I have created a burp suite extension which allows pentester to keep track of each APIs, write test cases for individual APIs. Lastly the extension allows to map the vulnerable apis to the list of vulnerabilities using a custom checklist.
https://ift.tt/3L2Anp4
Submitted June 18, 2022 at 03:42PM by Ano_F
via reddit https://ift.tt/m0GU6wX
https://ift.tt/3L2Anp4
Submitted June 18, 2022 at 03:42PM by Ano_F
via reddit https://ift.tt/m0GU6wX
portswigger.net
Pentest Mapper
Integrates logging with a custom application testing checklist.
Scheduled Scaling Up & Down Of EC2 Server
https://ift.tt/e6LtKUN
Submitted June 18, 2022 at 04:55PM by ajaidanial
via reddit https://ift.tt/FJIClUu
https://ift.tt/e6LtKUN
Submitted June 18, 2022 at 04:55PM by ajaidanial
via reddit https://ift.tt/FJIClUu
GitHub
GitHub - ajaidanial/gipsy_avenger: A self-hosted scheduler app that will upgrade or downgrade your EC2 servers for you.
A self-hosted scheduler app that will upgrade or downgrade your EC2 servers for you. - GitHub - ajaidanial/gipsy_avenger: A self-hosted scheduler app that will upgrade or downgrade your EC2 servers...
learn ethical hacking and bug bounty with free resources and with proper Guidance...
https://ift.tt/Lb5MzgU
Submitted June 18, 2022 at 06:21PM by rootxd3vil
via reddit https://ift.tt/wXit4I3
https://ift.tt/Lb5MzgU
Submitted June 18, 2022 at 06:21PM by rootxd3vil
via reddit https://ift.tt/wXit4I3
Dangerous Repository of DoS, Red Teaming TTPs, and ICS Exploits
https://ift.tt/z5aTFm2
Submitted June 18, 2022 at 08:26PM by entropydaemon6
via reddit https://ift.tt/z7a8xq3
https://ift.tt/z5aTFm2
Submitted June 18, 2022 at 08:26PM by entropydaemon6
via reddit https://ift.tt/z7a8xq3
GitHub
RoseSecurity - Overview
Cloud Engineer | Hobbyist Hacker. RoseSecurity has 17 repositories available. Follow their code on GitHub.
I made a website can detect over 1000 extensions and shows you the percentage of users that share the same extensions.
https://ift.tt/lERnbqy
Submitted June 19, 2022 at 03:04AM by z0ccc_z0ccc
via reddit https://ift.tt/Xp6u8lk
https://ift.tt/lERnbqy
Submitted June 19, 2022 at 03:04AM by z0ccc_z0ccc
via reddit https://ift.tt/Xp6u8lk
New blog - NMAP and CME 101 stuff
https://ift.tt/X59Azkr
Submitted June 19, 2022 at 04:57PM by Mr-R3b00t
via reddit https://ift.tt/JQIprmb
https://ift.tt/X59Azkr
Submitted June 19, 2022 at 04:57PM by Mr-R3b00t
via reddit https://ift.tt/JQIprmb
Reddit
From the netsec community on Reddit: New blog - NMAP and CME 101 stuff
Posted by Mr-R3b00t - 7 votes and 4 comments
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
https://ift.tt/4nKH5Zz
Submitted June 20, 2022 at 08:03AM by nykzhang
via reddit https://ift.tt/OLZEuSl
https://ift.tt/4nKH5Zz
Submitted June 20, 2022 at 08:03AM by nykzhang
via reddit https://ift.tt/OLZEuSl
Avast Threat Labs
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild - Avast Threat Labs
Introduction Rootkits are dangerous pieces of malware. Once in place, they are usually really hard to detect. Their code is typically more challenging to write than other malware, so developers resort to code reuse from open source projects. As rootkits are…
semgrep rule pack by elttam - Java entry-points and security issues in Jackson, Spring Remoting, and Struts DMI
https://ift.tt/NinkHm8
Submitted June 20, 2022 at 11:51AM by Gallus
via reddit https://ift.tt/pZCWncd
https://ift.tt/NinkHm8
Submitted June 20, 2022 at 11:51AM by Gallus
via reddit https://ift.tt/pZCWncd
GitHub
GitHub - elttam/semgrep-rules
Contribute to elttam/semgrep-rules development by creating an account on GitHub.
Zero Trust - A Layered Approach against threats
https://ift.tt/PyhBrbi
Submitted June 20, 2022 at 03:36PM by J_0_5
via reddit https://ift.tt/EpJnqiP
https://ift.tt/PyhBrbi
Submitted June 20, 2022 at 03:36PM by J_0_5
via reddit https://ift.tt/EpJnqiP
Medium
Zero Trust — A Layered Approach against cyber threats — Part II
This article will serve as a follow up to the Zero Trust primer ‘Zero Trust — An Introduction’. In this second part of the series, we’ll…
Hacking into the worldwide Jacuzzi SmartTub network
https://ift.tt/c5CX2da
Submitted June 21, 2022 at 12:20AM by EatonZ
via reddit https://ift.tt/QhXRcN8
https://ift.tt/c5CX2da
Submitted June 21, 2022 at 12:20AM by EatonZ
via reddit https://ift.tt/QhXRcN8
Eaton-Works
Hacking into the worldwide Jacuzzi SmartTub network
Two vulnerable Jacuzzi SmartTub administration panels exposed worldwide customer data for multiple brands.
