Kubernetes Goat

The Kubernetes Goat is designed to be an intentionally vulnerable cluster environment to learn and practice Kubernetes security:

— https://github.com/madhuakula/kubernetes-goat

Subdomain enumeration with Subxenum Python tool

— https://github.com/Adkali/Subxenum

Attack Campaign that Uses Fake Google Chrome Error to Distribute Malware from Compromised Websites

Research:

— https://insight-jp.nttsecurity.com/post/102icvb/attack-campaign-that-uses-fake-google-chrome-error-to-distribute-malware-from-com

GC2 (Google Command and Control) is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet and exfiltrates data using Google Drive:

— https://github.com/looCiprian/GC2-sheet

Linkedin - Can delete other user's post and company page post

disclosed report:

— https://hackerone.com/reports/337755

Тезисно о том, как можно получить Open Source - All Product Pack лицензию от JetBrains

Все просто - делай вклад в этот мир и тебе воздастся ;)

— https://youtu.be/9DMnXS0ifAA

Vimeo SSRF with code execution potential

— https://infosecwriteups.com/vimeo-ssrf-with-code-execution-potential-68c774ba7c1e

Postgres Guru | Базы данных - Админ PostgreSQL ведет свой канал

Записывает заметки, разные SQL полезности из личной практики:

-- https://news.1rj.ru/str/pg_guru

Big Collection for System Designers…

🔸 What are database isolation levels
🔸 What is IaaS/PaaS/SaaS
🔸 What is SSO (Single Sign-On)
🔸 How to store passwords safely in the database
🔸 How does HTTPS work
🔸 ..and more and more….

An Introduction into Sleep Obfuscation

The goal of this post is to break down this technique:

— https://dtsec.us/2023-04-24-Sleep/

Hiding in Plain Sight: Unlinking Malicious DLLs from the PEB

In this post, we take a look at an anti-forensics technique that malware can leverage to hide injected DLLs. We dive into specific details of the Windows Process Environment Block (PEB) and how to abuse it to hide a malicious loaded DLL:

— https://blog.christophetd.fr/dll-unlinking/

Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection

https://github.com/LordNoteworthy/al-khaser

eBPF Observability Tools Are Not Security Tools

https://www.brendangregg.com/blog/2023-04-28/ebpf-security-issues.html

Ethical Hacking in 15 Hours - 2023 Edition - Learn to Hack (Parts 1, 2)

— https://youtu.be/3FNYvj2U0HM
— https://youtu.be/sH4JCwjybGs

Python noscript as Systemd

example:
— https://docs.rockylinux.org/gemstones/systemd_service_for_python_noscript/

 
OpenBLD - Next Stage to Growth with ClouDNS

GeoDNS and Global Anycast DNS features from ClouDNS - it as a brilliant opportunity for additional OpenBLD Performance and Availability

Today ClouDNS supported OpenBLD DNS and provided own features for free:
• Anycast DNS service and Anycast GeoDNS servers
• DDoS Protection
• DNS Failover checks
• EDNS-client-subnet support
• and more...

ClouDNS providing flexible tools for managements services and very affordable pricing plans and it is I like it very much.

This can be a key milestone in the development phase of the OpenBLD project, it is a next stage for growth. I have special domain name for OpenBLD DNS project, may be it is a "that very moment"...

• All ClouDNS features you can found on ClouDNS Site
• How to protect for your self and family with OpenBLD Here

Coraza WAF Caddy Module

Go-written WAF module from fastest Caddy server:

— https://github.com/corazawaf/coraza-caddy

ReverseKit - Dynamic Reverse Engineering Toolkit

https://github.com/zer0condition/ReverseKit