Top 10 CI/CD Security Risks
https://ift.tt/2RgjxHo
Submitted March 16, 2022 at 08:04PM by Hefty_Knowledge_7449
via reddit https://ift.tt/zksK0W3
https://ift.tt/2RgjxHo
Submitted March 16, 2022 at 08:04PM by Hefty_Knowledge_7449
via reddit https://ift.tt/zksK0W3
Cider Security Site
Top 10 CICD Security Risks - Cider Security Site
Arya - new tool to generate pseudo malware samples based on YARA rules
https://ift.tt/19VXDa4
Submitted March 16, 2022 at 10:12PM by n0llbyte
via reddit https://ift.tt/nKyvl9t
https://ift.tt/19VXDa4
Submitted March 16, 2022 at 10:12PM by n0llbyte
via reddit https://ift.tt/nKyvl9t
Claroty
Arya: The New Tailor-Made EICAR Using Yara
Call for participants in Rizin/Cutter's Google Summer of Code 2022
https://ift.tt/AaOS0gU
Submitted March 16, 2022 at 11:01PM by XVilka
via reddit https://ift.tt/r59bqnh
https://ift.tt/AaOS0gU
Submitted March 16, 2022 at 11:01PM by XVilka
via reddit https://ift.tt/r59bqnh
Rizin
GSoC 2022
TL;DR Jump to the Ideas list.
Introduction This year is the second time we participate as a fork - Rizin, effectively continuing the tradition since the year 2015 (as the radare2 project).
Mentors Members of the Rizin and Cutter core teams have volunteered…
Introduction This year is the second time we participate as a fork - Rizin, effectively continuing the tradition since the year 2015 (as the radare2 project).
Mentors Members of the Rizin and Cutter core teams have volunteered…
Cool Open Source Security Tools & Programs list
https://ift.tt/kqysade
Submitted March 17, 2022 at 03:27AM by Khaotic_Kernel
via reddit https://ift.tt/iklIE2w
https://ift.tt/kqysade
Submitted March 17, 2022 at 03:27AM by Khaotic_Kernel
via reddit https://ift.tt/iklIE2w
GitHub
GitHub - mikeroyal/Open-Source-Security-Guide: Open Source Security Guide. Learn all about Security Standards, Frameworks, Threat…
Open Source Security Guide. Learn all about Security Standards, Frameworks, Threat Models, Encryption, and Benchmarks. - GitHub - mikeroyal/Open-Source-Security-Guide: Open Source Security Guide. ...
Git honours embedded bare repos - justinsteven
https://ift.tt/5nyPtmT
Submitted March 17, 2022 at 03:11AM by Gallus
via reddit https://ift.tt/fK1wSkm
https://ift.tt/5nyPtmT
Submitted March 17, 2022 at 03:11AM by Gallus
via reddit https://ift.tt/fK1wSkm
GitHub
advisories/2022_git_buried_bare_repos_and_fsmonitor_various_abuses.md at main · justinsteven/advisories
Contribute to justinsteven/advisories development by creating an account on GitHub.
NPM supply chain attack: node-ipc and peacenotwar sabotaged as an act of protest by the maintainer
https://ift.tt/DtTl91n
Submitted March 17, 2022 at 04:36AM by tubularobot
via reddit https://ift.tt/SAwFURa
https://ift.tt/DtTl91n
Submitted March 17, 2022 at 04:36AM by tubularobot
via reddit https://ift.tt/SAwFURa
Snyk
Alert: peacenotwar module sabotages npm developers in the node-ipc package to protest the invasion of Ukraine | Snyk
Vue.js users using the dependency “node-ipc” are experiencing a supply chain attack protesting the invasion of Ukraine, from a package named “peacenotwar”.
TOOL: ntlmrelayx2proxychains combining/automating ntlmrelayx, crackmapexec, and proxychains!
https://ift.tt/Xmdh4nT
Submitted March 17, 2022 at 05:14AM by BugbearB
via reddit https://ift.tt/ON8aERl
https://ift.tt/Xmdh4nT
Submitted March 17, 2022 at 05:14AM by BugbearB
via reddit https://ift.tt/ON8aERl
GitHub
GitHub - He-No/ntlmrelayx2proxychains
Contribute to He-No/ntlmrelayx2proxychains development by creating an account on GitHub.
