Mastodawn

First day of @SANSInstitute Network Security in Vegas. One of the new features we recently announced for #SEC588 is an included OnDemand bundle, providing every student with 4 months of Lab Access automatically.

Moses Renegade Mar 22, 2025

If you have ever taken #SEC588, I have always said that SAML needs to go away. Here is a nasty bug in a library where you can bypass it altogether mostly: https://workos.com/blog/samlstorm

Just send a signed request, and you will be good to go.

SAMLStorm: Critical Authentication Bypass in xml-crypto and Node.js libraries — WorkOS

Any service using xml-crypto or a Node.js SAML implementation using it, should update immediately to the latest version. WorkOS customers are safe and were not impacted.

Rishi

Dec 16, 2022

Phew! It’s a long day and after a streak of 8 hours study, 2 practice tests, multiple ways to consume sugar & keep the ADHD brain rewarded; I can proudly say I have passed the SANS SEC588 GIAC Cloud Pentest (GCPN) exam.

It was not an easy feat as I procrastinated most of last few 2 months (not ideal) and then this week - gave it all. Finished the labs, read the books, listened keenly to Moses Frost & then in 120 mins of pure focus - smashed it!

Great material, so much to learn and explore. Good content and frankly a lot of jargons, terms and IAM of AWS & AZURE + containers just all buzzing in my head.

Tags: #GCPN #SEC588 #cloudpentest #pentest #aws #azure #infosec #cloudnative #cloudcomputing #exam #adhd #exhausted #SANS
%toot_33%