Modern Test-Driven Development in Python
Testing production grade code is hard. Sometimes it can take nearly all of your time during feature development. What's more, even when you have 100% coverage and tests are green, you still may not feel confident that the new feature will work properly in production:
— https://testdriven.io/blog/modern-tdd/
Testing production grade code is hard. Sometimes it can take nearly all of your time during feature development. What's more, even when you have 100% coverage and tests are green, you still may not feel confident that the new feature will work properly in production:
— https://testdriven.io/blog/modern-tdd/
testdriven.io
Modern Test-Driven Development in Python
This guide looks at how to test Python code with pytest, pydantic, and JSON Schema using Test-Driven Development.
A Python Shell with XOR Algorithm – Bypass Windows Defender & AV’s
Written at 9 Jan’23:
— https://mrvar0x.com/2023/01/09/a-python-shell-with-xor-algorithm-bypass-windows-defender-amp-avs/
Written at 9 Jan’23:
— https://mrvar0x.com/2023/01/09/a-python-shell-with-xor-algorithm-bypass-windows-defender-amp-avs/
AndoryuBot – New Botnet Campaign Targets Ruckus Wireless Admin Remote Code Execution Vulnerability (CVE-2023-25717)
https://www.fortinet.com/blog/threat-research/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717
https://www.fortinet.com/blog/threat-research/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717
Fortinet Blog
AndoryuBot – New Botnet Campaign Targets Ruckus Wireless Admin Remote Code Execution Vulnerability (CVE-2023-25717)
FortiGuard Labs details how a unique botnet leverages a Ruckus vulnerability and examines its behavior once inside an infected device. Learn more.…
PostgreSQL Python
step-by-step guide how to work with the PostgreSQL database using the Python programming language..:
— https://www.postgresqltutorial.com/postgresql-python/
step-by-step guide how to work with the PostgreSQL database using the Python programming language..:
— https://www.postgresqltutorial.com/postgresql-python/
Neon
PostgreSQL Python
This PostgreSQL Python section shows how to work with PostgreSQL from Python programming language using the psycopg2 database driver.
Concealed code execution: Techniques and detection
The techniques for concealing code execution became the favorite tool in Advanced Persistent Threat actor's arsenal because of the remarkable stealth benefits they can provide against conventional security mechanisms. Understanding how these techniques operate under the hood and having access to open-source proof-of-concept implementations that reproduce the corresponding behavior greatly helps with detection engineering and aids in incident response investigations
— https://www.huntandhackett.com/blog/concealed-code-execution-techniques-and-detection
The techniques for concealing code execution became the favorite tool in Advanced Persistent Threat actor's arsenal because of the remarkable stealth benefits they can provide against conventional security mechanisms. Understanding how these techniques operate under the hood and having access to open-source proof-of-concept implementations that reproduce the corresponding behavior greatly helps with detection engineering and aids in incident response investigations
— https://www.huntandhackett.com/blog/concealed-code-execution-techniques-and-detection
Huntandhackett
Concealed code execution: Techniques and detection
After months of dedicated research we cover a wide range of concealed code execution techniques and investigate their mechanisms and how to detect them.
Windows Secret Extraction Summary
As such, the following type of secrets can be retrieved:
— Secrets in LSASS process.
— Secrets in registry such as LSA secrets.
— DPAPI secrets.
This article will describe each of them..:
— https://www.synacktiv.com/publications/windows-secrets-extraction-a-summary
As such, the following type of secrets can be retrieved:
— Secrets in LSASS process.
— Secrets in registry such as LSA secrets.
— DPAPI secrets.
This article will describe each of them..:
— https://www.synacktiv.com/publications/windows-secrets-extraction-a-summary
Synacktiv
Windows secrets extraction: a summary
PhoneSploit Pro
PhoneSploit with Metasploit Integration
https://github.com/AzeemIdrisi/PhoneSploit-Pro
PhoneSploit with Metasploit Integration
https://github.com/AzeemIdrisi/PhoneSploit-Pro
An evolving how-to guide for securing a Linux server
https://github.com/imthenachoman/How-To-Secure-A-Linux-Server?s=09
https://github.com/imthenachoman/How-To-Secure-A-Linux-Server?s=09
GitHub
GitHub - imthenachoman/How-To-Secure-A-Linux-Server: An evolving how-to guide for securing a Linux server.
