Application Security This Week for December 15

Nice writup that explains a pivot from and iPhone app all the way through to domain access via chained exploits. Application security is hard.

https://decoder.cloud/2019/12/12/from-iphone-to-nt-authoritysystem/

 

The security.txt file is near becoming an IETF standard.

https://mailarchive.ietf.org/arch/msg/ietf-announce/OFuiGlVv6WgvEEABaGmnYi120yU

 

Cool Azure horizontal privilege escalation writeup using the cloud shell.

https://blog.netspi.com/attacking-azure-cloud-shell/

 

That's the news. Hope everyone is having a stress-free holiday.

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList