Tal Be'ery Profile picture
Security Research Manager, #Web3 security Co-Founder & CTO @ZenGo Advisory board @ZeroNetworks Formerly, VP of Research @ Aorato, acquired by @Microsoft
Mar 14 7 tweets 3 min read
1/ A (over-?) simplified summary 🧵 of #Ethereum data signing methods evolution.
data signatures are used for off-chain use cases ("sign in to app") or verified by smart contracts (e.g. ERC20 permit to save gas)
#web3 Image 2/ Eth_sign (legacy): in the beginning, client could sign anything, which of course could allow attackers to serve valid on-chain transactions as data for the victims to sign
Jan 25, 2021 8 tweets 8 min read
1/ Solving the root cause of #GoldenSAML attacks, recently used in #Sunburst attacks.
Don't of scale security "UP", burying #SAML's private key deeper in HSM,
scale it "OUT": distribute it w/ modern crypto (#TSS #MPC)+ service architecture, as we do for #cryptocurrency @ZenGo 2/ Advanced attackers (#APT) steal long term secrets ("the stamp") that allow them to issue access tokens and thus access all services in victims' environment, bypassing all security, including multi-factor auth (#MFA,#2FA)
Jan 23, 2021 4 tweets 4 min read
Abusing #ADFS for #GoldenSAML attack, heavily used by #Sunburst attackers.
To get context, see the fabulous '19 talk @WEareTROOPERS by @doughsec @BakedSec of @Mandiant @FireEye (the irony..)
Slides: slideshare.net/DouglasBiensto…
Nov 5, 2020 5 tweets 2 min read
1/ IT politics is part of the "physics" of the security problem, much like friction, noise and air resistance in the physical world.
An often overlooked aspect of security solutions is that they empower CISOs to mitigate issues without asking others for help 2/ Per the "Kerberoasting" example mentioned by @jaredhaight, the naive solution would be to just ask service account owners to upgrade password strength.
However, the CISO may have a security solution that monitors Kerberos requests to the DC and blocks massive harvesting
Feb 3, 2020 6 tweets 3 min read
1/ I just published Hitting a CurveBall Like a Pro!
Using #wireshark to detect and hunt #curveball exploits by following the NSA advisory
link.medium.com/JarIb0qQM3 2/ detecting non-standard elliptic curve params
Nov 26, 2019 5 tweets 3 min read
1/ Adding details from #NSO Group request for injunction against #Facebook
#NSOgroup 2/ The gist of it: Facebook breached their TOS as it allows blocking only in cases the blocked user actually violated the TOS and requires informing the blocked user