Alexandre S.
@MrSheepSheep
Followers
107
Following
637
Media
42
Statuses
623
Je preshot avant la catastrophe : je n'étais pas maître des mes actions, ni du contenu diffusé dans le reportage 🫠 Il ne représente pas la réalité de notre métier, mais bon, faut que les aînés puissent comprendre...
0
0
1
Next-level Redteaming
If someone catches you sneaking in 007 First Light, the main character will come up with an excuse which is actually genius instead of getting a mission failed screen or raising alarm.
0
0
1
Hello, small error on the date the meetup will be held on May 19. Program: 🎙️ "Your cloud identity providers are phishing platforms" - by @MrSheepSheep 🎙️ "Understanding EDRs to better bypass them" - by CursedFRA 📍 Oculto, 27 R. Quincampoix, 75004 🕖 19:00 See you there !
0
3
2
Here's the talk for the next meetup! 🎙️ "Your cloud identity providers are phishing platforms" - by @MrSheepSheep 📅 19/04 📍 Oculto, 27 R. Quincampoix, 75004 🕖 19:00 Registration on our website
1
1
5
If you're interested in YARA and Sigma rules linked to this research, check them out on our dedicated repository:
In recent incident responses with an Ivanti CSA compromise as the root cause, Synacktiv's CSIRT came across open-source tools used for post-exploitation. Our ninja @Cybiosity explores their functionalities and discusses detection capabilities. https://t.co/x7us3TGRGN
0
2
1
I briefly documented the technique for anyone interested. It applies to pretty much all cloud identity providers. https://t.co/y7ZmETjsbU I'm essentially extending @_xpn_ incredible work, focusing on the phishing part :)
github.com
Abusing identity providers to do the phishing for us - mrsheepsheep/idp-passthrough-phishing
0
0
1
Actually, a similar attack vector (OktaJacking) was found by PushSecurity : https://t.co/IOGZbmWeWj But it required knowing usernames beforehand. Using an LDAP agent, that's not required.
pushsecurity.com
In this article, we'll show you how to use Okta to do keylogging for you, without needing to have your own malicious domain hosting your malicious SAML server.
1
0
1
As defenders, hunt for proxy logs at Okta tenants that aren't yours. This will bypass domain reputation checks and URL filtering. More to come.
1
0
0
Not only they can warn the user but they can also fully fix the problem without breaking existing functionality. But they won't do it ���️
1
0
0
Organization typosquatting is possible. It's impossible to know that your credentials will be sent to a third-party server. Okta does not consider this a problem and will not warn users that they might get phished. There's no report abuse button either.
1
0
0
Don't log in to unknown Okta tenants. Double-check organization URLs before logging in. It is possible to abuse Okta to harvest cleartext credentials sent through the login form.
1
0
4
I managed to run #Balatro natively on the web ! Before anyone asks, NO, this will never go public for obvious reasons :) but it was fun to make !
0
2
3
CVE-2022-24961 In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days.
0
1
2
Hey @discord, can you do something about bots permissions ? Lazy devs ask for admin rights and most server owners don't care. What about a red warning when a bot asks for Admin, and a way to change permissions on the invite window ? Huge privacy risk.
0
0
1
what is going on😳
Some pretty vibrant moments here with one of my favorite song from @sanholobeats in @BeatSaber A San Holo music pack would be nice tho 👀✨
8
25
290
Cloudflare is having an outage. So are we now for some of you. 😢😭😢
17
105
301