FRSCA stitches together several CNCF/Sigstore ecosystem tools: Component Role Tekton Pipeline execution engine Tekton Chains Captures build metadata and signs it Sigstore (cosign/Rekor) Keyless signing and transparency logging SPIRE/SPIFFE Workload identity for build environments How Sigstore is Used by FRSCA Sigstore is the cryptographic backbone of FRSCA, providing keyless signing and transparency logging. It eliminates the need for… Read More »
UMA (User-Managed Access) 2.0 is an OAuth 2.0-based protocol that enables resource owners to control access to their protected resources. Unlike standard OAuth 2.0 where the resource owner and requesting party are typically the same, UMA introduces the ability to distinguish between:
Keycloak provides comprehensive LDAP (Lightweight Directory Access Protocol) integration through its User Federation system. This allows organizations to authenticate users against existing LDAP directories (such as Active Directory, OpenLDAP, or other LDAP-compliant servers) while leveraging Keycloak’s advanced identity management features.
This document describes what a Realm is in Keycloak, its architecture, configuration options, and how it serves as the foundation for multi-tenancy.
When you log into an application protected by Keycloak, it doesn’t just verify your credentials and forget about you—it creates a network of session objects that track who you are, which applications you’ve accessed, and how long you’ve been active. Understanding these sessions is important for anyone building secure applications or troubleshooting authentication issues.
In this post I’ll show you whether a function-local static inside an inline header yields a single program-wide instance, explain how C++ and C differ, and include a small multi-file demo for GCC/Clang/MSVC.
Motivation The purpose of this document is to provide a clear, step-by-step guide for setting up and configuring a Windows development environment specifically tailored for kernel and driver development. Novice developers often face compatibility and configuration issues that make it difficult to get started. This documentation explains practical steps and provides recommendations for configuring a VM with Windows… Read More »
Intro Some time ago, I was in the role of a consultant on how to enable Device Guard in an enterprise in a step-by-step manner. That was the Windows 10 OS, and enabling Credential Guard is another layer of protection against various types of attacks that aim to steal your credentials, such as NTLM hashes, typically with tools… Read More »
One of the popular techniques is based on the usage of a pair of functions: KeStackAttachProcess attaches the current thread to the address space of the target process. This function is used by both Antiviruses and Rootkits. Also, I found some of my old screenshots of disassembled ProcessXP that also uses this approach The final snippet code could… Read More »
OpenFGA and Keycloak configuration Some time ago, we integrated OpenFGA with Keycloak for our AuthN/AuthZ implementation. OpenFGA can interpret the token’s “aud” claim when making authentication/authorization decisions. The “aud” claim specifies the intended recipient(s) of the token: The “aud” (audience) claim identifies the recipients that the JWT is intended for. Each principal intended to process the JWT must… Read More »