cctbp
RSS FeedSecurity research focused on authentication and identity vulnerabilities in modern web applications. OAuth, OIDC, SAML, MFA bypass, session abuse — documented with reproducible attack scenarios and defender telemetry.
Social Links:
Featured
-
The Gap Nobody Talks About: From "OAuth Is Attackable" to "Here's the Proof"
A controlled lab environment for auth-flow attack chains has never existed in any usable form. This series is about closing that gap.
Recent Posts
-
The Local Lab Blueprint: Building an Isolated, Scriptable Interception Lab
A reproducible, containerized interception lab for auth-flow research — mitmproxy, Docker, and browser session containerization, built to be torn down and rebuilt in under five minutes.
-
OAuth Authorization Code Interception: The Flow, the Seam, and What Your Logs Actually Show
Authorization code interception end-to-end: what the attack looks like, where the seam is, and what it produces in logs. Reproducible against FlawedToken.