tprime

Interesting whitepaper from 2019 by @AndresRiancho about insecure AWS Cognito configurations. I wonder if anyone has done something similar, but for applications which mistakenly expose the SignUp endpoint? andresriancho.com/internet-scale…

@_BalthazarBratt Nice work, that was a fun read.

@Viss Thanks for the reminder. I remember wandering into this talk at DC19 and being really glad I did.

hmmm....

Zanimiv film o Slovenskih hekerjih: youtu.be/N5Xv94DCzKY

@sylv3on_ I recommended following that book with The Tangled Web if you haven't read it already. They compliment each other really well.

I wrote a guide to securing #salesforce applications and passing the #appexchange security review for the @bishopfox blog: know.bishopfox.com/research/sfdc-…

#CactusCon day one

@Alyssa_Herrera_ Hopefully Piercing the Veil v2 is in the works

the agenda at #CLSI2019 looks awesome... would love to attend one day

Managed to get a nice hike in during a rural onsite

@IAmRedShift two examples: nytimes.com/2019/04/22/opi… wired.com/story/like-gun…

@tprime_ Can you share a link to this stuff?

disappointing to see journalists apologizing for or celebrating government censorship in #srilanka

This helped me on an assessment the other day... Thanks man!

@Alra3ees This option also exists in the GUI under 'User options -> SSL -> Disable Java SNI extension'!

Mitigating Burp Suite error “burpsuite handshake alert: unrecognized_name” Run java -Djsse.enableSNIExtension=false -jar burpsuite_pro_v1.7.37.jar Thanks to @tprime_ Articale:- zjulian.com/mitigating-bur…

want to deploy your own #BGP monitoring in minutes to detect internet censorship and more, even on a low-resource machine? check out tprime.dsskcorp.com/deploy-routevi…

@brutelogic perhaps, I just prefer the approach of whitelisting like with CSP instead of depending on the filtering cat-and-mouse game.

@tprime_ CSP can be highly effective but it's a policy not a filter.

Who does a better job as a 2nd line of defense against #XSS?

@evaryont @CactusCon yeah dude! I will make sure to find you around the con

@tprime_ @CactusCon let's hang out at @CactusCon!

defcon was fun, next up is @CactusCon