Josh Pitts

Josh Pitts
Principal Hacker, Offsec Team

Josh Pitts is a Principal Hacker at Okta on our offsec team. He has over 15 years' experience conducting physical and IT security assessments, IT security operations support, penetration testing, malware analysis, reverse engineering, and forensics. Josh also served in the US Marines working in SIGINT.

Josh Pitts

I can be Apple, and so can you

A Public Disclosure of Issues Around Third Party Code Signing Checks Summary: A bypass found in third party developers’ interpretation of code signing API allowed for unsigned malicious code to appear to be signed by Apple. Known affected vendors and open source projects have been notified and patches are available. However, more third party security, forensics, and incident response tools that use the official code signing APIs are possibly affected. Developers are responsible for...

Josh Pitts

Hey Chef, What's the Length of your Encrypted Password?

TL;DR This post takes a quick look at Chef Data-Bags and SaltStack Pillar (GPG.Renderer) and identifies methods to determine if encrypted information leaks details about the plaintext, such as password length, that could aid an attacker. Introduction Does your organization, or one you are testing/auditing, use Chef Data Bags or SaltStack Pillar with the GPG.renderer to secure secrets for deployment and operations? If so, you have probably looked at these encrypted blobs of data and thought,...

Josh Pitts

Teaching Shellcode New Tricks - DEF CON 25 Addition

My REcon Brussels talk of the same title was accepted for DEF CON 25. It was supposed to be a release of x64 bit Import Address Table (IAT) based payload parsing stubs to get them into the Metasploit Framework as a feature. It was supposed to be straight forward, no issues, no surprises kind of talk. Until June 18th, everything was great. Then I checked twitter. Surprise, Surprise! Microsoft is shipping in Windows 10 RS3 not only EMET in the Windows Kernel, but they added an Import Address...