An evolving how-to guide for securing a Linux server. - imthenachoman/How-To-Secure-A-Linux-Server
Forwarded from Sys-Admin InfoSec
Как растет и кто помогает расти OpenBLD.net (Q2 2023)
В экосистеме OpenBLD произошел эволюционный всплеск, теперь это:
— Anycast/GeoDNS, DNSSEC, DNS-over-HTTPS, DNS-over-TLS, DNS
Благодаря этому появились два новых сервиса - Adaptive (ADA), Strict (RIC) которые заменят A-BLD, BLD (в чем отличие)
Настало время тестирования, я тестирую уже более двух недель и это пушка, кто использует OpenBLD пробуй заменить:
🔸 DoH: https://a-bld.sys-adm.in/dns-query на https://ada.openbld.net/dns-query
🔸 DoT: a-bld.sys-adm.in на ada.openbld.net
🔹 DoH: https://bld.sys-adm.in/dns-query на https://ric.openbld.net/dns-query
🔹 DoT: bld.sys-adm.in на ric.openbld.net
В течении недели, мб двух A-BLD будет полностью смерджен с ADA и перестанет существовать как таковой. Один сервер (109.234.39.72) будет заменен другим (46.151.29.15) более шустрым. Начинай тестирование уже сейчас.
Этого не было бы без поддержки. В этом году OpenBLD проект поддержали:
— Сервисно: ClouDNS, Gcore, JetBrains, UptimeRobot
— Информационо: AST Cyber Lab, Core24/7, qCloudy
— Отдельное спасибо Казахстанским хостерам: Unihost.kz, GOhost.kz 🤜️️️️️️🤛️️️️️️
Ты тоже можешь сделать свой вклад в открытый сервис по фильтрации вредоносного контента, пиши @sysadminkz
Всем Peace ✌️
В экосистеме OpenBLD произошел эволюционный всплеск, теперь это:
— Anycast/GeoDNS, DNSSEC, DNS-over-HTTPS, DNS-over-TLS, DNS
Благодаря этому появились два новых сервиса - Adaptive (ADA), Strict (RIC) которые заменят A-BLD, BLD (в чем отличие)
Настало время тестирования, я тестирую уже более двух недель и это пушка, кто использует OpenBLD пробуй заменить:
🔸 DoH: https://a-bld.sys-adm.in/dns-query на https://ada.openbld.net/dns-query
🔸 DoT: a-bld.sys-adm.in на ada.openbld.net
🔹 DoH: https://bld.sys-adm.in/dns-query на https://ric.openbld.net/dns-query
🔹 DoT: bld.sys-adm.in на ric.openbld.net
В течении недели, мб двух A-BLD будет полностью смерджен с ADA и перестанет существовать как таковой. Один сервер (109.234.39.72) будет заменен другим (46.151.29.15) более шустрым. Начинай тестирование уже сейчас.
Этого не было бы без поддержки. В этом году OpenBLD проект поддержали:
— Сервисно: ClouDNS, Gcore, JetBrains, UptimeRobot
— Информационо: AST Cyber Lab, Core24/7, qCloudy
— Отдельное спасибо Казахстанским хостерам: Unihost.kz, GOhost.kz 🤜️️️️️️🤛️️️️️️
Ты тоже можешь сделать свой вклад в открытый сервис по фильтрации вредоносного контента, пиши @sysadminkz
Всем Peace ✌️
Sys-Admin Up pinned «Как растет и кто помогает расти OpenBLD.net (Q2 2023) В экосистеме OpenBLD произошел эволюционный всплеск, теперь это: — Anycast/GeoDNS, DNSSEC, DNS-over-HTTPS, DNS-over-TLS, DNS Благодаря этому появились два новых сервиса - Adaptive (ADA), Strict (RIC)…»
This media is not supported in your browser
VIEW IN TELEGRAM
What is ARP Spoofing
ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network.
ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network.
DevSecOps Fundamentals from Department of Defence
https://dodcio.defense.gov/Portals/0/Documents/Library/DevSecOpsTools-ActivitiesGuidebook.pdf
https://dodcio.defense.gov/Portals/0/Documents/Library/DevSecOpsTools-ActivitiesGuidebook.pdf
Your phone is not your phone: a dive into SMS PVA fraud
https://www.first.org/resources/papers/conf2022/FIRSTCON22-Yourphoneisnotyourphone_pub.pdf
https://www.first.org/resources/papers/conf2022/FIRSTCON22-Yourphoneisnotyourphone_pub.pdf