APT
Finding CORS misconfigurations #scripts site="example.com"; gau "$site" | while read url;do target=$(curl -s -I -H "Origin: evil.com" -X GET $url) | if grep 'evil.com'; then [Potentional CORS Found]echo $url;else echo Nothing on "$url";fi;done
Without any additional installations
docker run --rm -it --name corsfinder -e VULN_ID=1 -e DOMAIN=site.com whitespots/corsfinder
#bugbounty
Interesting article about request smuggling
https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c
Interesting article about request smuggling
https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c
Bishop Fox
Research on h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext…
Upgrading HTTP/1.1 connections to lesser-known HTTP/2 over cleartext (h2c) connections can allow a bypass of edge-proxy access controls.
Simple about threats and clouds
https://notsosecure.com/security-architecture-review-of-a-cloud-native-environment/
https://notsosecure.com/security-architecture-review-of-a-cloud-native-environment/
Someone stole $15m and returned $7m to the sleeping developer. The most interesting thing was that this network was not fully developed till the end.
https://twitter.com/AndreCronjeTech/status/1310763507890225152?s=19
https://twitter.com/AndreCronjeTech/status/1310763507890225152?s=19
Twitter
Andre Cronje 👻🐸
2/x 3. These contracts, nor the ecosystem are final, yesterday alone you will notice I deployed 2 separate batches of the contracts, this is my usual "test in prod" process 4. We started releasing some of the art teasers to showcase all the different clans…
#Risks
GitLab security trends report
https://about.gitlab.com/blog/2020/10/06/gitlab-latest-security-trends/
GitLab security trends report
https://about.gitlab.com/blog/2020/10/06/gitlab-latest-security-trends/
about.gitlab.com
GitLab's security trends report – our latest look at what's most vulnerable
From triage to containers and secrets storage, we took a look at the most vulnerable areas across thousands of hosted projects on GitLab.com. Here's what you need to know.
#Tools
DVWA is too old for you? Maybe you like some Crypto labs?
Here is something you will like 🙂
https://github.com/DamnVulnerableCryptoApp/DamnVulnerableCryptoApp/
DVWA is too old for you? Maybe you like some Crypto labs?
Here is something you will like 🙂
https://github.com/DamnVulnerableCryptoApp/DamnVulnerableCryptoApp/
GitHub
GitHub - DamnVulnerableCryptoApp/DamnVulnerableCryptoApp: An app with really insecure crypto. To be used to see/test/exploit weak…
An app with really insecure crypto. To be used to see/test/exploit weak cryptographic implementations as well as to learn a little bit more about crypto, without the need to dive deep into the math...
#owasp #Tools
If you need any guidelines - sonar has a lot of examples
https://rules.sonarsource.com/python/RSPEC-2755
If you need any guidelines - sonar has a lot of examples
https://rules.sonarsource.com/python/RSPEC-2755
It's nevel too late to learn pod&network security policy.
Here are k8s guidelines:
https://github.com/cloudogu/k8s-security-demos
Here are k8s guidelines:
https://github.com/cloudogu/k8s-security-demos
GitHub
GitHub - cloudogu/k8s-security-demos: Demos for several kubernetes security features
Demos for several kubernetes security features. Contribute to cloudogu/k8s-security-demos development by creating an account on GitHub.
APT
It's nevel too late to learn pod&network security policy. Here are k8s guidelines: https://github.com/cloudogu/k8s-security-demos
PS. some additional materials to play with for those who will like this format
https://github.com/whitespots/security-for-developers
https://github.com/whitespots/security-for-developers
GitHub
GitHub - whitespots/security-for-developers: Some demo scripts for education purposes
Some demo scripts for education purposes. Contribute to whitespots/security-for-developers development by creating an account on GitHub.
#bugbounty
Few words about a private BugBounty
https://medium.com/finn-no/one-year-with-a-private-bug-bounty-program-f928a57ad026
Few words about a private BugBounty
https://medium.com/finn-no/one-year-with-a-private-bug-bounty-program-f928a57ad026
Medium
One Year With a Private Bug Bounty Program at FINN.no
Over the years, FINN.no has been doing a lot of different security assessments: from the classical one test per release to regular on-site…
NAT bypass research
https://github.com/samyk/slipstream
https://github.com/samyk/slipstream
GitHub
GitHub - samyk/slipstream: NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine…
NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall, just by anyone on the victim's network visiting ...
#tools #education A small example of breaking out from docker containers from our friends
https://github.com/Swordfish-Security/Pentest-In-Docker
https://github.com/Swordfish-Security/Pentest-In-Docker
GitHub
GitHub - Swordfish-Security/Pentest-In-Docker: Docker image to exploit RCE, try for pentest methods and test container security…
Docker image to exploit RCE, try for pentest methods and test container security solutions (trivy, falco and etc.) - GitHub - Swordfish-Security/Pentest-In-Docker: Docker image to exploit RCE, try...