Lohith Gowda Mblog.lohigowda.in·Apr 18, 2024Securing the Cloud: From S3 Credentials to RDS Database AccessI recently went on a bit of adventure with an application used for webinar and 1:1 meetings. It's a start-up based in Bangalore, and guess what? It ended with me accessing the RDS database! Let me take you through how it all happened. Discovering the...Discuss·5 likes·247 readsbugbounty
Sai Keerthan Kasulakeerthankasula.hashnode.dev·Apr 11, 2024Part 1 : Cryptography and it's types, Explained!Have you ever wondered how data is securely transferred from one entity to another and what developers actually do to ensure that the transmitted data is secure? How cryptography is involved in dealing with application or information security? Well, ...Discusssecure communication
Ben-Hur Santos OttforGuia de AppSec :: Blogblog.guiadeappsec.com.br·Apr 10, 2024AppSec Newsletter 0029Links [artigo] Three key learnings for AppSec teams from the XZ backdoor [wiki] ../../../../hacking_methodology [artigo] Passkeys – under the hood [tutorial] Kubernetes Threat Detection with Kubescape, Prometheus, and Grafana 🎖️ [repo] A basic ...Discuss·60 readsappsec
Natanblog.triplen.tech·Mar 25, 2024HTB - OOPArtDB Writeup\x00 - TLDR; To solve this web challenge I chained the following vulnerabilities:1. Using SSRF with DNSReinding attack in order to extract info from internal API.2. Perform CSRF attack using secret token to register user to the application.3. Using ...Discuss·144 readsHTB Challengeshtb
Ben-Hur Santos OttforGuia de AppSec :: Blogblog.guiadeappsec.com.br·Mar 17, 2024AppSec Newsletter 0027Links [artigo] Opening Pandora’s box - Supply Chain Insider Threats in Open Source projects [artigo] Docker Security – Step-by-Step Hardening (Docker Hardening) (um dos guias mais completos que já vi) [ferramenta] Secret scanning AI-generated cust...Discuss·1 like·81 readsappsec
Mạnh Đình Nguyễnndmcyb.hashnode.dev·Mar 11, 2024Why should we care about SSDLC in application security?Due to its globally accessible nature, applications are becoming more popular targets for attackers to compromise an organization’s security SSDLC or Secure Software Development Lifecycle is structured to deploying secure software applications has be...Discussappsec
Kaustubh RaiforBreachForcebreachforce.net·Mar 9, 2024Streamlining Security Assessments with BChecksAll of us - security professionals - use Burp Suite every day, whether as red teamers or blue teamers. With our experience in the industry, we've encountered scenarios where we'd like to remember specific test cases for particular categories. We ofte...Discuss·10 likes·61 readsbchecks
Reza RashidiforRedTeamReciperedteamrecipe.com·Mar 8, 2024Java Applications Remote Code Execution ScenariosProcessBuilder Java code snippet contains a vulnerability that allows for Remote Code Execution (RCE) due to the lack of input validation/sanitization on the cmd parameter. Let's dive into a deep technical analysis of this vulnerability and how it ca...Discuss·533 readsJava
Thomas Staceythomas.stacey.se·Mar 5, 2024Outpost24 Blog - Cross-site scripting attacks in action and how to protect against themWrite-up In this blog post, my colleagues at Outpost24 and I walkthrough some of the wilder Cross-Site Scripting attacks we've managed to conceive recently, and highlight the importance of considering context when crafting an impactful exploit.DiscussOutpost24
Ben-Hur Santos OttforGuia de AppSec :: Blogblog.guiadeappsec.com.br·Mar 1, 2024AppSec Newsletter 0026Links [artigo] Advanced End-to-End DevSecOps Kubernetes Three-Tier Project using AWS EKS, ArgoCD, Prometheus, Grafana, and Jenkins [webinar] How to Scale a High-Performing Cybersecurity Team [tool] Announcing the General Availability of OpenZeppel...Discuss·47 readsappsec