Attacking JWT using X509 Certificates

Source provenance. Raw material catalogued for the wiki ingest pipeline. Lives offline at raw_sources/offensive-security/ingested/Attacking JWT using X509 Certificates.md.

Status: integrated

Excerpt

While pulling together some information for a previous blog, I had identified an interesting JSON Web Signature (JWS) header that I wanted to learn more about. In RFC 7515 Section 4.1, a list of registered header parameters is outlined. This time, the x5u an…