all InfoSec news
ROPC - So, you think you have MFA?
Oct. 20, 2022, 3 p.m. |
Embrace The Red embracethered.com
The key take-away: Always enforce MFA! Sounds easy, but there are often misconfigurations and unexpected exceptions. So, test your own AAD tenant for ROPC based MFA bypass opportunities.
Github: https://github.com/wunderwuzzi23/ropci
What is ROPC? Resource Owner Password Credentials (ROPC) is an OAuth2 authorization grant type (“flow”) defined in RFC 6749.
More from embracethered.com / Embrace The Red
ChatGPT: Lack of Isolation between Code Interpreter sessions of GPTs
1 month, 2 weeks ago |
embracethered.com
Video: ASCII Smuggling and Hidden Prompt Instructions
1 month, 2 weeks ago |
embracethered.com
Hidden Prompt Injections with Anthropic Claude
1 month, 3 weeks ago |
embracethered.com
AWS Fixes Data Exfiltration Attack Angle in Amazon Q for Business
2 months, 1 week ago |
embracethered.com
Jobs in InfoSec / Cybersecurity
Information Technology Specialist II: Network Architect
@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA
Cybersecurity Skills Challenge -- Sponsored by DoD
@ Correlation One | United States
Security Operations Center (SOC) Analyst
@ GK Cybersecurity Group | Remote
Cyber Threat Defense - PAM Manager
@ PwC | Amsterdam - Thomas R. Malthusstraat 5
InfoSec Specialist
@ Deutsche Bank | Bucharest
DevSecOps Engineer
@ Swiss Re | Bengaluru, KA, IN