Notes from the field.
Posts and technotes — published here, on the IT Audit Labs blog, or wherever the audience lives. Mostly security and edge-native engineering.
Latest
Vibecoding vs Vivecoding: A Manifesto
For years I pronounced it wrong. Then I looked at what I actually do — and realized the mistake had a thesis behind it. This is the case for treating AI-assisted engineering as a campaign, not a roll of the dice.
#vivecoding #ai-engineering #sdd #methodology
read post → Browser Extensions Are the Quiet SSO Bypass
108 malicious Chrome extensions hit ~20,000 users by capturing OAuth2 tokens, opening backdoor URLs, and stripping security headers — bypassing MFA, EDR, and CSP. Here's what actually defends against this.
#security #browser #sso #oauth
read on IT Audit Labs →