Simplified Implementation of the Microsoft SDL.pdf
598.3 KB
Simplified Implementation of the Microsoft SDL, Updated November 4, 2010
👍4
Кто каким образом защищает sensitive information в корпоративных репозитариях (GitLab, etc) и системах контроля версий (Git, etc)?
Anonymous Poll
11%
Git crypt (тул)
10%
Git secret (плагин)
3%
Mozilla SOPS (тул)
19%
KMS (любой от free Vault до Cloud KMS)
12%
Все лежит plain text и норм :):)
38%
Я не SecOps, это не моя тема, я не в курсе
7%
Свой вариант (пиши в чат)
🤔9👍1
AllEng - Всем, кто учится
Учебные пособия и тематические ссылки для школьников, студентов и всех, занимающихся самообразованием.
Главная страница
Зеркало + Зеркало 2
Предыдущий пост с подборкой
#education #useful
Учебные пособия и тематические ссылки для школьников, студентов и всех, занимающихся самообразованием.
Главная страница
Зеркало + Зеркало 2
Предыдущий пост с подборкой
#education #useful
👍10❤3
Первыми сломались те, кто верил, что скоро все закончится.
Потом – те, кто не верил, что это когда-то закончится.
Выжили те, кто сфокусировался на своих делах, без ожиданий того, что ещё может случиться.
(с) Виктор Франкл, Австрийский психотерапевт, выживший в нацистском лагере
Топите за свои цели что бы не происходило вокруг! Ваша жизнь - ваша ответственность! Возможности всюду! Всем отличной недели!🤝
#info #great
Потом – те, кто не верил, что это когда-то закончится.
Выжили те, кто сфокусировался на своих делах, без ожиданий того, что ещё может случиться.
(с) Виктор Франкл, Австрийский психотерапевт, выживший в нацистском лагере
Топите за свои цели что бы не происходило вокруг! Ваша жизнь - ваша ответственность! Возможности всюду! Всем отличной недели!🤝
#info #great
👍16❤7
IPv6 Attacks (Active Directory)
DNS Attack or DNS Spoofing its an attack that try to spoof the DNS traffic to allows an attacker to gather very important information about the network. If IPv6 is turned on the attacker can even spoof the DNS traffic for a Domain Admin and with certain tools, create an user with exclusive privileges.
Sometimes a bad practice is to store the password in the field of "denoscription", that kind of issues allows to an attacker to break into the network in an easier way.
#pentest #windows
DNS Attack or DNS Spoofing its an attack that try to spoof the DNS traffic to allows an attacker to gather very important information about the network. If IPv6 is turned on the attacker can even spoof the DNS traffic for a Domain Admin and with certain tools, create an user with exclusive privileges.
Sometimes a bad practice is to store the password in the field of "denoscription", that kind of issues allows to an attacker to break into the network in an easier way.
#pentest #windows
🔥4👍1
Inside the Mind of a Hacker: 2023 Edition
Bugcrowd, one of the world's largest crowdsourced security platforms managing many bug bounty and vulnerability disclosure programs, analyzed 1000 survey responses from hackers on it's platform. These responses, combined with millions of proprietary data points on vulnerabilities collected across thousands of programs, were used to create this year's "Inside the Mind of a Hacker" report. Interesting stats include:
➡️ 5% of hackers are under 18, and only 10% over the age of 35
➡️ 93% of hackers are fluent in at least two languages
➡️ India and Bangladesh are the top 2 countries where hackers live
➡️ 96% are male
➡️ 77% of hackers report working in IT or cybersecurity
➡️ 75% of hackers identify non-financial factors as their main motivators
➡️ 91% of hackers expect AI to amplify the value of their work
➡️ 72% of hackers doubt AI will ever match their human creativity
Download report
#useful
Bugcrowd, one of the world's largest crowdsourced security platforms managing many bug bounty and vulnerability disclosure programs, analyzed 1000 survey responses from hackers on it's platform. These responses, combined with millions of proprietary data points on vulnerabilities collected across thousands of programs, were used to create this year's "Inside the Mind of a Hacker" report. Interesting stats include:
➡️ 5% of hackers are under 18, and only 10% over the age of 35
➡️ 93% of hackers are fluent in at least two languages
➡️ India and Bangladesh are the top 2 countries where hackers live
➡️ 96% are male
➡️ 77% of hackers report working in IT or cybersecurity
➡️ 75% of hackers identify non-financial factors as their main motivators
➡️ 91% of hackers expect AI to amplify the value of their work
➡️ 72% of hackers doubt AI will ever match their human creativity
Download report
#useful
🤔3👍1
SSH penetration test scenario
The SSH protocol, also known as Secure Shell, is a technique for secure and reliable remote login from one computer to another. It offers several options for strong authentication, as it protects the connections and communications\ security and integrity with strong encryption. It is a secure alternative to the nonprotected login protocols (such as telnet, rlogin) and insecure file transfer methods (such as FTP).
