Ståle Pettersen's Avatar

Ståle Pettersen

@kozmic.bsky.social

Application Security and Cloud Security

110 Followers  |  257 Following  |  26 Posts  |  Joined: 21.08.2023  |  1.9166

Latest posts by kozmic.bsky.social on Bluesky


Preview
Weathering the storm: In the midst of a Typhoon Cisco Talos has been closely monitoring reports of widespread intrusion activity against several major U.S. telecommunications companies, by a threat actor dubbed Salt Typhoon. This blog highlights ou...

Very interesting write-up
blog.talosintelligence.com/salt-typhoon...

21.02.2025 07:47 — 👍 1    🔁 0    💬 0    📌 0

👊I really like research and write-ups like these, keep'em coming :)

22.01.2025 19:05 — 👍 1    🔁 0    💬 0    📌 0

In most scenarios though, the impact is minimal... But edge cases, like Okta's case, it can have servere impact. It should be opt-in for an API to behave like that in my opinion:)
2/2

22.01.2025 18:03 — 👍 0    🔁 0    💬 1    📌 0

Great research and write-up! I 100% agree with you, it's a bad API design to fail silently. I know that PHP also fails silently. I've identified this issue in PHP solutions in the past :)
1/2

22.01.2025 18:03 — 👍 1    🔁 0    💬 1    📌 0
Preview
WorstFit: Unveiling Hidden Transformers in Windows ANSI! 📌 This is a cross-post from DEVCORE. The research was first published at Black Hat Europe 2024. Personally, I would like to thank splitline, the co-author of this research & article, whose help

OMG, Orange Tsai released his latest new research 🤯 💣

blog.orange.tw/posts/2025-0...

10.01.2025 06:04 — 👍 34    🔁 20    💬 3    📌 2
Preview
Backdooring Your Backdoors - Another $20 Domain, More Governments After the excitement of our .MOBI research, we were left twiddling our thumbs. As you may recall, in 2024, we demonstrated the impact of an unregistered domain when we subverted the TLS/SSL CA process...

Old school or call it a classic: Hackers hacking hackers... labs.watchtowr.com/more-governm...

09.01.2025 05:40 — 👍 1    🔁 1    💬 0    📌 0
Preview
FCC Launches 'Cyber Trust Mark' for IoT Devices to Certify Security Compliance The U.S. Cyber Trust Mark enhances IoT security with NIST standards, QR codes, and accredited testing.

I'm hoping this becomes a success! It is really needed, as consumers have no information about the security of the IoT products they buy today. thehackernews.com/2025/01/fcc-...

08.01.2025 12:44 — 👍 0    🔁 0    💬 0    📌 0

Maybe... But I've seen this statement many times. Sadly a lot of "security ppl" are confused regarding cookies vs localStorage.

07.01.2025 21:23 — 👍 1    🔁 0    💬 0    📌 0

I disagree with "7. Token Handling Negligence". Storing JWT in localStorage is not an anti-pattern and is often a good pattern

07.01.2025 18:04 — 👍 0    🔁 0    💬 1    📌 0
Preview
Security Anti-Patterns in the AI Era Systemic mistakes masquerading as “practical solutions"

New Challenges, New Anti-Patterns

"I can tell you that AI is introducing some of the most fascinating – and terrifying – security challenges. Below are a few emerging anti-patterns you need to know about"

srajangupta.substack.com/p/security-a...

07.01.2025 17:59 — 👍 1    🔁 0    💬 1    📌 0
Preview
WorstFit!

Very impressive research (as always from @orange.tw ) ! worst.fit

11.12.2024 18:58 — 👍 1    🔁 0    💬 0    📌 0
Post image Post image Post image

My latest blog post is live! Check your Ruby on Rails applications for the use of params[:_json]

nastystereo.com/security/rai...

10.12.2024 08:30 — 👍 34    🔁 14    💬 1    📌 2

saif.google/secure-ai-fr...

06.12.2024 19:04 — 👍 1    🔁 0    💬 0    📌 0
Preview
MGDA-NEW_FEATURES-2024-12-03-23-22-55.json GitHub Gist: instantly share code, notes, and snippets.

New Feature on AWS GuardDuty Findings: Now available: Amazon GuardDuty Extended Threat Detection automatically detects multi-stage attacks sequences. An attack sequence is a critical severity (via @zoph.me )

gist.github.com/z0ph/960e35f...

04.12.2024 06:24 — 👍 1    🔁 0    💬 0    📌 0
Preview
INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million Global police arrest 5,500 suspects, seize $400M, dismantle $1.1B phishing syndicate in INTERPOL-led HAECHI-V.

