Looking for Okta Logos?

You can find all the media assets you need as part of our press room.

Download Media Assets

Josh Pitts

Staff Engineer, Research and Exploitation

Josh Pitts is a staff engineer at Okta on the research and exploitation team, with over 15 years' experience conducting physical and IT security assessments, IT security operations support, penetration testing, malware analysis, reverse engineering and forensics. He likes to write code that patches code with other code via The Backdoor Factory. Sometimes this leads to the discovery of funny bugs and to Russians patching stuff over the Internet.

Follow Josh Pitts

I can be Apple, and so can you

A Public Disclosure of Issues Around Third Party Code Signing Checks

Summary:

A bypass found in third party developers’ interpretation of code signing API allowed for unsigned malicious code to appear to be signed by Apple. Known affected vendors and open source projects have been notified...

Hey Chef, What's the Length of your Encrypted Password?

TL;DR

This post takes a quick look at Chef Data-Bags and SaltStack Pillar (GPG.Renderer) and identifies methods to determine if encrypted information leaks details about the plaintext, such as password length, that could aid an attacker.

Introduction

Does your organization, or one you are testing/auditing, use Chef Data...

A Peek at 0patch

TL;DR There has been some recent buzz around hot-patching with 0patch and the longevity it could add to end-of-life, unsupported software via crowd sourced community patches. This post provides a primer on hot patching and explores some of the vulnerabilities and attacker usages of 0patch. Overall, while...