Deploy a SOC using Kali Linux in AWS 2024-11-25 at 07:04 By Mirko Zorz The Kali SOC in AWS project enables the deployment of a Security Operations Center (SOC) in AWS, utilizing the Kali Linux toolset for purple team activities. This environment is ideal for honing skills in security operations, threat detection, incident response, and […]
React to this headline:
Deploy a SOC using Kali Linux in AWS Read More »
AxoSyslog: Open-source scalable security data processor 2024-11-21 at 08:52 By Mirko Zorz AxoSyslog is a syslog-ng fork, created and maintained by the original creator of syslog-ng, Balazs Scheidler, and his team. “We first started by making syslog-ng more cloud-ready: we packaged syslog-ng in a container, added helm charts, and made it more suitable for use
React to this headline:
AxoSyslog: Open-source scalable security data processor Read More »
GitHub Secure Open Source Fund: Project maintainers, apply now! 2024-11-20 at 15:42 By Zeljka Zorz GitHub is calling on maintainers of open source projects to apply for the newly opened Secure Open Source Fund, to get funding and knowledge to improve the security and sustainability of their software. The program is funded by companies (AmEx
React to this headline:
GitHub Secure Open Source Fund: Project maintainers, apply now! Read More »
Open-source and free Android password managers that prioritize your privacy 2024-11-19 at 06:47 By Anamarija Pogorelec We’re often told to use strong, unique passwords, especially for important accounts like email, banking, and social media. However, managing different passwords for numerous accounts can be challenging. Password managers simplify this by securely storing all your passwords so
React to this headline:
Open-source and free Android password managers that prioritize your privacy Read More »
ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps 2024-11-18 at 06:32 By Mirko Zorz ScubaGear is an open-source tool the Cybersecurity and Infrastructure Security Agency (CISA) created to automatically evaluate Microsoft 365 (M365) configurations for potential security gaps. ScubaGear analyzes an organization’s M365 tenant configuration, offering actionable insights and recommendations to help
React to this headline:
ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps Read More »
GoIssue phishing tool targets GitHub developer credentials 2024-11-13 at 15:49 By Mirko Zorz Researchers discovered GoIssue, a new phishing tool targeting GitHub users, designed to extract email addresses from public profiles and launch mass email attacks. Marketed on a cybercrime forum, GoIssue allows attackers to send bulk emails while keeping their identity hidden using proxies.
React to this headline:
GoIssue phishing tool targets GitHub developer credentials Read More »
Powerpipe: Open-source dashboards for DevOps 2024-11-12 at 07:03 By Help Net Security Powerpipe is an open-source solution designed to streamline DevOps management with powerful visualization and compliance tools, making it simple to track, assess, and act on key data for smarter decision-making and continuous compliance monitoring. Dynamic dashboards and reports Powerpipe’s high-level dashboards offer an
React to this headline:
Powerpipe: Open-source dashboards for DevOps Read More »
Am I Isolated: Open-source container security benchmark 2024-11-08 at 07:30 By Mirko Zorz Am I Isolated is an open-source container security benchmark that probes users’ runtime environments and tests for container isolation. The Rust-based container runtime scanner runs as a container, detecting gaps in users’ container runtime isolation. It also provides guidance to improve users’
React to this headline:
Am I Isolated: Open-source container security benchmark Read More »
Osmedeus: Open-source workflow engine for offensive security 2024-11-06 at 07:03 By Help Net Security Osmedeus is an open-source workflow engine designed for offensive security. It serves as a versatile foundation, enabling users to easily create customized reconnaissance systems and scale them across extensive target lists. Osmedeus key features Speed up your recon process Organize your
React to this headline:
Osmedeus: Open-source workflow engine for offensive security Read More »
Whispr: Open-source multi-vault secret injection tool 2024-11-04 at 07:03 By Mirko Zorz Whispr is an open-source CLI tool designed to securely inject secrets from secret vaults, such as AWS Secrets Manager and Azure Key Vault, directly into your application’s environment. This enhances secure local software development by seamlessly managing sensitive information. Whispr key features Safe
React to this headline:
Whispr: Open-source multi-vault secret injection tool Read More »
