Security Research Lead @RedHuntLabs
❤️ Product Security & philosophy. Working on @BurpSuiteGuide. Maintainer- @HackwithGithub
Opinions are from my intellect.
Oct 22, 2021 • 16 tweets • 5 min read
Okay folks, let's talk about bypassing #SSLPinning in #Android applications.
It's going to be a bit long Twitter 🧵
First, let's talk about SSL Pinning.
It's "pinning" some content of your website's public SSL certificate to your Android app.
It can be hash from your leaf cert, intermediate CA or even root CA.
Oct 5, 2020 • 7 tweets • 2 min read
Wow ! @Cloudflare introduces API Shield to protect your APIs
By adding mTLS for the API endpoints and enforcing schema validation in JSON / gRPC payloads in API POST requests
Will it really secure / help secure APIs ?
[thread] 1/n
Reading the article, Cloudflare claims to "secure" your APIs with the help of mTLS.
To simply put, mTLS is when both entities (server and client) validate each other's SSL cert and make sure its signed by common trusted Root / Intermediate CA.
2/n
Apr 17, 2020 • 15 tweets • 4 min read
How we monitor secrets committed in our self hosted @gitlab instance in real time ?
(Twitter thread which summarises multiple experiments)