When the CAS let you in - abusing misconfigured Actuator in Apereo CAS
https://ift.tt/x4cGfI0
Submitted June 21, 2022 at 03:15PM by qwerty0x41
via reddit https://ift.tt/PWteCQ8
https://ift.tt/x4cGfI0
Submitted June 21, 2022 at 03:15PM by qwerty0x41
via reddit https://ift.tt/PWteCQ8
Reddit
r/netsec on Reddit: When the CAS let you in - abusing misconfigured Actuator in Apereo CAS
Posted by u/qwerty0x41 - 3 votes and 1 comment
Intercepting MS Teams Communication
https://ift.tt/vczynXM
Submitted June 21, 2022 at 04:32PM by OwnPreparation3424
via reddit https://ift.tt/OXZhjkq
https://ift.tt/vczynXM
Submitted June 21, 2022 at 04:32PM by OwnPreparation3424
via reddit https://ift.tt/OXZhjkq
Medium
Intercepting MS Teams Communication
Just For Fun And Out Of Curiosity
Reverse Engineering an old Mario & Luigi game for fun
https://ift.tt/t94OCIv
Submitted June 21, 2022 at 07:42PM by CyberMasterV
via reddit https://ift.tt/2QI8mci
https://ift.tt/t94OCIv
Submitted June 21, 2022 at 07:42PM by CyberMasterV
via reddit https://ift.tt/2QI8mci
Reddit
r/netsec on Reddit: Reverse Engineering an old Mario & Luigi game for fun
Posted by u/CyberMasterV - 21 votes and 2 comments
Does Acrobat Reader Unload Injection of Security Products?
https://ift.tt/lBtapEM
Submitted June 21, 2022 at 02:11PM by woja111
via reddit https://ift.tt/qrKs41T
https://ift.tt/lBtapEM
Submitted June 21, 2022 at 02:11PM by woja111
via reddit https://ift.tt/qrKs41T
A deep dive into Sigma rules and how to write your own threat detection rules
https://ift.tt/cLEwP8s
Submitted June 21, 2022 at 08:22PM by sciencestudent99
via reddit https://ift.tt/dNxH719
https://ift.tt/cLEwP8s
Submitted June 21, 2022 at 08:22PM by sciencestudent99
via reddit https://ift.tt/dNxH719
FourCore
A deep dive into Sigma rules and how to write your own threat detection rules
Sigma Rules - a generic open-source signature format for SIEM Systems. What Snort is to network traffic, and YARA to files, Sigma is to logs. Released in 2017, Sigma rules are used as a common language to build detection rules for different SIEM systems.
Improving AI-based defenses to disrupt human-operated ransomware
https://ift.tt/pP8AQw0
Submitted June 21, 2022 at 09:35PM by SCI_Rusher
via reddit https://ift.tt/DAnxsdN
https://ift.tt/pP8AQw0
Submitted June 21, 2022 at 09:35PM by SCI_Rusher
via reddit https://ift.tt/DAnxsdN
Microsoft News
Improving AI-based defenses to disrupt human-operated ransomware
To disrupt human-operated ransomware attacks as early as possible, we enhanced the AI-based protections in Microsoft Defender for Endpoint with a range of specialized machine learning techniques that swiftly identify and block malicious files, processes,…
Container escapes: Detecting abuses of Linux capabilities with Falco + Intro to CAP_SYS_ADMIN
https://ift.tt/SEKFx3q
Submitted June 21, 2022 at 09:23PM by capitangolo
via reddit https://ift.tt/maVFWPK
https://ift.tt/SEKFx3q
Submitted June 21, 2022 at 09:23PM by capitangolo
via reddit https://ift.tt/maVFWPK
Sysdig
How to detect the containers’ escape capabilities with Falco – Sysdig
With a tool like Falco, it’s possible to detect when specific container capabilities like CAP_SYS_ADMIN are misused.
ShoMon V2: Shodan Monitoring Integration for TheHive written in Golang
https://ift.tt/jJ1HDpG
Submitted June 22, 2022 at 12:35PM by KaanSK
via reddit https://ift.tt/Lv6IMcJ
https://ift.tt/jJ1HDpG
Submitted June 22, 2022 at 12:35PM by KaanSK
via reddit https://ift.tt/Lv6IMcJ
GitHub
GitHub - KaanSK/shomon: Shodan Monitoring integration for TheHive.
Shodan Monitoring integration for TheHive. Contribute to KaanSK/shomon development by creating an account on GitHub.
Semgrep rules for PHP security assessment
https://ift.tt/q6YZKLM
Submitted June 22, 2022 at 02:28PM by 0xdea
via reddit https://ift.tt/tfovmJC
https://ift.tt/q6YZKLM
Submitted June 22, 2022 at 02:28PM by 0xdea
via reddit https://ift.tt/tfovmJC
hn security
Semgrep rules for PHP security assessment - hn security
Hi! According to the official documentation, Semgrep […]
Understanding the Compound File Binary Format and OLE Structures to Mess with CVE-2022-30190
https://ift.tt/1soTcXN
Submitted June 23, 2022 at 02:46PM by canmaplap
via reddit https://ift.tt/C5IGtnm
https://ift.tt/1soTcXN
Submitted June 23, 2022 at 02:46PM by canmaplap
via reddit https://ift.tt/C5IGtnm
Cymulate
Messing with CVE-2022-30190 by Understanding Compound File Binary Format and OLE Structures
Gain an understanding of the Compound File Binary Format and OLE Structures to Mess with CVE-2022-30190 in this blog post by Cymulate.
fuzzuli is a fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.
https://ift.tt/IG3vZcV
Submitted June 23, 2022 at 03:34PM by 0xmusana
via reddit https://ift.tt/WlRSwPG
https://ift.tt/IG3vZcV
Submitted June 23, 2022 at 03:34PM by 0xmusana
via reddit https://ift.tt/WlRSwPG
GitHub
GitHub - musana/fuzzuli: fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based…
fuzzuli is a url fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain. - GitHub - musana/fuzzuli: fuzzuli is a url fuzzing tool that aims to find ...