Web Authentication, or WebAuthn is a standard for strong user authentication and is a core part of the FIDO2 specification. I’m not going to go into too much technical detail about the spec in this blog because there already exists a plethora of awesome documents and demonstrations which explain WebAuthn better than I ever could; I’ll include those in the Additional Reading section below.
Author: Mikail
Categories
Where is your responsible disclosure page?
I want to start by saying that this article is not only for security professionals. If you have the power to influence positive change at your organisation then this article is for you. With that said, let’s begin…
Take a minute to visit your corporate website and look for a “security” or “responsible disclosure” page or link. Go on, do it now and continue reading after you’ve had a look.
…
Don’t see one? Maybe you have one but it’s obscured and requires a little bit of clicking and button pressing. If so, keep reading…
Categories
Running a Successful Bug Bounty Program
I wrote this blog to help organisations better prepare for and run successful bug bounty programs. The blog touches on my personal experiences as a program owner of both good and badly run programs as well as being on the other side of the fence as a bug bounty hunter.
This blog ended up being a lot longer than I thought it would be. I hope it’s a worth-while read especially to those of you who are considering running or already run a bug bounty program. At the very worst it might help you get to sleep at night 🙂
Today I am open-sourcing SlackPirate; a tool I developed over the last couple weeks, designed to enumerate and extract sensitive/interesting/confidential data from a Slack Workspace.
Red teamers can use this during an assessment to extract sensitive information which can significantly contribute to the discovery/recon/enumeration phase of the assessment by analysing data such as credentials, internal system documentation and scripts, links to internal build systems, etc.
In this brief blog post I will discuss what I believe to be good practices to follow during the set-up and day-to-day usage of a Cryptocurrency hardware wallet; specifically the Ledger Nano SÂ because it’s the one I use. This advice should still be useful for other hardware wallets as they’re all quite similar.