Static security checker for Dockerfiles. Contribute to cr0hn/dockerfile-security development by creating an account on GitHub.

Default certificate chain to include an expired root certificate

Learn how NoSQL Injection works, with example strings to inject to test for injections.

This post will be all about Network Access Control (NAC) solutions and how they might lull you into a sense of security.
Designed to keep rouge devices out of your network, I´ll show you ways around it, as well as ways to protect yourself.
From a pentester´s…

Previously on Dead Ends in Cryptanalysis, we talked about length-extension attacks and precisely why modern hash functions like SHA-3 and BLAKE2 aren’t susceptible. The art and science of sid…

Encrypt and Anonymize Your Internet Connection for as Little as $3/mo with PIA VPN. Learn More Microsoft Teams is a proprietary business communication platform developed by Microsoft, as …

Learn how to perform a deep-learning side-channels attack using TensorFlow to recover AES cryptographic keys from a hardware device power traces, step by step.

Research By: Netanel Ben-Simon and Sagi Tzadik Introduction Microsoft Office is a very commonly used software that can be found on almost any standard computer. It is also integrated inside many products of the Microsoft / Windows ecosystem such as Office…

Introduction Modern business often relies heavily on the Internet and software resources such as Zoom or Skype to support daily operat...

Posted in r/netsec by u/shapelez • 21 points and 4 comments

If you have a command & control server running a RAT, you should protect this server from possible detections. This is one of the golden rules for OPSEC. There has been a lot of content shared on this topic lately, and researchers are detecting command &…

This post is about common misconfigurations and attack szenarios that enable an attacker to access separated networks with critical systems or sensitive data...

The Unity game engine provides various means for getting external assets into a game, such as AssetBundles, for adding assets at runtime and the Asset Store, for purchasing third-party assets. It’s possible for a GameObject to execute arbitrary code using…

We collect salary information anonymously from professionals all over the world in the InfoSec/Cyber Security space and make it publicly available for anyone to use, share and play around with.

Showmax is an online subnoscription video on demand service which launched in South Africa on 19 August 2015. Showmax is employing a…

Video made on Kapwing