https://lwst.io/en/ Recent content on lwst.io https://lwst.io/images/profile-crop.jpg https://lwst.io/images/profile-crop.jpg Hugo en Sun, 26 Apr 2026 00:00:00 +0000 https://lwst.io/en/posts/microsoft-entra-device-code-phishing/ Sun, 26 Apr 2026 00:00:00 +0000 https://lwst.io/en/posts/microsoft-entra-device-code-phishing/ A phishing wave against Microsoft 365 bypasses MFA and even phishing-resistant passkeys without faking a single pixel of Microsoft. What attackers do, why it works, and the conditional access policy that stops it. https://lwst.io/en/posts/sms-phishing-alphanumeric-senderids/ Sun, 26 Apr 2026 00:00:00 +0000 https://lwst.io/en/posts/sms-phishing-alphanumeric-senderids/ An SMS lands in the real Trade Republic chat — and costs a 63-year-old his retirement savings. What makes alphanumeric sender IDs so phishable, and why the UK and Singapore are ahead of Germany. https://lwst.io/en/posts/hallo-welt/ Sat, 25 Apr 2026 00:00:00 +0000 https://lwst.io/en/posts/hallo-welt/ The first post on lwst.io — what this blog is and who&#39;s behind it. No marketing language, no tool reviews — just notes from working in the field and studying. https://lwst.io/en/about/ Mon, 01 Jan 0001 00:00:00 +0000 https://lwst.io/en/about/ About David Leeuwestein https://lwst.io/en/imprint/ Mon, 01 Jan 0001 00:00:00 +0000 https://lwst.io/en/imprint/ <p>Information according to § 5 TMG (German Telemedia Act):</p> <p><strong>David Leeuwestein</strong><br> c/o Block Services<br> Stuttgarter Str. 106<br> 70736 Fellbach<br> Germany</p> <h2 id="contact">Contact</h2> <p>Email: <a href="mailto:blog@lwst.io">blog@lwst.io</a></p> <h2 id="responsible-for-the-content-according-to--18-2-mstv">Responsible for the content according to § 18 (2) MStV</h2> <p>David Leeuwestein<br> c/o Block Services<br> Stuttgarter Str. 106<br> 70736 Fellbach<br> Germany</p> <h2 id="liability-for-content">Liability for content</h2> <p>The contents of these pages have been created with the utmost care. However, no guarantee can be given for the accuracy, completeness, or timeliness of the content. As a service provider, I am responsible for my own content on these pages in accordance with general laws under § 7 (1) TMG. According to §§ 8 to 10 TMG, however, I am not obligated as a service provider to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information under general laws remain unaffected. Liability in this respect is only possible from the time at which a specific legal violation becomes known. Should I become aware of any such violations, I will remove the relevant content without delay.</p> https://lwst.io/en/privacy/ Mon, 01 Jan 0001 00:00:00 +0000 https://lwst.io/en/privacy/ <h2 id="data-controller">Data controller</h2> <p>The controller within the meaning of the General Data Protection Regulation (GDPR) is:</p> <p><strong>David Leeuwestein</strong><br> c/o Block Services<br> Stuttgarter Str. 106<br> 70736 Fellbach<br> Germany<br> Email: <a href="mailto:blog@lwst.io">blog@lwst.io</a></p> <h2 id="overview">Overview</h2> <p>This site processes personal data only to the extent technically necessary to operate the offering. There is <strong>no tracking</strong>, no advertising, no analytics cookies, and no newsletter sign-up.</p> <h2 id="hosting-and-connection-data">Hosting and connection data</h2> <p>This site is hosted on <strong>Cloudflare Pages</strong>, a service of <strong>Cloudflare, Inc.</strong>, 101 Townsend Street, San Francisco, CA 94107, USA. Cloudflare operates a global content-delivery network and handles delivery of this site&rsquo;s content as well as protection against abusive use (e.g. DDoS attacks).</p>