Okta

Looking for Okta Logos?

You can find all the media assets you need as part of our press room.

Download Media Assets

Hey Chef, What's the Length of your Encrypted Password?

Read More

Down the SAML Code

Read More

Fido: Teaching Old Shellcode New Tricks

Read More

Compliance

Privacy

Research

Management

Meet the SGT, an osquery Management Server Built Entirely on AWS!

Simple Go TLS, or SGT as we’re calling it, is an osquery endpoint management server written in Go and backed by AWS services, designed to take advantage of the native scaling, performance, and reliability of the AWS cloud environment.

At Okta, osquery has become a powerful part...

Hey Chef, What's the Length of your Encrypted Password?

TL;DR

This post takes a quick look at Chef Data-Bags and SaltStack Pillar (GPG.Renderer) and identifies methods to determine if encrypted information leaks details about the plaintext, such as password length, that could aid an attacker.

Introduction

Does your organization, or one you are testing/auditing, use Chef Data...

Down the SAML Code

Working for an identity company like Okta forces you to constantly be aware of new, old and obscure authentication methods — and also encourages you to dive deep into the underlying protocol to discover whether engineers have correctly implemented the technology. Okta’s Research & Exploitation Team does exactly that, by...

By Matias Brutti in Research

A Peek at 0patch

TL;DR There has been some recent buzz around hot-patching with 0patch and the longevity it could add to end-of-life, unsupported software via crowd sourced community patches. This post provides a primer on hot patching and explores some of the vulnerabilities and attacker usages of 0patch. Overall, while...