ADB and JWT, a quiet but interesting week!
🚙 Technical Advisory: Tesla Telematics Control Unit - ADB Auth Bypass
Learn how to bypass a lockdown adb shell when adb runs as root and only adb pull, push and forward are available: https://www.nccgroup.com/research-blog/technical-advisory-tesla-telematics-control-unit-adb-auth-bypass/
🔓 One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
One JWT. One token. Global Admin in every Entra ID tenant. A surprising read: https://dirkjanm.io/obtaining-global-admin-in-every-enra-id-tenant-with-actor-tokens/
Written by PentesterLab
The platform to learn web hacking and security code review
Related Blog Post