So finally feel like I can talk about this. Santa as in github.com/google/santa now supports file access authorization. This means that we can authorize if a binary should be able to open a file/path and leverage code signing for targeting/filtering.

"These are important issues, but, our roadmap is full for at least six months". Classic rebuttal to a vulnerability. The discussion then shifts into a Tetris-like game trying to fit imaginary deadlines. I detail how to avoid this trap in my book amazon.com/dp/B0C4LC4FDW

🔖 So you think you can block Macros? Exploring the quirks of MS Office macro security * Abuse patterns * Bypasses for enterprise VBA macro settings * Legitimately signed Office docs * Securing an Office environment By Pieter Ceelen and Dima #blueteam outflank.nl/blog/2023/04/2…

Don't agree with the very early comment on the very early startup part. The rest however is excellent.

Holiday books have arrived, ready for some reading by the pool next week! (cc ⁦Sparc Flow⁩)

“Anyone can rant on a ticket. A precious few can create value. Strive to be the latter.” Brilliant book by Sparc Flow, reminds me of “The Phoenix Project”.

It's always funny to read CFPs claiming to solve Zero Trust architecture through...wait for it...network restrictions. Page 4 of the NIST paper:"Zero trust is the term [...] that move defenses from network-based perimeters to focus on users, assets, and resources"

While we're at it, Zero Trust architecture is not a good enough justification to remove that VPN or expose that app naked on the Internet... We want to stack those security layers, before potentially chopping some of them away, if the threat modelling makes sense

Lee Chagolla-Christensen , Max Harley , and I are very proud to announce that the alpha release of Nemesis is now public! The code is at github.com/SpecterOps/Nem… and we have a post explaining details at posts.specterops.io/hacking-with-y… 1/3

So let me get this right. When it comes to Cloud, companies have a choice between: a bad Console, unfixed 0-days, non-resilient DCs, and govt-owned DCs ? Oh my, what a tough choice!

A few thoughts about dealing with SaaS security in a scale-up sparcflow.substack.com/p/managing-saa…

mtls is overkill for 99% of use cases, Bearer toke auth works just as fine and is arguably better. Cert pinning in mobile apps does not make sense anymore in 2023…i mean i could go on…

Adding the X-Frame-Options = "DENY" won’t make a dent in your security landscape, but it sure as hell will spare you a ton of spam from wannabe bugbounty hunters.

How can any identity provider allow a session cookie A delivered to browser A and IP a.a.a.a, be used on browser B and IP b.b.b.b. I mean…come on.

Our Hacking Humble ebook Bundle Starts NOW! Pay what you want for up to 18 of our bestselling hacking and security titles—plus, your purchase benefits EFF and their fight against censorship. humblebundle.com/books/hacking-…

#BHUSA is right around the corner! Join Jared Atkinson and Adam Chester 🏴‍☠️ for our Tradecraft Analysis course, and learn how attack techniques work under the hood and how to make the best use of available telemetry. Register today ▶️ ghst.ly/bhusa-atta