See the latest by Julian Catrambone
OneLogin, Many Issues: How I Pivoted from a Trial Tenant to Compromising Customer Signing Keys
TL;DR OneLogin was found to have security vulnerabilities in its AD Connector service that exposed authentication...
By: Julian Catrambone
Jun 10, 2025 • 11 min read
Read Post
Attacking FreeIPA — Part IV: CVE-2020–10747
I was informed on Wednesday June 17th 2020 that CVE 2020–10747 was revoked after it had...
By: Julian Catrambone
Jun 28, 2020 • 7 min read
Read Post
Attacking FreeIPA — Part III: Finding A Path
This post is Part III in a series about my experiences attacking FreeIPA. In Part I...
By: Julian Catrambone
Jun 1, 2020 • 6 min read
Read Post
Recently I started a series of blog posts detailing some of the lessons I learned about...
By: Julian Catrambone
May 14, 2020 • 7 min read
Read Post
Attacking FreeIPA — Part II Enumeration
In Part I of this series, we reviewed some of the background and underlying technologies utilized...
By: Julian Catrambone
Dec 4, 2019 • 10 min read
Read Post
Attacking FreeIPA — Part I Authentication
Recently I had the opportunity to operate inside of an environment managed by FreeIPA. I wanted...