Pretty big operation!
thehackernews.com/2024/12/inte...

02.12.2024 16:47 — 👍 0    🔁 0    💬 0    📌 0
x.com

Are we allowed to link to X? I feel a bit ashamed to do it… but it’s such a good thread!

"Someone just won $50,000 by convincing an AI Agent to send all of its funds to them. "

x.com/jarrodwattsd...

02.12.2024 13:42 — 👍 1    🔁 0    💬 0    📌 0

A Security Threat Model for eBPF
Security information and guidance to large enterprises using or looking to adopt eBPF-based tools (PDF) github.com/ebpffoundati...

02.12.2024 11:50 — 👍 3    🔁 0    💬 0    📌 0
Preview
How to use AWS Resource Control Policies | Wiz Blog Unlock the Power of AWS Resource Control Policies: Enforce Security and Streamline Governance Across Your Organization.

www.wiz.io/blog/how-to-...

28.11.2024 14:54 — 👍 0    🔁 0    💬 0    📌 0
Preview
GitHub - xairy/lights-out: Tools for controlling webcam LED on ThinkPad X230 Tools for controlling webcam LED on ThinkPad X230. Contribute to xairy/lights-out development by creating an account on GitHub.

Malware can turn off webcam LED and record video, demonstrated on ThinkPad X230 github.com/xairy/lights...

28.11.2024 06:12 — 👍 1    🔁 1    💬 0    📌 0
Cross-Site POST Requests Without a Content-Type Header / nastystereo.com

Nice bypass of CSRF protections that rely on the Content-Type request header being present and then checking the value. "Blob" to the rescue! nastystereo.com/security/cro...

28.11.2024 05:13 — 👍 2    🔁 0    💬 0    📌 0
Remote Code Execution with Spring Properties Recently a past student came to me with a very interesting unauthenticated vulnerability in a Spring application that they were having a hard time exploiting...

I just wrote a new blog post! This is how I (ab)used a jailed file write bug in Tomcat/Spring. Enjoy!

Remote Code Execution with Spring Properties :: srcincite.io/blog/2024/11...

26.11.2024 23:57 — 👍 76    🔁 36    💬 1    📌 2
Preview
Suicide Bot: New AI Attack Causes LLM to Provide Potential “Self-Harm” Instructions Knostic unveils a new class of AI attacks, LLM Flowbreaking, which disrupts AI/ML system architecture & guardrails: Second Thoughts and Stop and Roll.

www.knostic.ai/blog/introdu...

27.11.2024 05:22 — 👍 10    🔁 1    💬 0    📌 2

🤣

27.11.2024 05:21 — 👍 1    🔁 0    💬 0    📌 0

Very cool! Check it out :)

26.11.2024 05:24 — 👍 1    🔁 0    💬 0    📌 0
Preview
Breaking Down Multipart Parsers: File upload validation bypass TL;DR: Basically, all multipart/form-data parsers fail to fully comply with the RFC, and when it comes to validating filenames or content uploaded by users, there are always numerous ways to bypass va...

Great writeup about how parsers handle file uploads in different ways. Great list of bypasses :) blog.sicuranext.com/breaking-dow...

19.11.2024 09:28 — 👍 0    🔁 0    💬 0    📌 0
Preview
What Are My OPTIONS? CyberPanel v2.3.6 pre-auth RCE Few months ago I was assigned to do a pentest on a target running CyberPanel. It seemed to be installed by default by some VPS providers & it was also sponsored by Freshworks.

Nice research, including the final punch (exploit) dreyand.rs/code/review/...

18.11.2024 06:27 — 👍 0    🔁 0    💬 0    📌 0
Preview
GitHub - NVIDIA/garak: the LLM vulnerability scanner the LLM vulnerability scanner. Contribute to NVIDIA/garak development by creating an account on GitHub.

I put a LLM to attack your LLM, what can possibly go wrong? :) Seems like a nice til actually. github.com/NVIDIA/garak

18.11.2024 06:25 — 👍 0    🔁 0    💬 0    📌 0
Preview
Reverse Engineering iOS 18 Inactivity Reboot Wireless and firmware hacking, PhD life, Technology

Interesting write-up of the new forced reboot of inactive iPhones that Apple recently added: naehrdine.blogspot.com/2024/11/reve...

18.11.2024 06:23 — 👍 1    🔁 0    💬 0    📌 0

So many new bluebird alternatives... Got the be on all of them, in case one of them actually managed to take over :)

21.08.2023 12:59 — 👍 4    🔁 0    💬 0    📌 0

@kozmic is following 20 prominent accounts