CJdevsecops101.hashnode.dev·a day agoDay 1: DevSecOps - Gitleaks in a CI pipelineWhat is Gitleaks? Gitleaks is an open-source tool that can developers can use to scan repositories for any sensitive information that can potentially be used to gain unauthorized information about This information can be secret passwords, API keys, ...DiscussDevSecOps
The CyberShield Chroniclescyberinsights.hashnode.dev·Apr 19, 202423 Vulnerabilities in Google Chrome Browser that Allows Remote Code Execution PatchedThreat Summary Google addressed 23 vulnerabilities in its Chrome browser on April 16, 2024, covering Windows, Mac, and Linux platforms. These vulnerabilities spanned various issues, from object corruption in V8 and WebAssembly to multiple use-after-f...Discussthreat intelligence
Liam Grantiamliamgrant4.hashnode.dev·Apr 18, 2024US government warns against C and C++ codeThis post is a quick overview of an Abto Software blog article. In a new report released in February 2024 by the White House, the government is urging software developers to ditch programming languages that cause buffer overflows and other memory-rel...DiscussC#
Arnab Dasdasarnab.hashnode.dev·Apr 18, 2024Comprehensive Guide to Web Security Best Practices: Preventing Common AttacksIntroduction In today's interconnected digital landscape, web security stands as a paramount concern for businesses, organizations, and individuals alike. The ever-evolving nature of cyber threats presents a constant challenge, making it imperative t...Discuss·10 likes#cybersecurity
Roger P.malwaresloth.com·Apr 17, 2024Embedding Beacon Payloads in PDF FilesWelcome to Malware Sloth's guide on embedding Cobalt Strike payloads in PDF files. This tutorial is designed for security professionals and cybersecurity enthusiasts alike, offering clear, step-by-step instructions on how to effectively incorporate b...DiscussRed TeamMalware
Panagiotis Vasilikossecuringbits.com·Apr 17, 2024Open-Source Secret Scanning ToolsImplement secret scanning in your pipelines today with the following 5 open-source tools: - Trufflehog https://github.com/trufflesecurity/trufflehog - GitLeaks https://github.com/gitleaks/gitleaks - Semgrep https://github.com/semgrep/semgrep - Talism...DiscussOpen Source
Joel O.joelodey.hashnode.dev·Apr 16, 2024Lab: Exploiting XInclude to retrieve filesLab Scenario: Our mission is to exploit XInclude through a web application's "Check stock" feature. By intercepting and manipulating a POST request, we intend to use XInclude to retrieve files from the server. Let's proceed with the solution: Interc...DiscussPortSwigger XML external entity (XXE) injectionxxe
FIKARA BILALbilaldotcom.hashnode.dev·Apr 15, 2024The gaining access phaseIntroduction The Gaining Access phase in penetration testing represents a pivotal point where ethical hackers try to penetrate a target system's defenses. This article will explore the complexities of this phase, examining the techniques, tools, and ...Discuss#cybersecurity
Ayushri Jainayushrijain.hashnode.dev·Apr 15, 2024Passphrase and keystroke dynamics authentication: Usable securityThis paper describes authentication methods, including passphrase and keystroke dynamics, addressing their usability, vulnerabilities, and the potential for continuous authentication. This blog is originally written for CSCE 689:601 and is the 22nd b...Discuss#cybersecurity
Ayushri Jainayushrijain.hashnode.dev·Apr 15, 2024Online Binary Models are Promising for Distinguishing Temporally Consistent Computer Usage ProfilesThis paper describes the challenges and solutions in continuous authentication, emphasizing the balance between security and usability. This blog is originally written for CSCE 689:601 and is the 21st blog of the series: "Machine Learning-Based Cyber...Discuss#cybersecurity