Looking for Okta Logos?

You can find all the media assets you need as part of our press room.

Download Media Assets

Josh Pitts

Staff Engineer, Research and Exploitation

Josh Pitts is a staff engineer at Okta on our research and exploitation team. He has over 15 years' experience conducting physical and IT security assessments, IT security operations support, penetration testing, malware analysis, reverse engineering, and forensics. He likes to write code that patches code with other code via The Backdoor Factory. Sometimes this leads to the discovery of funny bugs and to Russians patching stuff over the Internet.

Follow Josh Pitts

I can be Apple, and so can you

A Public Disclosure of Issues Around Third Party Code Signing Checks

Summary:

A bypass found in third party developers’ interpretation of code signing API allowed for unsigned malicious code to appear to be signed by Apple. Known affected vendors and open source projects have been notified...

Hey Chef, What's the Length of your Encrypted Password?

TL;DR

This post takes a quick look at Chef Data-Bags and SaltStack Pillar (GPG.Renderer) and identifies methods to determine if encrypted information leaks details about the plaintext, such as password length, that could aid an attacker.

Introduction

Does your organization, or one you are testing/auditing, use Chef Data...

A Peek at 0patch

TL;DR There has been some recent buzz around hot-patching with 0patch and the longevity it could add to end-of-life, unsupported software via crowd sourced community patches. This post provides a primer on hot patching and explores some of the vulnerabilities and attacker usages of 0patch. Overall, while...

DIY Genetic Malware: EBOWLA

Back in 1998, the year that Mongolia went from a 46 hour to a 40 hour work week, another ground breaking event happened— the publishing of Environmental Key Generation towards Clueless Agents by Riordan and Schneier. This paper discussed using environmental factors on a host as...