oauth – Torchsec

Featured

Microsoft Warns of Hackers Exploiting OAuth for Cryptocurrency Mining and Phishing

December 13th, 2023 | 🕒

https://www.ispeech.org Dec 13, 2023NewsroomCryptocurrency / Threat Analysis Microsoft has warned that adversaries are using OAuth applications as an automation tool

Featured

How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes

August 21st, 2023 | 🕒

iSpeech From a user's perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account

Featured

Taking over booking.com accounts by abusing OAuth 2.0

March 2nd, 2023 | 🕒

Text to Speech submitted by /u/ynvb comments] Source link

Featured

Update: Cyber Operations Augmenting Russian Military

Microsoft 365 OAuth Device Code Flow and Phishing

February 27th, 2023 | 🕒

Text to Voice During a recent red team engagement, we found that the target organization used a well-known identity access

Featured

Email as a Password Manager

February 15th, 2023 | 🕒

Convert Text to Speech UPDATE: Email-only auth from 2012. Some great links on the same idea. It’s absolutely no news

Featured

Hacking Pusher with simple crypto vulnerability

February 14th, 2023 | 🕒

iSpeech.org Specially crafted “socket_id” parameter could get us a valid auth for any private Pusher channel of your application and

Featured

Hacking Starbucks for unlimited coffee

February 14th, 2023 | 🕒

iSpeech This is a story about how I found a way to generate unlimited amount of money on Starbucks gift

Featured

Mongo BSON Injection: Ruby Regexps Strike Again

February 14th, 2023 | 🕒

iSpeech TL;DR There’s a subtle bug in BSON-ruby implementation, leading in best case scenario to low-severity DoS, but most likely

Featured

Really Curious XSS in Rails

February 13th, 2023 | 🕒

iSpeech.org I’ve seen this code quite a few times in app/views: $.get(location.pathname+'?something'). It reads current pathname and requests it with

Featured

Why You Don’t Need 2 Factor Authentication

February 13th, 2023 | 🕒

iSpeech.org TL;DR because 2FA == password manager. 2FA, as many other things in infosec, is full of myths and stereotypes.

Featured

Let’s make Offline Web Applications secure!

February 12th, 2023 | 🕒

iSpeech The Goal We want more offline web applications. A ToDo app, a Bitcoin wallet, a password manager - Javascript

Featured

Using Appcache and ServiceWorker for Evil

February 12th, 2023 | 🕒

https://www.ispeech.org/text.to.speech You’re a bad guy and you just hacked a website. Normally you leak the database and leave. The owner

Featured

PrepCAPTCHA, for bots and pentesters

February 12th, 2023 | 🕒

Text to Speech Demo The iframe bug in No CAPTCHA was fixed long time ago, and now reCAPTCHA 2.0 is

Featured

Building Botnet on ServiceWorkers

February 11th, 2023 | 🕒

iSpeech.org TL;DR In this post I will demonstrate one of the numerous ways how ServiceWorkers let us execute Javascript code

Browsing the "oauth" Tag

Featured

Microsoft Warns of Hackers Exploiting OAuth for Cryptocurrency Mining and Phishing

Featured

How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes

Featured

Taking over booking.com accounts by abusing OAuth 2.0

Featured

Microsoft 365 OAuth Device Code Flow and Phishing

Featured

Email as a Password Manager

Featured

Hacking Pusher with simple crypto vulnerability

Featured

Hacking Starbucks for unlimited coffee

Featured

Mongo BSON Injection: Ruby Regexps Strike Again

Featured

Really Curious XSS in Rails

Featured

Why You Don’t Need 2 Factor Authentication

Featured

Let’s make Offline Web Applications secure!

Featured

Using Appcache and ServiceWorker for Evil

Featured

PrepCAPTCHA, for bots and pentesters

Featured

Building Botnet on ServiceWorkers

🌟 Your Account

🔔 Email Subscriptions

Get new posts by email

Donate Via Wallets

Popular

Gloss

☕️Social Media

👥Members

🌍 Forum Groups