내가 좋아할 만한 콘텐츠
I learned that the lack of proper input validation is where many of vulnerabilities start. I condensed these lessons into a 30-min course for C# developers. Free with your Pluralsight subscription 👇 pluralsight.com/courses/user-i… #csharp #security #dotnet #appsec #securecode
We just shipped automated security reviews in Claude Code. Catch vulnerabilities before they ship with two new features: - /security-review slash command for ad-hoc security reviews - GitHub Actions integration for automatic reviews on every PR
Wasting time fuzzing hardened code without hitting new vulnerabilities. Legacy black-box fuzzers stall at validation checks, missing deeper bugs. In Chapter 8 of my new book From Day Zero to Zero Day, you'll explore the advanced techniques behind coverage-guided fuzzing using…
McDonald's uses an AI bot called "Olivia" for hiring. A pair of hackers found they could access every conversation job applicants had with it—including all the personal info they shared—by exploiting security flaws as basic as using the password "123456". wired.com/story/mcdonald…
Oktajacking - Using Okta to keylog for initial access or as a sneaky form of SAMLjacking for lateral movement from a compromised SaaS app. Massive shoutout to @_xpn_ as I used his great research for this, I just applied it to different kill chain phases. pushsecurity.com/blog/oktajacki…
👔 Security Architect & Principal Security Engineer Interview Questions A consolidated list of questions pulled from Glassdoor From: Netflix, Morgan Stanley, Wiz, & more * Technical * Behavioral and Influential * Frameworks/Design/Threat Modeling github.com/tadwhitaker/Se…
Just because you're using Okta, doesn't mean you're using SSO. I wrote a blog post covering: • What is SWA and what are the risks? • Extracting SWA passwords • Bypassing password reveal restrictions • Detection and response for Okta account breaches pushsecurity.com/blog/okta-swa/…
🛠️ Building a free Burp Collaborator with Cloudflare Workers How to use Cloudflare Workers to receive out-of-band connections during your web app testing (e.g. track when blind XSS triggers) and pipe the results to Discord blog.gbrls.space/blog/building-…
After the success of our security research, we decided to invest a $120k bounty and share our story and tools with you. Now, we are releasing an Automated Scans feature on VIDOC, allowing you to easily automate your #bugbounty hunting on a large scale! blog.vidocsecurity.com/blog/2022-summ…
😈 The Offensive ML Playbook A database of offensive ML TTPs covering: * Supply chain attacks * Offensive ML techniques * Adversarial ML Examples: * Poisoning an LLM’s ground truths * How to put malware in a model and distribute it By @WHITEHACKSEC wiki.offsecml.com/Welcome+to+the…
Just discovered a full account takeover on Grammarly.com, Vidio.com and more using a new OAuth attack technique. This is the last part of the OAuth trilogy; in total, we could take over 1+ BILLION accounts! salt.security/blog/oh-auth-a… #OAuth #hacking
What are HAR files? A HAR file is a recording of your current session & includes all web traffic including secrets & tokens. Admins usually share these files with customer support when troubleshooting issues. Here's a thread on how you can handle .har files safely. 🧵⬇️
🎓 Free Cybersecurity Course from Harvard An introduction to #cybersecurity for technical and non-technical audiences Self-paced, 2-6 hours/week over 5 weeks edx.org/learn/cybersec…
Chalk is now officially open source. Total visibility of your software engineering lifecycle. Designed for platform and security teams. eu1.hubs.ly/H05xD2d0
Now Generally Available: GitHub Advanced Security for Azure DevOps is ready for you to use devblogs.microsoft.com/devops/now-gen…
🗒️ Source Code Management Platform Configuration Best Practices Guide by @OpenSSF for securing SCM platforms * Harden CI/CD pipelines against supply chain attacks * Branch protection policies and access controls/permissions * Server-level policies best.openssf.org/SCM-BestPracti…
🤖 promptfoo A tool for testing your prompts. Evaluate and compare LLM outputs, catch regressions, and improve prompt quality. github.com/promptfoo/prom…
Just stumbled upon some pretty dope talks by @naugtur ❤️ 📜 "Eval all the strings! Hardened JavaScript" youtube.com/watch?v=Qjeh7Q… and his free workshop he did @defcon on: 📜 "Defensive coding and hardened JavaScript" naugtur.pl/pres3/lava/wor… github.com/naugtur/js-tra…
youtube.com
YouTube
Eval all the strings! Hardened JavaScript - Zbyszek Tenerowicz |...
🧠 Web AppSec Interview Questions A tough set of questions by @0xTib3rius covering: * XSS * CSRF * SQL injection * Web cache deception and poisoning * Session fixation * HTTP request smuggling * DOM clobbering * HTTP parameter pollution + much more tib3rius.com/interview-ques…
United States 트렌드
- 1. James Cook 4,401 posts
- 2. Judkins 4,684 posts
- 3. Nicki Minaj 28.7K posts
- 4. #Browns 2,869 posts
- 5. Abdul Carter N/A
- 6. Theo Johnson N/A
- 7. #DawgPound 2,050 posts
- 8. #KeepPounding 1,849 posts
- 9. Mason Graham N/A
- 10. Addison 4,288 posts
- 11. Mike Evans 2,263 posts
- 12. Yoro 25K posts
- 13. Jaxson Dart 1,564 posts
- 14. #Skol 1,457 posts
- 15. Brian Burns N/A
- 16. Ewers 3,646 posts
- 17. TMac N/A
- 18. Dillon Gabriel N/A
- 19. Nailor N/A
- 20. White Sox 18.7K posts
Something went wrong.
Something went wrong.