metlstorm

@[email protected]
2.8K Followers
171 Following
209 Posts
Unix Berzerker, Pundit on Risky Business, and retired hacker con organiser (Kiwicon!). Would enjoy the cloud future more if AWS was just one big Solaris box, and we could hilari-shell it via SunRPC. 
Was @metlstorm on Twitter.
metlstormMar 26
Hacker MemesMar 26
metlstormFeb 26
ChangotecaFeb 25
Show threadmetlstormFeb 19

@jhaar @benno back in the insomniasec pentest times we used to call this type of thing "sPoNgE bOb-ing" after @benknight bypassed JWT auth with alg:nOnE cause they case-sensitive checked for == "none".

But this is how we build software. I guess these days at least we can blame it on LLMs, instead of some tired, overworked junior dev who was promised training and mentoring, but got crunch and burnout.

metlstormFeb 18

{"alg":"comedy", ...

https://insinuator.net/2026/02/jwt-authentication-bypass-in-openid-connect-authenticator-for-tomcat/

Vulnerability Disclosure: JWT Authentication Bypass in OpenID Connect Authenticator for Tomcat – Insinuator.net

Show threadmetlstormFeb 10

@CyReVolt ha ha I SAID DONT ASK

<_<
>_>

Show threadmetlstormFeb 10
@CyReVolt for reasons best not explored  , its actually an entirely new implementation of the bot driving it now, lol
Show threadmetlstormFeb 10

@CyReVolt @riskybiz Service restored! 🫡

https://infosec.exchange/@riskybiz/116044335351483471

Show threadmetlstormFeb 9
@CyReVolt @riskybiz Oh yeah so it has. Whoops! I'll go investigate (and set up some monitoring so i notice next time!) Thanks for pointing it out.
metlstormJan 26
John BullJan 26
As an older tech person, it's legit heartwarming watching the TikTok generation discover why we all hate Oracle.
metlstormJan 26
ChangotecaJan 22