A comprehensive analysis of the year's new malware

Every week, almost without fail, I come across one thing that confuses, entertains, or most commonly infuriates me. I’ve decided to keep a…

API calls and requests for resources can sometimes be diverted toward a different endpoint on the same host, potentially resulting in DOM XSS’s that would otherwise be impossible to trigger, or other types of client-side vulnerabilities.

TruffleHog Open Source now scans CircleCI log outputs for passwords, API keys, and other forms of credentials

A simple tool that helps to find assets/domains based on the Google Analytics ID. - GitHub - dhn/udon: A simple tool that helps to find assets/domains based on the Google Analytics ID.

After inadvertently finding that InfoSys leaked an AWS key on PyPi I wanted to know how many other live AWS keys may be present on Python package index. After scanning every release published to PyPi I found 57 valid access keys from organisations like:
Amazon…

A powerful and user-friendly browser extension that streamlines investigations for security professionals. - GitHub - zdhenard42/SOC-Multitool: A powerful and user-friendly browser extension that s...

Intercepting and Manipulating client-side AES encrypted traffic in mobile applications having hardcoded Key and IV

Bug bounty programs have become increasingly popular in recent years, with companies offering rewards to hackers and security researchers who can find vulnerabilities in their systems. While there are many tools available to help with bug hunting, writing…

Everything you need to know about securing the software supply chain.

connmap is an X11 desktop widget that shows location of your current network peers on a world map - GitHub - jafarlihi/connmap: connmap is an X11 desktop widget that shows location of your current ...

A collaboratively curated list of awesome Open-Source Intelligence (OSINT) Resources - GitHub - ARPSyndicate/awesome-intelligence: A collaboratively curated list of awesome Open-Source Intelligence...

Aqua Nautilus breaks down how VSCode extensions can easily be impersonated by attackers who hide malicious code through tactics like typosquatting

Version 0.9.9

About The Project In December of 2022, a DLL Hijacking vulnerability with a CVSS score of 7.8 was reported in the Squirrel.Windows auto-install/update utility. This blog post will analyze the vulnerability, and analyze the root cause of said issue with procmon.…

Cross-Site Request Forgery (CSRF) consists of making unauthorised requests on behalf of a user. Effective protection is essential for access control.

BYOVD or Bring Your Own Vulnerable Driver is an attack where a threat actor brings a legitimately signed and vulnerable driver to perform malicious actions on the system. In a BYOVD attack, the attacker can use the vulnerabilities in the driver to execute…

A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and other resources. The taxonomy as well as related safeguards can be explored using an interactive visualization tool.

Not Attacking Web Apps Admin Panels The Right Way?

A list of online news & info sources in the InfoSec/Cybersecurity space - allinfosecnews_sources/README.md at main · foorilla/allinfosecnews_sources