OpenPaX: Open-source kernel patch that mitigates memory safety errors 2024-11-01 at 07:03 By Mirko Zorz OpenPaX is an open-source kernel patch that mitigates common memory safety errors, re-hardening systems against application-level memory safety attacks using a simple Linux kernel patch. It’s available under the same GPLv2 license terms as the Linux kernel. “We are pleased
React to this headline:
OpenPaX: Open-source kernel patch that mitigates memory safety errors Read More »
Argus: Open-source information gathering toolkit 2024-10-23 at 07:33 By Help Net Security Argus is an open-source toolkit that simplifies information gathering and reconnaissance. It features a user-friendly interface and a collection of powerful modules, enabling the exploration of networks, web applications, and security configurations. Argus offers a collection of tools categorized into three main areas:
React to this headline:
Argus: Open-source information gathering toolkit Read More »
Aranya: Open-source toolkit to accelerate secure by design concepts 2024-10-21 at 06:31 By Help Net Security SpiderOak launched its core technology platform as an open-source project called Aranya. This release provides the same level of security as the company’s platform, which is already in use by the Department of Defense. The Aranya project marks a
React to this headline:
Aranya: Open-source toolkit to accelerate secure by design concepts Read More »
GitHub Releases Security Advisory on Critical Vulnerability in Self-Hosted Environments 2024-10-17 at 14:31 By daksh sharma Overview GitHub has issued a security advisory regarding critical vulnerabilities that require immediate attention from users of the GitHub Enterprise Server (GHES). This advisory highlights a specific vulnerability that could severely compromise organizations’ security relying on this self-hosted version
React to this headline:
GitHub Releases Security Advisory on Critical Vulnerability in Self-Hosted Environments Read More »
GhostStrike: Open-source tool for ethical hacking 2024-10-17 at 07:31 By Mirko Zorz GhostStrike is an open-source, advanced cybersecurity tool tailored for ethical hacking and Red Team operations. It incorporates cutting-edge techniques, including process hollowing, to stealthily evade detection on Windows systems, making it an asset for penetration testing and security assessments. “I decided to develop
React to this headline:
GhostStrike: Open-source tool for ethical hacking Read More »
YARA: Open-source tool for malware research 2024-10-09 at 08:01 By Help Net Security YARA is a powerful tool designed primarily to aid malware researchers in identifying and categorizing malware samples, though its applications are broader. The tool enables users to create detailed descriptions, or “rules,” for malware families or any other target based on textual
React to this headline:
YARA: Open-source tool for malware research Read More »
Rspamd: Open-source spam filtering system 2024-10-07 at 07:01 By Mirko Zorz Rspamd is an open-source spam filtering and email processing framework designed to evaluate messages based on a wide range of rules, including regular expressions, statistical analysis, and integrations with custom services like URL blacklists. The system analyzes each message and assigns a verdict, which
React to this headline:
Rspamd: Open-source spam filtering system Read More »
MaLDAPtive: Open-source framework for LDAP SearchFilter parsing, obfuscation, and more! 2024-10-04 at 07:01 By Help Net Security MaLDAPtive is an open-source framework for LDAP SearchFilter parsing, obfuscation, deobfuscation, and detection. At its core, the project features a custom-built C# LDAP parser designed for tokenization and syntax tree parsing. It also incorporates specialized properties to ensure
React to this headline:
MaLDAPtive: Open-source framework for LDAP SearchFilter parsing, obfuscation, and more! Read More »
SCCMSecrets: Open-source SCCM policies exploitation tool 2024-09-30 at 07:31 By Help Net Security SCCMSecrets is an open-source tool that exploits SCCM policies, offering more than just NAA credential extraction. SCCM policies are a key target for attackers in Active Directory environments, as they can expose sensitive technical information, including account credentials. Attackers may retrieve these
React to this headline:
SCCMSecrets: Open-source SCCM policies exploitation tool Read More »
Tosint: Open-source Telegram OSINT tool 2024-09-27 at 07:31 By Mirko Zorz Tosint is an open-source Telegram OSINT tool that extracts useful information from Telegram bots and channels. It’s suited for security researchers, investigators, and others who want to gather insights from Telegram sources. Several law enforcement agencies utilize Tosint to gather intelligence and monitor cybercriminal
React to this headline:
Tosint: Open-source Telegram OSINT tool Read More »