this to Facebook and I'm done.

musings.tychi.me/so-long-and-t

Don't worry fosstofriends, you're still stuck with me.

Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.