BCrypt, Supply Chain, CSP, and so much more!
đ Clone2Leak: Your Git Credentials Belong To Us
Another excellent article from Flatt Security on attacking git clients: Clone2Leak: Your Git Credentials Belong To Us.
đ¤¯ Go Supply Chain Attack
Incredible example of a Go Supply Chain Attack: Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence.
đ What Okta Bcrypt incident can teach us about designing better APIs
Remember the Okta security incident? This article starts from it and then plays one of my favourite games: comparing implementations of the same thing. Make sure you read it: What Okta Bcrypt incident can teach us about designing better APIs.
âšī¸ form-action Content-Security-Policy Bypass And Other Tactics For Dealing With The CSP
A great blog on CSP with a lot of bypasses, definitely worth exploring: form-action Content-Security-Policy Bypass And Other Tactics For Dealing With The CSP.
âī¸ A Brief History of Code Signing at Mozilla
Signing a binary, that can't be that hard... right? This article demonstrates how something that may seem simple on paper can actually be very complex: A Brief History of Code Signing at Mozilla.
đ° HTTPTap
A pretty handy tool to finish... HTTPTap! An amazing way to trace HTTP requests sent by a program in just one command: HTTPTap.
