Bug Bytes #208 – Burp gets an update, Sharefile gets a CVE and JavaScript files get analysed
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps…
Category: Mix
Five Takeaways from Ohio Secretary of State’s VDP Success Story
Recently, Ohio Secretary of State Chief Information Security Officer Jillian Burner, and HackerOne Co-founder and Head of Professional Services, Michiel Prins presented at the 46th…
Manage Your Attack Surface With Continuous Security Testing
Creating Continuous Attack Resistance In order to stay ahead of cybercriminals, businesses need to preemptively find flaws in their digital landscape that a bad actor…
Burp Suite roadmap update: July 2023 | Blog
Matt Atkinson | 17 July 2023 at 14:26 UTC Check out our roadmap for Burp Suite and find out what exciting features are coming your…
ZAP 2.13 Review ⚡️
예상보다 훨씬 빠른 시기에 ZAP 2.13이 릴리즈되었습니다. 보통 매년 가을, 겨울중에 릴리즈가 있었는데, 이번에는 여름에 릴리즈가 생겼네요. 변화된 부분이 크진 않아서 릴리즈 노트를 보면 대부분…
The Future of Generative AI and Security [2 Predictions]
Offensive AI Will Outpace Defensive AI In the short term, and possibly indefinitely, we will see offensive or malicious AI applications outpace defensive ones that…
[tl;dr sec] #190 – Securely Build on AI, CISA Pen Test repo, Joining Google’s Red Team
I hope you’ve been doing well! 🏋️ Our Gym If you’ve been wanting to improve your fitness but haven’t been sure where to start, I…
Challenges Implementing AWS Multi-Account Strategy
Implementing an AWS multi-account strategy is a popular approach that helps organizations to manage their cloud resources efficiently. In my previous post, I discussed our…
Bug Bytes #207 -IIS, LLMs and iOS
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps…
ShareFile Pre-Auth RCE (CVE-2023-24489) – Assetnote
Summary An unauthenticated attacker can upload arbitrary files leading to remote code execution. A cryptographic flaw, coupled with a path traversal vulnerability enable the attacker…
SSL Version을 체크하는 여러가지 방법들
여러가지 명령을 통해 ssl version 체크하는 방법들 간략하게 메모해둡니다. 개인적으로 주로 testssl.sh를 자주 사용했었는데, 쓰다보니 종종 다른 도구와 크로스 체크가 필요한 일이 있네요. 여러 도구들이…
[tl;dr sec] #189 – CISA on Defending CI/CD, Backdooring NPM via S3, AI + Reverse Engineering
I hope you’ve been doing well! 🎇 4th of July I spent my 4th of July, ironically, with a group of Australians, who taught me…