A list of computer security guidelines and references.

Read more…

Two related authority-ambiguity vulnerabilities in NGINX and Debian's proxy_params configuration snippet.

Read more…

If you are trying to understand the difference between the different cryptography-related formats (PKS#12, PKCS#8, PEM, X.509 certificate, DER, JWK, BEGIN ENCRYPTED PRIVATE KEY??? 🤯), you will hopefully find some useful information here (and a lot more your did not wanted to know about).

Read more…

PortSwigger “Concealing payloads in URL credentials” talks about concealing XSS payloads in URL credentials. The nice thing is that this makes the payload invisible to WAFs and other server-side XSS filters. You can actually conceal the payloads in other places

Read more…

Testing ASCII smuggling using Unicode Tags on LLMs/chatbots. Nothing new here. Just a short summary.

Read more…

Keycloak's UMA implementation seems tricky to me.

Read more…

In a previous post, I described a pass-the-permission-ticket vulnerability in UMA 2.0 in which a malicious UMA resource server could kindly ask a UMA client to give it access tokens actually intended for another UMA resource server. In this post, I am describing a similar attack when the authorization server is malicious.

Read more…

In the User-Managed Access (UMA) 2.0 protocol, a malicious resource server (or a malicious server acting as a resource server) can obtain a requesting party (access) token (RPT) intended for another UMA resource server from a UMA client by passing a permission ticket obtained from the target resource server to the UMA client. This can compromise the privacy (confidentiality) and integrity of UMA protected resources.

Read more…

Some more tips for interacting with the namespaces of Podman containers.

Read more…

Extracting the system prompt from GitHub CoPilot.

Read more…