In an OAuth2 authorization flow, if I understand correctly the request made to receive a token with PCKE is almost identical between that of a public client and that of a confidential client. The only real difference is that a confidential…
The demos I’ve seen for Passkey assume that any public user can register with a website. What about the situation where you want to set up a passkey for an admin user of a website? i.e. How does an admin create a new Passkey on their devic…
EvilnoVNC is a Ready to go Phishing Platform. Unlike other phishing techniques, EvilnoVNC allows 2FA bypassing by using a real browser over a noVNC connection. In addition, this tool allows us to see in real time all of the victim’s actions, access…
