I decided to make a homage-post to @homakov and @Nirgoldshlager about different OAuth-token leakage methods I've been researching – ten years after their blog posts that inspired me to start hunt for bugs ♥️ thank you.
https://t.co/pODPvDUOU9
Shared similar content on @Google podcast: we implemented this at @gopayindonesia, built developer platform which helped us rollout @IstioMesh 50x faster 🚀🚀 go listen https://t.co/Jz5IoSL8j7
You're a better hacker if you know how to build the thing you're trying to hack. Create labs, install stuff, configure it, breake it from the inside. Then apply that knowledge when attacking from the outside. You'll see clear flaws once you really know how it works.
The problem in IT security is that fascinating things are often unnecessary while boring things are usually essential.
We focus too much on the fancy stuff and can't get the fundamental things right.