Category: Mix
Implementing an AWS multi-account strategy is a popular approach that helps organizations to manage their cloud resources efficiently. In my…
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by…
Summary An unauthenticated attacker can upload arbitrary files leading to remote code execution. A cryptographic flaw, coupled with a path…
여러가지 명령을 통해 ssl version 체크하는 방법들 간략하게 메모해둡니다. 개인적으로 주로 testssl.sh를 자주 사용했었는데, 쓰다보니 종종 다른 도구와 크로스 체크가…
![[tl;dr sec] #189 - CISA on Defending CI/CD, Backdooring NPM via S3, AI + Reverse Engineering](https://image.cybernoz.com/wp-content/uploads/2023/07/tldr-sec-189-CISA-on-Defending-CICD-Backdooring-NPM-360x270.jpg "[tl;dr sec] #189 – CISA on Defending CI/CD, Backdooring NPM via S3, AI + Reverse Engineering")
I hope you’ve been doing well! 🎇 4th of July I spent my 4th of July, ironically, with a group…
In our web event “Getting Vulnerable”, we brought together program managers Jill Moné-Corallo from GitHub, Garrett McNamara from ServiceNow, and…
View vulnerabilities on each asset across your attack surface The attack surface is where you can understand what you have…
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by…
Note: this post currently just has content on AI + reverse engineering, but check back soon and I’ll be covering…
Izar describes the attributes required by threat modelling approaches in order to succeed in Agile dev environments, how to build…
Mukul Khullar, Staff Security Engineer, LinkedIn twitter, linkedinabstract slides video Mukul recommends a three step defense-in-depth process for mitigating these risks. 1….
An overview of functions-as-a-service (FaaS) and GraphQL, relevant security considerations and attacks, and a number of demos. What is Functions-as-a-Service…