#Tools
Tracking cloud infrastructure on steroids
https://www.marcolancini.it/2020/blog-mapping-moving-clouds-with-cartography/
Tracking cloud infrastructure on steroids
https://www.marcolancini.it/2020/blog-mapping-moving-clouds-with-cartography/
#Risks E-Commerce fraud cases
Full research here:
https://appriss.com/retail/wp-content/uploads/sites/4/2018/12/AR3018_2018-Customer-Returns-in-the-Retail-Industry_Digital.pdf
Full research here:
https://appriss.com/retail/wp-content/uploads/sites/4/2018/12/AR3018_2018-Customer-Returns-in-the-Retail-Industry_Digital.pdf
#BugBounty #Tools A cool checklist from whitespots.io for Android
https://docs.whitespots.io/mobile/android-checks
https://docs.whitespots.io/mobile/android-checks
Automate your scans with scanner aggregator
https://github.com/secureCodeBox/secureCodeBox-v2
https://github.com/secureCodeBox/secureCodeBox-v2
APT
Finding CORS misconfigurations #scripts site="example.com"; gau "$site" | while read url;do target=$(curl -s -I -H "Origin: evil.com" -X GET $url) | if grep 'evil.com'; then [Potentional CORS Found]echo $url;else echo Nothing on "$url";fi;done
Without any additional installations
docker run --rm -it --name corsfinder -e VULN_ID=1 -e DOMAIN=site.com whitespots/corsfinder
#bugbounty
Interesting article about request smuggling
https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c
Interesting article about request smuggling
https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c
Bishop Fox
Research on h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext…
Upgrading HTTP/1.1 connections to lesser-known HTTP/2 over cleartext (h2c) connections can allow a bypass of edge-proxy access controls.
Simple about threats and clouds
https://notsosecure.com/security-architecture-review-of-a-cloud-native-environment/
https://notsosecure.com/security-architecture-review-of-a-cloud-native-environment/
Someone stole $15m and returned $7m to the sleeping developer. The most interesting thing was that this network was not fully developed till the end.
https://twitter.com/AndreCronjeTech/status/1310763507890225152?s=19
https://twitter.com/AndreCronjeTech/status/1310763507890225152?s=19
Twitter
Andre Cronje 👻🐸
2/x 3. These contracts, nor the ecosystem are final, yesterday alone you will notice I deployed 2 separate batches of the contracts, this is my usual "test in prod" process 4. We started releasing some of the art teasers to showcase all the different clans…
#Risks
GitLab security trends report
https://about.gitlab.com/blog/2020/10/06/gitlab-latest-security-trends/
GitLab security trends report
https://about.gitlab.com/blog/2020/10/06/gitlab-latest-security-trends/
about.gitlab.com
GitLab's security trends report – our latest look at what's most vulnerable
From triage to containers and secrets storage, we took a look at the most vulnerable areas across thousands of hosted projects on GitLab.com. Here's what you need to know.