If you're interested in coming to class, bit.ly/48cOpFY. The DC event is filling up; the next event will be for the AsiaPac region, technically out of Japan. Take a look at the syllabus; it's been completely rewritten.
I was talking to a few students over the past few weeks, and it suddenly dawned on me. The SEC588 Cloud Pen Testing course has almost no reason not to come in person. Why is that? All students get the 4-month OnDemand Bundle with Lab access included with all classes!
Happy America Day for 2025.
I spend the last few days on a new project. Get IPv6 running in my homelab. The dual horned nature of my house made me hesitant. I learned a ton along the way. Probably will do a video or blog post soon. #IPv6 #Homelab
I am speaking at the South Florida ISSA Meeting Tonight. It's in the same venue as the HackMiami conference. If you are in the area and want to hang out, here are the details:
www.meetup.com/south...
I have not been active on social media for the last 45 days. My ability to share sharply declined. After some deep thinking and professional life changes, I can now share more freely—such a burden lifted from my shoulders. Videos are coming soon.
If you have ever taken #SEC588, I have always said that SAML needs to go away. Here is a nasty bug in a library where you can bypass it altogether mostly: workos.com/blog/samlstorm
Just send a signed request, and you will be good to go.
That post was scheduled weeks ago so I do apologize for that. Clarification on my thoughts. Internal systems running Windows (older stacks) I think could be a bigger concern. I’m thinking through customer internal environments where the servlet console is exposed. Sadly.
If you see the following header in your weblogs and your running next.js ... well...
x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware
#CVE-2025-29927
I just wanted to go on record in saying if the internet ever went dark, it is truly when this website is gone....
www.zombo.com
This is an excellent writeup by the Objective See folks. I had to ensure I was still reading about an exploit halfway through the beginning because the build-up was so good.
If MacOS and Exploiting MacOS is your thing, this is a great read: bit.ly/4bTsGnZ
I'll more than likely discuss this at some point in a video. This Apache Tomcat bug is pretty bad. The POC is dead simple and it will probably be easy to work around firewalls.
Patch!
www.darkreading.com/...
1/n
I was, of course, to my detriment, going to give the vendor some grace, hoping that, given enough time, they would do the right thing. But time is the factor will they, in time, change to a whitelist method?
Let me be crystal clear: the person who wrote the @watchtowrcyber blog is correct about deserialization gadgets. The video gives some thoughts, but I wanted to add context. Amazing work from @sinsinology
1/n
youtu.be/mJTo_YGwYzY
Is that Tomcat bug a non-issue? I'm hesitant to say so, primarily because of the many horror show bugs I've seen in Tomcat servlets in the past. Do I suspect there will be more issues on the internal networks? Yes.
Comment Below
Video: youtu.be/Du4d7Q4R51Q
The jc-action/changed-files attack, was it new and novel? If you look at the gist of the python memdump.py script, you may have noticed that this was just a copy of an existing set of research studies from pwnhub and others—link in the video's description.
youtu.be/lqPoWd7CbTE
I feel like I'm off my game. I would have never even considered this vector. This group knew what it was doing; they made their Author Commit show up as "Responder Bot." Smart.
This particular attacker leveraged the fact that 23,000 companies use this plug-in. When used, it leaks out secrets from your CI/CD system. This is scarily brilliant.
This is super interesting. An attacker gained access to a popular "plug-in" (the best way I could describe it) to your CI/CD pipeline in a Github Action that would do change file detection in your runs.
www.stepsecurity.io/...
1/n
If that is your cup of tea, check out the following: github.com/nickvourd... Using Cloudflare Workers and Azure CDN to make this work. This is a pretty good idea.
The other day, one of my coworkers asked me a question, and it was around: what do you currently recommend for C2 in a Red Team Engagement? Now, this question comes up a ton. In practice, we have been using Cloudflare because it just "works," but what if that no longer works?
On the road, so I recorded this over the week. Bug fixes for last week.
bit.ly/4kNdqgk
Do you all think Manus AI Is a threat. I thought I'd give some folks a fun one for a video update:
bit.ly/41ylBEo
Healthcare IT is a total mess. Microsoft is injecting some funding in it: bit.ly/4i4ts3I
Everyone is alarmed by a "Webcam" used to deploy ransomware as a nothing-burger. The article should highlight that ransomware actors are not just automating the attack but actively looking into a network. If you have a vulnerable non-windows device, it will be used.
You want to execute malware in a sandboxed environment. You want to do this self-hosted or in the cloud in your environment. What do you choose?
(Yes, I know that online analysis tools exist).
Comment Below
#security #cybersecurity #onlinesafety #privacy #technology
Quantum Curious? Today's topic is Post Quantum Cryptography, more or less.
#security #cybersecurity #onlinesafety #privacy #technology #crypto
bit.ly/3XuoNja
I don't yet know the full implications of this, but being able to "patch" your Microcode such that, idk, XOR compares always return true for specific functions would be bad. bit.ly/3F4V3TP
I will make a video of this later today. Youtube.com/@MosesFr...