Okta

Our Enduring Identity

Read More

Part Three: Bug Bounty  Programs —  Is Your Organization Ready?

Read More

Unveiling our Oktane17 keynote speakers

Read More

Introducing our "Identities" Series

Read More

How to Communicate the Value of Identity Management Solutions to Key Stakeholders

Read More
#LifeAtOkta
Technology
Partners
Company + Product
Customers + Partners
Industry Insight

InfoSec

A Peek at 0patch

TL;DR There has been some recent buzz around hot-patching with 0patch and the longevity it could add to end-of-life, unsupported software via crowd sourced community patches. This post provides a primer on hot patching and explores some of the vulnerabilities and attacker usages of 0patch. Overall, while...

New Vectors, New Keys – Updated EBOWLA

Six months ago, Okta’s Infosec team built on the work of Riordan and Schneier to create an open source, environmentally-targeted keying solution, EBOWLA , for the security community to research, tear apart and learn from. Today, we’re pleased to share an update on the project we presented...

By Josh Pitts and Travis Morrow in InfoSec

Deploying JAMF Server Software: Just Check the Box

Overview

We came across a default setting in JAMF Software Server (JSS), which we believe can put companies leveraging the solution at risk. Organizations should make sure they have enabled a very simple configuration setting, e.g. checking a box. We alerted JAMF Software and it has been...

By Josh Pitts in InfoSec

The EMET Serendipity: EMET's (In)Effectiveness Against Non-Exploitation Uses

TL;DR

This post discusses a method of bypassing Microsoft’s Enhanced Mitigation Toolkit (EMET) protections post Address Space Layout Randomization/Data Execution Prevention (ASLR/DEP) protections. The closer your position independent execution shellcode is to working like compiled code, the harder it will be to stop with bolt-on...

By Josh Pitts in InfoSec

DIY Genetic Malware: EBOWLA

Back in 1998, the year that Mongolia went from a 46 hour to a 40 hour work week, another ground breaking event happened— the publishing of Environmental Key Generation towards Clueless Agents by Riordan and Schneier. This paper discussed using environmental factors on a host as...

By Josh Pitts and Travis Morrow in InfoSec