Attack Surface Analyzer can help you analyze your operating system's security configuration for changes during software installation. - GitHub - microsoft/AttackSurfaceAnalyzer: Attack Surf...

Semgrep now has 1st-class integration into GitLab

D3FEND is a knowledge base of cybersecurity countermeasure techniques. In the simplest sense, it is a catalog of defensive cybersecurity techniques and their relationships to offensive/adversary techniques. The primary goal of the initial D3FEND release is…

Introduction

Find the latest telecom Industry news, online Industry information, views & updates. Get online news from the Indian Telecom Industry on ET Telecom.

Post describing my research wardialing Finnish freephones.

The differences between TLS 1.2 and TLS 1.3 are extensive and significant, offering improvements in both performance and security.

A deep dive tool comparison

Unless you are living under the rock, you have seen that recently @harmj0y and @tifkin_ published their amazing research on Active Directory Certificate Services (AD CS). If you haven’t checked it out already read their post first.

PALO ALTO, Calif. & TEL AVIV, Israel, June 23, 2021--Nearly 60% of organizations said they consider lack of visibility and inadequate identity/access security a major threat to their cloud infrastructure

Until this time, Linux has experienced only a small number of viruses. Some of these viruses still exist but aren’t active, and they certainly don’t propagate.

New security research on top of a novel detection of PyPI packages containing a crypto-miner. We present actionable solutions for developers and discuss automated detection and deobfuscate techincs.

A widespread phishing campaign in operation since May is using a mix of old and new evasion tricks to drop IcedID malware.

Posted in r/netsec by u/bonobolol • 58 points and 4 comments

Browse the documentation for the Steampipe AWS Compliance mod rbi_cyber_security benchmark

New malware strain we discovered could be the reason why your antivirus doesn’t work anymore. Especially if you have installed some popular software from not so legal distribution recently

What started as a false positive alert for a Microsoft signed file turns out to be a WFP application layer enforcement callout driver that redirects traffic to a Chinese IP. How did this happen?

Jump Ahead: Enum – Getting Initial Access – User – Root – Resources TL;DR; To solve this machine, we begin by enumerating open services – finding ports 22, 80, and 330…

Insecure Direct Object Reference or IDOR happens when an application inadvertently exposes private objects through user input.