Bug bounty programs have become increasingly popular in recent years, with companies offering rewards to hackers and security researchers who can find vulnerabilities in their systems. While there are many tools available to help with bug hunting, writing…

Everything you need to know about securing the software supply chain.

connmap is an X11 desktop widget that shows location of your current network peers on a world map - GitHub - jafarlihi/connmap: connmap is an X11 desktop widget that shows location of your current ...

A collaboratively curated list of awesome Open-Source Intelligence (OSINT) Resources - GitHub - ARPSyndicate/awesome-intelligence: A collaboratively curated list of awesome Open-Source Intelligence...

Aqua Nautilus breaks down how VSCode extensions can easily be impersonated by attackers who hide malicious code through tactics like typosquatting

Version 0.9.9

About The Project In December of 2022, a DLL Hijacking vulnerability with a CVSS score of 7.8 was reported in the Squirrel.Windows auto-install/update utility. This blog post will analyze the vulnerability, and analyze the root cause of said issue with procmon.…

Cross-Site Request Forgery (CSRF) consists of making unauthorised requests on behalf of a user. Effective protection is essential for access control.

BYOVD or Bring Your Own Vulnerable Driver is an attack where a threat actor brings a legitimately signed and vulnerable driver to perform malicious actions on the system. In a BYOVD attack, the attacker can use the vulnerabilities in the driver to execute…

A taxonomy of attacks on software supply chains in the form of an attack tree, based on and linked to numerous real-world incidents and other resources. The taxonomy as well as related safeguards can be explored using an interactive visualization tool.

Not Attacking Web Apps Admin Panels The Right Way?

A list of online news & info sources in the InfoSec/Cybersecurity space - allinfosecnews_sources/README.md at main · foorilla/allinfosecnews_sources

See how attackers used compromised Jenkins plugins to attack the software supply chain and how to continuously detect vulnerable Jenkins plugins at scale.

Welcome to my blog ! Today we're going to unleashing the power of the Flipper Zero by installing some custom firmware. But before we get sta...

Summary A few months ago, I stumbled onto an interesting case of Client-Side Path Manipulation in private bug bounty program. Since I wanted to start a blog, and I noticed that another client side path traversal was mentioned in PortSwigger’s Top 10 web hacking…

In late August 2022, we investigated an incident involving Ursnif malware, which resulted in Cobalt Strike being deployed. This was followed by the threat actors moving laterally throughout the environment … Read More

Behind one of Gmail’s lesser-known features lies a potential threat to websites and platforms managers.

Detect and mitigate actions to assure readiness against a supply chain attack of your CICD Pipelines. Read more about it in Rezonate's blog here!