APT
It's nevel too late to learn pod&network security policy. Here are k8s guidelines: https://github.com/cloudogu/k8s-security-demos
PS. some additional materials to play with for those who will like this format
https://github.com/whitespots/security-for-developers
https://github.com/whitespots/security-for-developers
GitHub
GitHub - whitespots/security-for-developers: Some demo scripts for education purposes
Some demo scripts for education purposes. Contribute to whitespots/security-for-developers development by creating an account on GitHub.
#bugbounty
Few words about a private BugBounty
https://medium.com/finn-no/one-year-with-a-private-bug-bounty-program-f928a57ad026
Few words about a private BugBounty
https://medium.com/finn-no/one-year-with-a-private-bug-bounty-program-f928a57ad026
Medium
One Year With a Private Bug Bounty Program at FINN.no
Over the years, FINN.no has been doing a lot of different security assessments: from the classical one test per release to regular on-site…
NAT bypass research
https://github.com/samyk/slipstream
https://github.com/samyk/slipstream
GitHub
GitHub - samyk/slipstream: NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine…
NAT Slipstreaming allows an attacker to remotely access any TCP/UDP services bound to a victim machine, bypassing the victim’s NAT/firewall, just by anyone on the victim's network visiting ...
#tools #education A small example of breaking out from docker containers from our friends
https://github.com/Swordfish-Security/Pentest-In-Docker
https://github.com/Swordfish-Security/Pentest-In-Docker
GitHub
GitHub - Swordfish-Security/Pentest-In-Docker: Docker image to exploit RCE, try for pentest methods and test container security…
Docker image to exploit RCE, try for pentest methods and test container security solutions (trivy, falco and etc.) - GitHub - Swordfish-Security/Pentest-In-Docker: Docker image to exploit RCE, try...
#tools
A cool contribution to the open source security community.
NS takeover, admin finder, 403 bypasser and other cool stuff.
Let's retweet it!
https://twitter.com/whitespots/status/1330469521468121089?s=19
A cool contribution to the open source security community.
NS takeover, admin finder, 403 bypasser and other cool stuff.
Let's retweet it!
https://twitter.com/whitespots/status/1330469521468121089?s=19
Decrypting OpenSSH sessions for fun and profit
https://research.nccgroup.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/
https://research.nccgroup.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/
Nccgroup
Cyber Security Research
Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.
Do you have problems with security requirements related to any business feature?
Anonymous Poll
16%
No, everything is ok. I suggest improvements to each product feature without any problems
17%
Yes. I want to find a complete set of them
19%
Yes. I want classified set of requirements with references to test-cases
3%
Yes. Other
6%
I'm not from defence side at all
39%
See results
https://twitter.com/jonasLyk/status/1347900440000811010?s=19
Don't even try on your host (only FYI):
Don't even try on your host (only FYI):
cd c:\:$i30:$bitmapTwitter
Jonas L
NTFS VULNERABILITY CRITICALITY UNDERESTIMATED - There is a specially nasty vulnerability in NTFS right now. Triggerable by opening special crafted name in any folder anywhere.' The vulnerability will instant pop up complaining about yuor harddrive is corrupted…
#education It is never too late to learn android security assessment basics
https://manifestsecurity.com/android-application-security/
https://manifestsecurity.com/android-application-security/