How to speed up Ansible
https://www.toptechskills.com/ansible-tutorials-courses/speed-up-ansible-playbooks-pipelining-mitogen/
https://www.toptechskills.com/ansible-tutorials-courses/speed-up-ansible-playbooks-pipelining-mitogen/
TopTechSkills.com
How to Speed Up Your Ansible Playbooks Over 600%
Can Mitogen really give a 7x speed increase, and is it any faster than good ol' pipelining? Let's put these questions to the test.
Csi_software_memory_safety.pdf
316.2 KB
NSA Guidance on How to Protect Against Software Memory Safety Issues
SharpGmailC2
Our Friendly Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol
https://github.com/reveng007/SharpGmailC2
Our Friendly Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol
https://github.com/reveng007/SharpGmailC2
GitHub
GitHub - reveng007/SharpGmailC2: Our Friendly Gmail will act as Server and implant will exfiltrate data via smtp and will read…
Our Friendly Gmail will act as Server and implant will exfiltrate data via smtp and will read commands from C2 (Gmail) via imap protocol - reveng007/SharpGmailC2
Phishing campaigns continue to grow more common globally, with over one million attacks observed in Q2 2022
They offer an easy and attractive way for cybercriminals to generate revenue, steal credentials and spread malware. Many sophisticated phishing kits have been developed. Some of these are sold on underground forums using a Malware-as-a-Service model, while others are used exclusively by a single threat actor group. Some cybercriminals also offer lead generation services, selling packages of clicks to fraudulent sites...
https://www.cyjax.com/app/uploads/2022/11/Fangxiao-a-Chinese-threat-actor.pdf
They offer an easy and attractive way for cybercriminals to generate revenue, steal credentials and spread malware. Many sophisticated phishing kits have been developed. Some of these are sold on underground forums using a Malware-as-a-Service model, while others are used exclusively by a single threat actor group. Some cybercriminals also offer lead generation services, selling packages of clicks to fraudulent sites...
https://www.cyjax.com/app/uploads/2022/11/Fangxiao-a-Chinese-threat-actor.pdf
Stealing passwords from infosec Mastodon - without bypassing CSP
https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp
https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp
PortSwigger Research
Stealing passwords from infosec Mastodon - without bypassing CSP
The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP. Everybody on our Twitter feed seemed to be jumping ship to the infose
Build Apps in Deno with Frameworks such as React, Vue, Express, and more.
https://deno.com/blog/frameworks-with-npm
https://deno.com/blog/frameworks-with-npm
Deno
Build Apps in Deno with Frameworks such as React, Vue, Express, and more. | Deno
Getting started with web frameworks in npm and Deno.
Build and Deploy a Node.js Microservices Application
https://dev.to/pavanbelagatti/build-and-deploy-a-nodejs-microservices-application-2966
https://dev.to/pavanbelagatti/build-and-deploy-a-nodejs-microservices-application-2966
DEV Community
Build and Deploy a Node.js Microservices Application
When it comes to modern software development, microservices are one of the hottest trends. These...
Home Grown Red Team: Lateral Movement With Havoc C2 And Microsoft EDR
https://assume-breach.medium.com/home-grown-red-team-lateral-movement-with-havoc-c2-and-microsoft-edr-300b7389b1f7
https://assume-breach.medium.com/home-grown-red-team-lateral-movement-with-havoc-c2-and-microsoft-edr-300b7389b1f7
Medium
Home Grown Red Team: Lateral Movement With Havoc C2 And Microsoft EDR
Lateral movement is extremely important for any red team engagement. Getting your initial shell is great, but if you can’t move off the box…
Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice
https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice
https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice
Proofpoint
What Is a Threat Actor? - Definition, Types & More | Proofpoint US
A threat actor is a term used to describe individuals whose purpose is to engage in cyber-related offenses. Learn the definition, types, motivations, and more.
Infrastructure Resilience Planning Framework (IRPF)
The Cybersecurity and Infrastructure Security Agency (CISA) has developed the Infrastructure Resilience Planning Framework (IRPF) to enable the incorporation of security and resilience considerations in critical infrastructure planning and investment decisions.
NOVEMBER 2022 | VERSION 1.1:
https://www.cisa.gov/sites/default/files/publications/Infrastructure-Resilience%20Planning-Framework-%28IRPF%29%29.pdf
The Cybersecurity and Infrastructure Security Agency (CISA) has developed the Infrastructure Resilience Planning Framework (IRPF) to enable the incorporation of security and resilience considerations in critical infrastructure planning and investment decisions.
NOVEMBER 2022 | VERSION 1.1:
https://www.cisa.gov/sites/default/files/publications/Infrastructure-Resilience%20Planning-Framework-%28IRPF%29%29.pdf
Cybersecurity and Infrastructure Security Agency CISA
Infrastructure Resilience Planning Framework (IRPF) | CISA
This planning framework provides processes and a series of tools and resources for incorporating critical infrastructure resilience considerations into planning activities.
Hermit: Deterministic Linux for Controlled Testing and Software Bug-finding
https://developers.facebook.com/blog/post/2022/11/22/hermit-deterministic-linux-testing/
https://developers.facebook.com/blog/post/2022/11/22/hermit-deterministic-linux-testing/
Meta for Developers
Hermit: Deterministic Linux for Controlled Testing and Software Bug-finding
Facebook For Developers
CVE-2021-40662 Chamilo LMS 1.11.14 RCE
This article is about my third CVE that I got for finding a Remote Code Execution in a popular Learning Management Software named “Chamilo LMS”.
https://hacklido.com/d/90-cve-2021-40662-chamilo-lms-11114-rce
This article is about my third CVE that I got for finding a Remote Code Execution in a popular Learning Management Software named “Chamilo LMS”.
https://hacklido.com/d/90-cve-2021-40662-chamilo-lms-11114-rce
HACKLIDO
CVE-2021-40662 Chamilo LMS 1.11.14 RCE
This is Febin, a Security Researcher. This article is about my third CVE that I got for finding a Remote Code Execution in a popular Learning Management...