Modern Web Architecture and Security This was a new term for me as I started putting together my most recent study guide. SPA, which stands for Single-Page Application. While it sounds like a simple website, an SPA represents a fundamental shift in how web applications function, bringing unique challenges to the world of information security. Read More …
Tag: identity
OIDC – OpenID Connect
Adding Identity to the Authorization Layer In the journey through information security, you will frequently encounter OAuth 2.0. While OAuth is excellent at authorization, it was never actually designed for authentication. To solve this, OIDC, or OpenID Connect, was created. Think of it this way: OAuth 2.0 is the key to a hotel room, while OIDC Read More …
PKCE – Proof Key for Code Exchange
Securing OAuth 2.0 for the Modern Web In the world of Information Security, acronyms often act as gatekeepers to critical concepts. One of the most vital for modern identity management is PKCE (pronounced “pixie”), which stands for Proof Key for Code Exchange. If you are new to the field, you likely know that OAuth 2.0 Read More …
SIM – Subscriber Identity Module
The silver-haired man stood before a group of six wide-eyed interns. Elric didn’t give many lectures these days, but he enjoyed the look on their faces when he dismantled their assumptions about the “simple” tech in their pockets. He held up a tiny, clear specimen jar. Inside was a gold-contact chip, stripped of its plastic carrier. Read More …
lsassy: An Offensive Security Tool
lsassy is an open-source tool developed by Login-Sécurité, designed specifically for offensive security practices. Available on GitHub, lsassy expertly facilitates the extraction of credential data from the memory of the Local Security Authority Subsystem Service (LSASS) process in Windows environments. Key Features Primarily, lsassy is adept at dumping credentials stored within LSASS, which is a Read More …
Beginner’s Guide to the Active Directory Tier Model
The Lateral Movement Highway If you read one of the latest States of Cybercrime report by Microsoft, one finding stands out above the rest: the leading factor in ransomware incidents is “insufficient privilege access and lateral movement controls.” Just so we are all on page 12 with each other, I am saying that Lateral Movement Read More …
The Necessary Security Model Refactor
The “Cloud First” reality necessitates shifting your mindset from the physical boundaries of ENIAD (Endpoint, Network, Identity, Applications, Data) to the logical boundaries defined by the Cloud Shared Responsibility Model. The things you protect are not just “Data,” but the entire environment that processes, stores, and governs that data. 1. Identity (The Gate) This remains the Read More …
IdP – Identity Provider
In the world of technology, acronyms are everywhere, and they can often feel overwhelming, especially for those who aren’t in the IT field. One such acronym you may come across is IdP, which stands for Identity Provider. Understanding what an IdP is and how it works can help demystify some of the technology you interact Read More …
SSO – Single Sign-On
SSO: Single Sign-On Made Simple In our increasingly digital world, managing multiple online accounts can be a hassle. From social media to banking, each service often requires its own username and password, leading to password fatigue and security risks. This is where Single Sign-On (SSO) comes into play, a technology that simplifies the login process Read More …
SAML – Security Assertion Markup Language
In today’s digital landscape, where online security is paramount, understanding the tools that help protect our identities is essential. One such tool is SAML, which stands for Security Assertion Markup Language. While the acronym may sound complex, SAML plays a crucial role in enhancing identity security, especially in environments where multiple applications and services are Read More …