#Tools
DVWA is too old for you? Maybe you like some Crypto labs?
Here is something you will like 🙂
https://github.com/DamnVulnerableCryptoApp/DamnVulnerableCryptoApp/
DVWA is too old for you? Maybe you like some Crypto labs?
Here is something you will like 🙂
https://github.com/DamnVulnerableCryptoApp/DamnVulnerableCryptoApp/
GitHub
GitHub - DamnVulnerableCryptoApp/DamnVulnerableCryptoApp: An app with really insecure crypto. To be used to see/test/exploit weak…
An app with really insecure crypto. To be used to see/test/exploit weak cryptographic implementations as well as to learn a little bit more about crypto, without the need to dive deep into the math...
#owasp #Tools
If you need any guidelines - sonar has a lot of examples
https://rules.sonarsource.com/python/RSPEC-2755
If you need any guidelines - sonar has a lot of examples
https://rules.sonarsource.com/python/RSPEC-2755
It's nevel too late to learn pod&network security policy.
Here are k8s guidelines:
https://github.com/cloudogu/k8s-security-demos
Here are k8s guidelines:
https://github.com/cloudogu/k8s-security-demos
GitHub
GitHub - cloudogu/k8s-security-demos: Demos for several kubernetes security features
Demos for several kubernetes security features. Contribute to cloudogu/k8s-security-demos development by creating an account on GitHub.
APT
It's nevel too late to learn pod&network security policy. Here are k8s guidelines: https://github.com/cloudogu/k8s-security-demos
PS. some additional materials to play with for those who will like this format
https://github.com/whitespots/security-for-developers
https://github.com/whitespots/security-for-developers
GitHub
GitHub - whitespots/security-for-developers: Some demo scripts for education purposes
Some demo scripts for education purposes. Contribute to whitespots/security-for-developers development by creating an account on GitHub.
#bugbounty
Few words about a private BugBounty
https://medium.com/finn-no/one-year-with-a-private-bug-bounty-program-f928a57ad026
Few words about a private BugBounty
https://medium.com/finn-no/one-year-with-a-private-bug-bounty-program-f928a57ad026
Medium
One Year With a Private Bug Bounty Program at FINN.no
Over the years, FINN.no has been doing a lot of different security assessments: from the classical one test per release to regular on-site…
NAT bypass research
https://github.com/samyk/slipstream
https://github.com/samyk/slipstream
GitHub
GitHub - samyk/slipstream: NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine…
NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall, just by anyone on the victim's network visiting ...
#tools #education A small example of breaking out from docker containers from our friends
https://github.com/Swordfish-Security/Pentest-In-Docker
https://github.com/Swordfish-Security/Pentest-In-Docker
GitHub
GitHub - Swordfish-Security/Pentest-In-Docker: Docker image to exploit RCE, try for pentest methods and test container security…
Docker image to exploit RCE, try for pentest methods and test container security solutions (trivy, falco and etc.) - GitHub - Swordfish-Security/Pentest-In-Docker: Docker image to exploit RCE, try...
#tools
A cool contribution to the open source security community.
NS takeover, admin finder, 403 bypasser and other cool stuff.
Let's retweet it!
https://twitter.com/whitespots/status/1330469521468121089?s=19
A cool contribution to the open source security community.
NS takeover, admin finder, 403 bypasser and other cool stuff.
Let's retweet it!
https://twitter.com/whitespots/status/1330469521468121089?s=19
Decrypting OpenSSH sessions for fun and profit
https://research.nccgroup.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/
https://research.nccgroup.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.