From XSS to RCE (dompdf 0day)
https://ift.tt/OMyku3U
Submitted March 16, 2022 at 04:16PM by mckirk_
via reddit https://ift.tt/oPQvhYH
https://ift.tt/OMyku3U
Submitted March 16, 2022 at 04:16PM by mckirk_
via reddit https://ift.tt/oPQvhYH
positive.security
From XSS to RCE (dompdf 0day) | Positive Security
Using a still unpatched vulnerability in the PHP library dompdf (used for rendering PDFs from HTML), we achieved RCE on a web server with merely a reflected XSS vulnerability as entry point.
ThreatMapper 1.3.0 update - +runtime SBOM, +secret scanning, +attack path
https://ift.tt/lchCnHa
Submitted March 16, 2022 at 05:11PM by foobarbazwibble
via reddit https://ift.tt/S3yWzMd
https://ift.tt/lchCnHa
Submitted March 16, 2022 at 05:11PM by foobarbazwibble
via reddit https://ift.tt/S3yWzMd
GitHub
Release v1.3.0 · deepfence/ThreatMapper
ThreatMapper 1.3.0 Release
ThreatMapper 1.3.0 is a feature release, with a number of enhancements and fixes:
New Features
Secret Scanning: Scan containers and host filesystems, looking for possibl...
ThreatMapper 1.3.0 is a feature release, with a number of enhancements and fixes:
New Features
Secret Scanning: Scan containers and host filesystems, looking for possibl...
Mitigating CVE-2022-0811: Arbitrary code execution affecting CRI-O
https://ift.tt/e7x85Ol
Submitted March 17, 2022 at 05:21PM by MiguelHzBz
via reddit https://ift.tt/TLsjHrh
https://ift.tt/e7x85Ol
Submitted March 17, 2022 at 05:21PM by MiguelHzBz
via reddit https://ift.tt/TLsjHrh
Sysdig
Mitigating CVE-2022-0811: Arbitrary code execution affecting CRI-O – Sysdig
Learn how CVE-2022-0811, cr8escape, in CRI-O can lead to arbitrary code execution in Kubernetes and Openshift. Also how to detect & mitigate.
Unraveling Assets from Android Apps at Scale - An OSINT API allows you to scan over half a million Android apps for subdomains, S3 buckets, URL Params and more.
https://ift.tt/qdHyXOl
Submitted March 17, 2022 at 08:34PM by alt-glitch
via reddit https://ift.tt/fk6VHKw
https://ift.tt/qdHyXOl
Submitted March 17, 2022 at 08:34PM by alt-glitch
via reddit https://ift.tt/fk6VHKw
BeVigil Blog
Unraveling Assets from Android Apps at Scale - BeVigil Blog
Over the years, large-scale scanning of the internet has enabled the security community to identify widespread vulnerabilities and mitigate them before they can be exploited.
Random number generator enhancements for Linux 5.17 and 5.18
https://ift.tt/stYzrpk
Submitted March 18, 2022 at 05:20AM by zx2c4
via reddit https://ift.tt/EwHvh6k
https://ift.tt/stYzrpk
Submitted March 18, 2022 at 05:20AM by zx2c4
via reddit https://ift.tt/EwHvh6k
reddit
Random number generator enhancements for Linux 5.17 and 5.18
Posted in r/netsec by u/zx2c4 • 272 points and 9 comments
Detecting Headless Chrome: Spotlight on Puppeteer-Extra-Plugin-Stealth
https://ift.tt/AmSP8En
Submitted March 17, 2022 at 11:21PM by threat_researcher
via reddit https://ift.tt/W5fB8X7
https://ift.tt/AmSP8En
Submitted March 17, 2022 at 11:21PM by threat_researcher
via reddit https://ift.tt/W5fB8X7
DataDome
Detecting Headless Chrome: Puppeteer-Extra-Plugin-Stealth
Deep dive into puppeteer-extra-plugin-stealth—an instrumentation framework for sophisticated bot developers—and how DataDome detects it.
