kunte_
@kunte0.bsky.social
CTF Player with FluxFingers | Ph.D. Student
Reposted by kunte_
We found a new vulnerability in TLS. It's a variant of the ALPACA attack that bypasses current countermeasures. Relativly low impact - but great insight! Check it out: opossum-attack.com
July 8, 2025 at 12:26 PM
We found a new vulnerability in TLS. It's a variant of the ALPACA attack that bypasses current countermeasures. Relativly low impact - but great insight! Check it out: opossum-attack.com
Reposted by kunte_
Ever wondered what the Alt-Svc header is used for? Well, it can make you a MitM if you control it!
I can finally publish the writeup to my GymTok challenge: control the header, become MitM, and perform a cross-protocol attack!
blog.pspaul.de/posts/gymtok...
I can finally publish the writeup to my GymTok challenge: control the header, become MitM, and perform a cross-protocol attack!
blog.pspaul.de/posts/gymtok...
GymTok: Breaking TLS Using the Alt-Svc Header
Ever wondered what the Alt-Svc response header is used for? Turns out it can be used to become a Man-in-the-Middle and attack TLS!
blog.pspaul.de
February 19, 2025 at 4:10 PM
Ever wondered what the Alt-Svc header is used for? Well, it can make you a MitM if you control it!
I can finally publish the writeup to my GymTok challenge: control the header, become MitM, and perform a cross-protocol attack!
blog.pspaul.de/posts/gymtok...
I can finally publish the writeup to my GymTok challenge: control the header, become MitM, and perform a cross-protocol attack!
blog.pspaul.de/posts/gymtok...
Reposted by kunte_
Modern solutions against cross-site attacks (frederikbraun.de/modern-solut...): An article about cross-site leak attacks and browser-based defenses. You will also learn why web security best practices is always opt-in and finally how YOU can get increased security controls.
Modern solutions against cross-site attacks
Modern solutions against cross-site attacks
frederikbraun.de
November 27, 2024 at 7:50 AM
Modern solutions against cross-site attacks (frederikbraun.de/modern-solut...): An article about cross-site leak attacks and browser-based defenses. You will also learn why web security best practices is always opt-in and finally how YOU can get increased security controls.