Erlend Oftedal

@[email protected]
441 Followers
129 Following
28 Posts
Erlend OftedalSep 4, 2023
Patricia AasSep 4, 2023
✨Tickets for AdaCon✨ the FREE Oslo tech conference ( @adacon) are now available! The conference is for everyone regardless of background or identity 🙌
https://adacon.no/#tickets
AdaCon Norway 2024 in Oslo · A yearly tech-conference in Oslo, Norway

AdaCon Norway is a yearly tech-conference that aims promote and empower underrepresented people in tech from Norway by showcasing a full lineup of speakers from all backgrounds.

Erlend OftedalAug 1, 2023
aldroidiaJul 22, 2023
i have found the patron saint of remote code execution
Erlend OftedalJul 12, 2023
Listening to the latest Risky Business podcast episode makes me wonder if Microsoft has or should have something similar to Certificate Transparency logs, but for Windows drivers.
Could also include build provenance.
Erlend OftedalJun 16, 2023
Anders EknertJun 16, 2023

Friends in #Norway! 🇳🇴 And I'm lucky to have many of those by now. June 29 I will be talking #OpenPolicyAgent and all things related at the local #OWASP meetup. Come join me, @webtonull and a whole bunch of other smart and fun people for what I'm sure will be a great event. Not many spots left, so make sure to RSVP right away.

https://www.meetup.com/owasp-oslo/events/294176472/

June meetup, Thu, Jun 29, 2023, 5:00 PM | Meetup

**Blank** is the sponsor of this meetup! Thank you! **Agenda:** * 17:00-17:30 : Food * 17:30-17:50 : How to get pwned by npm packages and weak settings in GitHub Actions

Meetup
Erlend OftedalJan 27, 2023
The good news is that we managed to get CVE-2022-23529 revoked. The bad news is we won’t get back the time devs and sec engineers around the world spent triaging and fixing this. Lets do better goin forward. CVEs should have a meaningful attack path.
Erlend OftedalJan 12, 2023
Møt ChatGPT's litt mindre intelligente onkel: ChatEDB
https://erlend.oftedal.no/chat-edb/
ChatEDB

Erlend OftedalJan 11, 2023

I'm struggling to understand that this is an actual vulnerability:

https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/

The secret has to be an object with an attacker provided .toString() method. Which means you in many ways already have RCE?

Security Issue in JWT Secret Poisoning (Updated)

We discovered a new high-severity vulnerability (CVE-2022-23529) in the popular JsonWebToken open source project.

Unit 42
Show threadErlend OftedalDec 31, 2022
Props to @yossarian for the post
Erlend OftedalDec 29, 2022
Good post about ReDOS and why some bug classes add more noise than signal: https://blog.yossarian.net/2022/12/28/ReDoS-vulnerabilities-and-misaligned-incentives (via @kozmic). Fits well with Mark Curpheys recent blog posts at https://blog.crashoverride.com/
ReDoS "vulnerabilities" and misaligned incentives

Erlend OftedalDec 21, 2022
For those wondering what happened to my attempt at solving #AdventOfCode with #ChatGPT, I had to give it up, as I kept getting so many timeout, network errors etc. from ChatGPT.