Previous post
#pentest #linux
The SSH protocol, also known as Secure Shell, is a technique for secure and reliable remote login from one computer to another. It offers several options for strong authentication, as it protects the connections and communications\ security and integrity with strong encryption. It is a secure alternative to the nonprotected login protocols (such as telnet, rlogin) and insecure file transfer methods (such as FTP).
Previous post
#pentest #linux
👍4
Malware Analysis Techniques. Tricks for the triage of adversarial software by Dylan Barker, 2021
Analyze malicious samples, write reports, and use industry-standard methodologies to confidently triage and analyze adversarial software and malware.
Malware Analysis Techniques begins with an overview of the nature of malware, the current threat landscape, and its impact on businesses. Once you've covered the basics of malware, you'll move on to discover more about the technical nature of malicious software, including static characteristics and dynamic attack methods within the MITRE ATT&CK framework. You'll also find out how to perform practical malware analysis by applying all that you've learned to attribute the malware to a specific threat and weaponize the adversary's indicators of compromise (IOCs) and methodology against them to prevent them from attacking.
#book #malware
Analyze malicious samples, write reports, and use industry-standard methodologies to confidently triage and analyze adversarial software and malware.
Malware Analysis Techniques begins with an overview of the nature of malware, the current threat landscape, and its impact on businesses. Once you've covered the basics of malware, you'll move on to discover more about the technical nature of malicious software, including static characteristics and dynamic attack methods within the MITRE ATT&CK framework. You'll also find out how to perform practical malware analysis by applying all that you've learned to attribute the malware to a specific threat and weaponize the adversary's indicators of compromise (IOCs) and methodology against them to prevent them from attacking.
#book #malware
👍8🔥1
Malware_Analysis_Techniques_Tricks_for_the_triage_of_adversarial.pdf
7.2 MB
Malware Analysis Techniques. Tricks for the triage of adversarial software by Dylan Barker, 2021
👍7🔥1
Для всех новых подписчиков w2hack и тех кто еще по каким-то причинам не знает, есть отдельный авторский канал CyberSecBastion посвященный исключительно материалам относящимся к вопросам DevSecOps, K8s security, Cloud AWS, Azure, GCP, Secure SDLC, API security and AppSec.
Весь контент представлен только на английском языке. С текущего момента разрешен репост всех материалов
Присоединиться!
Dear friends, for all new subscribers w2hack channel and those who still don't know for a some reason, exists the separate CyberSecBastion channel dedicated exclusively to materials related to DevSecOps, K8s security, Cloud AWS, Azure, GCP, Secure SDLC, API security and AppSec issues.
All content is presented in English only. And, good news, from now on, sharing and repost of all materials is allowed.
Welcome onboard!
#info
Весь контент представлен только на английском языке. С текущего момента разрешен репост всех материалов
Присоединиться!
Dear friends, for all new subscribers w2hack channel and those who still don't know for a some reason, exists the separate CyberSecBastion channel dedicated exclusively to materials related to DevSecOps, K8s security, Cloud AWS, Azure, GCP, Secure SDLC, API security and AppSec issues.
All content is presented in English only. And, good news, from now on, sharing and repost of all materials is allowed.
Welcome onboard!
#info
🔥7👍3👏1