Challenges Implementing AWS Multi-Account Strategy
Implementing an AWS multi-account strategy is a popular approach that helps organizations to manage their cloud resources efficiently. In my...
Read more →Category: Mix
Bug Bytes #207 -IIS, LLMs and iOS
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by...
Read more →
ShareFile Pre-Auth RCE (CVE-2023-24489) – Assetnote
Summary An unauthenticated attacker can upload arbitrary files leading to remote code execution. A cryptographic flaw, coupled with a path...
Read more →
SSL Version을 체크하는 여러가지 방법들
여러가지 명령을 통해 ssl version 체크하는 방법들 간략하게 메모해둡니다. 개인적으로 주로 testssl.sh를 자주 사용했었는데, 쓰다보니 종종 다른 도구와 크로스 체크가...
Read more →![[tl;dr sec] #189 - CISA on Defending CI/CD, Backdooring NPM via S3, AI + Reverse Engineering](https://cybernoz.com/wp-content/uploads/2023/07/tldr-sec-189-CISA-on-Defending-CICD-Backdooring-NPM.jpg "[tl;dr sec] #189 - CISA on Defending CI/CD, Backdooring NPM via S3, AI + Reverse Engineering 7")
[tl;dr sec] #189 – CISA on Defending CI/CD, Backdooring NPM via S3, AI + Reverse Engineering
I hope you’ve been doing well! 🎇 4th of July I spent my 4th of July, ironically, with a group...
Read more →
Takeaways from a Conversation Between Hackers and Program Managers
In our web event “Getting Vulnerable”, we brought together program managers Jill Moné-Corallo from GitHub, Garrett McNamara from ServiceNow, and...
Read more →
View vulnerabilities on Attack Surface page
View vulnerabilities on each asset across your attack surface The attack surface is where you can understand what you have...
Read more →
Bug Bytes #206 – Citrix more like Crit-trix amiright?
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by...
Read more →
AI and Machine Learning in Cybersecurity
Note: this post currently just has content on AI + reverse engineering, but check back soon and I’ll be covering...
Read more →
Practical Continuous Threat Modeling Work for Your Team
Izar describes the attributes required by threat modelling approaches in order to succeed in Agile dev environments, how to build...
Read more →
Behind the Scenes: Securing In-House Execution of Unsafe Third-Party Executables
Mukul Khullar, Staff Security Engineer, LinkedIn twitter, linkedinabstract slides video Mukul recommends a three step defense-in-depth process for mitigating these risks. 1....
Read more →
An Attacker’s View of Serverless and GraphQL Apps
An overview of functions-as-a-service (FaaS) and GraphQL, relevant security considerations and attacks, and a number of demos. What is Functions-as-a-Service...
Read more →