Post auth RCE based in malicious LUA plugin noscript upload SCADA controllers located in Russia
https://ift.tt/a7bRWIZ
Submitted March 18, 2022 at 01:33AM by bertinjoseb
via reddit https://ift.tt/92MA0yd
https://ift.tt/a7bRWIZ
Submitted March 18, 2022 at 01:33AM by bertinjoseb
via reddit https://ift.tt/92MA0yd
Medium
Post auth RCE based in malicious LUA plugin noscript upload SCADA controllers located in Russia
Hello World
0d1n - Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance.
https://ift.tt/oSHXJGr
Submitted March 18, 2022 at 09:01PM by CoolerVoid
via reddit https://ift.tt/ibSPsu6
https://ift.tt/oSHXJGr
Submitted March 18, 2022 at 09:01PM by CoolerVoid
via reddit https://ift.tt/ibSPsu6
GitHub
GitHub - CoolerVoid/0d1n: Tool for automating customized attacks against web applications. Fully made in C language with pthreads…
Tool for automating customized attacks against web applications. Fully made in C language with pthreads, it has fast performance. - GitHub - CoolerVoid/0d1n: Tool for automating customized attacks...
Frelatage: A fuzzing library to find vulnerabilities and bugs in Python applications
https://ift.tt/zGvH5JR
Submitted March 20, 2022 at 02:06AM by FrenchFuzzer
via reddit https://ift.tt/Cc6OlFX
https://ift.tt/zGvH5JR
Submitted March 20, 2022 at 02:06AM by FrenchFuzzer
via reddit https://ift.tt/Cc6OlFX
GitHub
GitHub - Rog3rSm1th/frelatage: A Greybox and Coverage-based library to fuzz Python applications 🐍
A Greybox and Coverage-based library to fuzz Python applications 🐍 - GitHub - Rog3rSm1th/frelatage: A Greybox and Coverage-based library to fuzz Python applications 🐍
How to detect IMSI catchers
https://ift.tt/uEvcxVZ
Submitted March 20, 2022 at 07:16AM by knoy
via reddit https://ift.tt/zbCMXSd
https://ift.tt/uEvcxVZ
Submitted March 20, 2022 at 07:16AM by knoy
via reddit https://ift.tt/zbCMXSd
Armadillophone
How to detect IMSI catchers
Your phone is under constant attack from criminals, corporations and foreign governments.
Xepor: the web routing framework, brings the best of mitmproxy & Flask
https://ift.tt/DR2biPX
Submitted March 20, 2022 at 05:43PM by ttimasdf
via reddit https://ift.tt/Hg9WPQF
https://ift.tt/DR2biPX
Submitted March 20, 2022 at 05:43PM by ttimasdf
via reddit https://ift.tt/Hg9WPQF
GitHub
GitHub - xepor/xepor: Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy…
Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask - GitHub - xepor/xepor: Xepor, a web routing framework for reverse engine...
Xepor: the web routing framework, brings the best of mitmproxy & Flask
https://ift.tt/DR2biPX
Submitted March 20, 2022 at 05:43PM by ttimasdf
via reddit https://ift.tt/Hg9WPQF
https://ift.tt/DR2biPX
Submitted March 20, 2022 at 05:43PM by ttimasdf
via reddit https://ift.tt/Hg9WPQF
GitHub
GitHub - xepor/xepor: Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy…
Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask - GitHub - xepor/xepor: Xepor, a web routing framework for reverse engine...
Xepor: the web routing framework, brings the best of mitmproxy & Flask
https://ift.tt/DR2biPX
Submitted March 20, 2022 at 05:43PM by ttimasdf
via reddit https://ift.tt/Hg9WPQF
https://ift.tt/DR2biPX
Submitted March 20, 2022 at 05:43PM by ttimasdf
via reddit https://ift.tt/Hg9WPQF
GitHub
GitHub - xepor/xepor: Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy…
Xepor, a web routing framework for reverse engineers and security researchers, brings the best of mitmproxy & Flask - GitHub - xepor/xepor: Xepor, a web routing framework for reverse engine...
GitHub - fgsect/FitM: FitM, the Fuzzer in the Middle, can fuzz client and server binaries at the same time using userspace snapshot-fuzzing and network emulation. It's fast and comparably easy to set up.
https://ift.tt/YampMke
Submitted March 20, 2022 at 10:03PM by domenukk
via reddit https://ift.tt/uUhgSio
https://ift.tt/YampMke
Submitted March 20, 2022 at 10:03PM by domenukk
via reddit https://ift.tt/uUhgSio
GitHub
GitHub - fgsect/FitM: FitM, the Fuzzer in the Middle, can fuzz client and server binaries at the same time using userspace snapshot…
FitM, the Fuzzer in the Middle, can fuzz client and server binaries at the same time using userspace snapshot-fuzzing and network emulation. It's fast and comparably easy to set up. - GitHu...