Vickie Li

Attacking SSO With Subdomain Takeovers

A brief look at how subdomain takeovers can give attackers a meaningful way to compromise single sign-on solutions.

Sami Laine

Factors & Dongles & Tokens, Oh My - Strong Auth Terminology in 7 minutes

MFA, 2FA, SMS, TOTP, U2F, FIDO2,... SMH, OMG. Strong authentication terminology explained.

Sami Laine

WebAuthn Is Great and It Sucks

WebAuthn and FIDO2 promise a great future. Let's see if we can have it today.

Vickie Li

Attacking Evil Regex: Understanding Regular Expression Denial of Service Attacks (ReDoS)

A quick look at how Regular Expression Denial of Service Attacks work and what you need to be aware of.

Vickie Li

A Quick Introduction to Regular Expressions for Security Professionals

A short introduction to regex. We'll explain how to use it and why it's so helpful for security analysis.

Marc Rogers

How the COVID-19 Pandemic Has Dramatically Changed the Cybersecurity Landscape

Over the past two decades working in the security space, I’ve observed that there’s always an uptick in attackers looking to exploit the chaos during disasters or periods of civil unrest or political instability. As people panic or try to act with more urgency, they become more vulnerable. Caution, one of our strongest defenses, is the first thing to go out of the window. As our sense of urgency grows, we become more willing to take shortcuts and the opportunity to fool us grows...

Christopher Bennett

The Case for Host Security Logs

A look at why host security logs should be at the top of your list when establishing a security program.

Andrew Lee

Using hack_url_re to Auto Detect Website Spoofing Vulnerabilities

Phishing attacks often spoof websites in order to steal passwords, tricking users into entering credentials to a website that looks identical to the one they routinetly access. To avoid such trickery, account holders can trust their passwords to password managers like Okta’s SWA plugin, which are not fooled by visual similarity. However, if the code for identifying the website contains any flaws, attackers could exploit them in order to continue to steal passwords. Recognizing this threat, the...

Andrew Lee

Multi-Factor Mixup: Who Were You Again?

Summary: A weakness in the Microsoft ADFS protocol for integration with MFA products allows a second factor for one account to be used for second-factor authentication to all other accounts in an organization. After being notified about the vulnerability and independently validating it, Microsoft produced a patch to address it. See CVE-2018-8340. This vulnerability is best addressed within ADFS and it likely affects all MFA products for ADFS. Organizations running Microsoft ADFS are advised...