Designing and Developing Modern Applications
free Zoom Conference. I known personally some participiants from speakers, so shoult be interecting, maybe:
— https://akvelon.global/devday2023/
free Zoom Conference. I known personally some participiants from speakers, so shoult be interecting, maybe:
— https://akvelon.global/devday2023/
akvelon.global
DevDay 2023
Designing and Developing Modern Applications: Best Practices and Emerging Trends
EDR Telemetry
This repo provides a list of telemetry features from EDR products and other endpoint agents such as Sysmon broken down by category. The main motivation behind this project is to enable security practitioners to compare and evaluate the telemetry potential from those tools while encouraging EDR vendors to be more transparent about the telemetry features they do provide to their users and customers:
— https://github.com/tsale/EDR-Telemetry
This repo provides a list of telemetry features from EDR products and other endpoint agents such as Sysmon broken down by category. The main motivation behind this project is to enable security practitioners to compare and evaluate the telemetry potential from those tools while encouraging EDR vendors to be more transparent about the telemetry features they do provide to their users and customers:
— https://github.com/tsale/EDR-Telemetry
GitHub
GitHub - tsale/EDR-Telemetry: This project aims to compare and evaluate the telemetry of various EDR products.
This project aims to compare and evaluate the telemetry of various EDR products. - tsale/EDR-Telemetry
Discord DLL hijacking / Automation via Excel Macros
— https://github.com/MitchHS/Discord-DLL-Hijacking
— https://github.com/MitchHS/Discord-DLL-Hijacking
GitHub
GitHub - nullsection/Discord-DLL-Hijacking: This is a simple example of DLL hijacking enabling proxy execution.
This is a simple example of DLL hijacking enabling proxy execution. - GitHub - nullsection/Discord-DLL-Hijacking: This is a simple example of DLL hijacking enabling proxy execution.
Massive Abuse of Abandoned Eval PHP WordPress Plugin
https://blog.sucuri.net/2023/04/massive-abuse-of-abandoned-evalphp-wordpress-plugin.html
https://blog.sucuri.net/2023/04/massive-abuse-of-abandoned-evalphp-wordpress-plugin.html
Sucuri Blog
Massive Abuse of Abandoned Eval PHP WordPress Plugin
Learn how misuse of the EvalPHP WordPress plugin is allowing attackers to create malicious pages and plant backdoors on vulnerable websites.
LOOBins
Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes:
— https://github.com/infosecB/LOOBins
Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes:
— https://github.com/infosecB/LOOBins
GitHub
GitHub - infosecB/LOOBins: Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various…
Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by t...
APT Simulator
APT Simulator is a Windows Batch noscript that uses a set of tools and output files to make a system look as if it was compromised. In contrast to other adversary simulation tools, APT Simulator is designed to make the application as simple as possible..:
— https://github.com/NextronSystems/APTSimulator
#tool #review
APT Simulator is a Windows Batch noscript that uses a set of tools and output files to make a system look as if it was compromised. In contrast to other adversary simulation tools, APT Simulator is designed to make the application as simple as possible..:
— https://github.com/NextronSystems/APTSimulator
#tool #review
GitHub
GitHub - NextronSystems/APTSimulator: A toolset to make a system look as if it was the victim of an APT attack
A toolset to make a system look as if it was the victim of an APT attack - NextronSystems/APTSimulator
new_side_attack_intel_cpu_sys-admin_,up.pdf
380.2 KB
New side-channel attack to Intel CPU report
Abstract—The transient execution attack is a type of attack leveraging the vulnerability of modern CPU optimization technologies. New attacks surface rapidly. The side-channel is a key part of transient execution attacks to leak data
Abstract—The transient execution attack is a type of attack leveraging the vulnerability of modern CPU optimization technologies. New attacks surface rapidly. The side-channel is a key part of transient execution attacks to leak data
Kubernetes Goat
The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security:
— https://github.com/madhuakula/kubernetes-goat
The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security:
— https://github.com/madhuakula/kubernetes-goat
GitHub
GitHub - madhuakula/kubernetes-goat: Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes…
Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀 - madhuakula/kubernetes-goat
Attack Campaign that Uses Fake Google Chrome Error to Distribute Malware from Compromised Websites
Research:
— https://insight-jp.nttsecurity.com/post/102icvb/attack-campaign-that-uses-fake-google-chrome-error-to-distribute-malware-from-com
Research:
— https://insight-jp.nttsecurity.com/post/102icvb/attack-campaign-that-uses-fake-google-chrome-error-to-distribute-malware-from-com
GC2 (Google Command and Control) is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrates data using Google Drive:
— https://github.com/looCiprian/GC2-sheet
— https://github.com/looCiprian/GC2-sheet
GitHub
GitHub - looCiprian/GC2-sheet: GC2 is a Command and Control application that allows an attacker to execute commands on the target…
GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet or Microsoft SharePoint List and exfiltrate files using Google Drive or...
Linkedin - Can delete other user's post and company page post
disclosed report:
— https://hackerone.com/reports/337755
disclosed report:
— https://hackerone.com/reports/337755
HackerOne
LinkedIn disclosed on HackerOne: Can delete other user's post and...
Missing proper access control on the vulnerable request allows an attacker to delete other user's post and company page post.
Тезисно о том, как можно получить Open Source - All Product Pack лицензию от JetBrains
Все просто - делай вклад в этот мир и тебе воздастся ;)
— https://youtu.be/9DMnXS0ifAA
Все просто - делай вклад в этот мир и тебе воздастся ;)
— https://youtu.be/9DMnXS0ifAA
YouTube
Тезисно о том, как можно получить Open Source - All Product Pack лицензию от JetBrains
Я получаю вторую подряд Open Source - All Product Pack лицензию от JetBrains, удобные IDE на все случае программерской жизни.
* https://www.jetbrains.com/community/opensource/#support
Мои проекты:
* https://github.com/m0zgen/cactusd
* https://github.co…
* https://www.jetbrains.com/community/opensource/#support
Мои проекты:
* https://github.com/m0zgen/cactusd
* https://github.co…
Vimeo SSRF with code execution potential
— https://infosecwriteups.com/vimeo-ssrf-with-code-execution-potential-68c774ba7c1e
— https://infosecwriteups.com/vimeo-ssrf-with-code-execution-potential-68c774ba7c1e
Medium
Vimeo SSRF with code execution potential.
Recently i discovered a semi responded SSRF on Vimeo with code execution possibility. This blog post explains how i found & exploited it…
Postgres Guru | Базы данных - Админ PostgreSQL ведет свой канал
Записывает заметки, разные SQL полезности из личной практики:
-- https://news.1rj.ru/str/pg_guru
Записывает заметки, разные SQL полезности из личной практики:
-- https://news.1rj.ru/str/pg_guru
Telegram
Postgres Guru | Базы данных 💐
Все о самой популярной СУБД PostgreSQL: технические статьи, новости и немного юмора.
Сотрудничество: @Sferg007
Ссылка для друзей: https://news.1rj.ru/str/+NRjYf8gGR3RmYmMy
Сайт: https://ibtorg.ru
Postgres Guru в VK https://vk.com/pg_guru
Сотрудничество: @Sferg007
Ссылка для друзей: https://news.1rj.ru/str/+NRjYf8gGR3RmYmMy
Сайт: https://ibtorg.ru
Postgres Guru в VK https://vk.com/pg_guru
System_Design_ByteByteGo_PDF.pdf
37.8 MB
Big Collection for System Designers…
🔸 What are database isolation levels
🔸 What is IaaS/PaaS/SaaS
🔸 What is SSO (Single Sign-On)
🔸 How to store passwords safely in the database
🔸 How does HTTPS work
🔸 ..and more and more….
🔸 What are database isolation levels
🔸 What is IaaS/PaaS/SaaS
🔸 What is SSO (Single Sign-On)
🔸 How to store passwords safely in the database
🔸 How does HTTPS work
🔸 ..and more and more….