GitHub

RiskInDroid: Open-source risk analysis of Android apps

Android, code analysis, Don't miss, GitHub, Hot stuff, News, open source, scanning, software /

RiskInDroid: Open-source risk analysis of Android apps 2024-03-06 at 07:30 By Mirko Zorz RiskInDroid (Risk Index for Android) is an open-source tool for quantitative risk analysis of Android applications based on machine learning techniques. How RiskInDroid works “A user should be able to quickly assess an application’s level of risk by simply glancing at RiskInDroid’s […]

React to this headline:

Loading spinner

RiskInDroid: Open-source risk analysis of Android apps Read More »

GitHub push protection now on by default for public repositories

Data leak, Don't miss, GitHub, Hot stuff, News, open source /

GitHub push protection now on by default for public repositories 2024-03-04 at 16:15 By Zeljka Zorz GitHub push protection – a security feature aimed at preventing secrets such as API keys or tokens getting accidentally leaked online – is being switched on by default for all public repositories. “This means that when a supported secret

React to this headline:

Loading spinner

GitHub push protection now on by default for public repositories Read More »

Securing software repositories leads to better OSS security

CISA, Don't miss, framework, GitHub, Hot stuff, Malware, News, open source, OpenSSF, PyPI /

Securing software repositories leads to better OSS security 2024-03-04 at 14:03 By Zeljka Zorz Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. Attackers use a number of tricks to fool developers or systems into downloading them, or they simply compromise the package developer’s

React to this headline:

Loading spinner

Securing software repositories leads to better OSS security Read More »

New infosec products of the week: March 1, 2024

Exabeam, GitHub, Legato Security, News, Spin.AI, Viavi Solutions /

New infosec products of the week: March 1, 2024 2024-03-01 at 06:02 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Legato Security, Exabeam, Spin.AI, and Viavi Solutions. Legato Security Ensemble helps organizations prevent breaches Ensemble addresses the challenges businesses face in securing their networks

React to this headline:

Loading spinner

New infosec products of the week: March 1, 2024 Read More »

BobTheSmuggler: Open-source tool for undetectable payload delivery

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software /

BobTheSmuggler: Open-source tool for undetectable payload delivery 2024-02-29 at 08:03 By Mirko Zorz BobTheSmuggler is an open-source tool designed to easily compress, encrypt, and securely transport your payload. It basically enables you to hide a payload in plain sight. BobTheSmuggler is helpful in phishing campaign assessments, data exfiltration exercises, and assumed breach scenarios. Features Hiding

React to this headline:

Loading spinner

BobTheSmuggler: Open-source tool for undetectable payload delivery Read More »

Web Check: Open-source intelligence for any website

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, OSINT, penetration testing, web analytics, web technologies /

Web Check: Open-source intelligence for any website 2024-02-26 at 08:02 By Mirko Zorz Web Check offers thorough open-source intelligence and enables users to understand a website’s infrastructure and security posture, equipping them with the knowledge to understand, optimize, and secure their online presence. Unlike similar services, Web Check is free. There’s no signup, tracking, logging,

React to this headline:

Loading spinner

Web Check: Open-source intelligence for any website Read More »

New infosec products of the week: February 23, 2024

GitHub, ManageEngine, Metomic, News, Pindrop, Truffle Security /

New infosec products of the week: February 23, 2024 2024-02-23 at 07:32 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from ManageEngine, Metomic, Pindrop, and Truffle Security. Pindrop Pulse offers protection against audio deepfakes Pindrop Pulse’s ability to detect deepfakes provides organizations and their customers

React to this headline:

Loading spinner

New infosec products of the week: February 23, 2024 Read More »

TruffleHog: Open-source solution for scanning secrets

authentication, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, scanning, software /

TruffleHog: Open-source solution for scanning secrets 2024-02-21 at 07:31 By Mirko Zorz TruffleHog is an open-source scanner that identifies and addresses exposed secrets throughout your entire technology stack. “TruffleHog was originally a research tool I independently authored in 2016. When I published it, no tools were scanning Git revision history for secrets. My hunch was

React to this headline:

Loading spinner

TruffleHog: Open-source solution for scanning secrets Read More »

CVE Prioritizer: Open-source tool to prioritize vulnerability patching

CVE, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, software /

CVE Prioritizer: Open-source tool to prioritize vulnerability patching 2024-02-19 at 08:01 By Mirko Zorz CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA’s KEV catalog to offer insights into the probability of exploitation and the potential effects of vulnerabilities on your

React to this headline:

Loading spinner

CVE Prioritizer: Open-source tool to prioritize vulnerability patching Read More »

5 free digital forensics tools to boost your investigations

computer forensics, cybersecurity, digital forensics, Don't miss, GitHub, Hot stuff, News, software /

5 free digital forensics tools to boost your investigations 2024-02-15 at 07:32 By Help Net Security Digital forensics plays a crucial role in analyzing and addressing cyberattacks, and it’s a key component of incident response. Additionally, digital forensics provides vital information for auditors, legal teams, and law enforcement agencies in the aftermath of an attack.

React to this headline:

Loading spinner

5 free digital forensics tools to boost your investigations Read More »

Fabric: Open-source framework for augmenting humans using AI

Artificial Intelligence, Don't miss, framework, generative AI, GitHub, Hot stuff, News, open source /

Fabric: Open-source framework for augmenting humans using AI 2024-02-14 at 07:31 By Mirko Zorz Fabric is an open-source framework, created to enable users to granularly apply AI to everyday challenges. Key features “I created it to enable humans to easily augment themselves with AI. I believe it’s currently too difficult for people to use AI.

React to this headline:

Loading spinner

Fabric: Open-source framework for augmenting humans using AI Read More »

SiCat: Open-source exploit finder

451 Research, Don't miss, exploit, GitHub, Hot stuff, News, open source, software /

SiCat: Open-source exploit finder 2024-02-12 at 06:31 By Mirko Zorz SiCat is an open-source tool for exploit research designed to source and compile information about exploits from open channels and internal databases. Its primary aim is to assist in cybersecurity, enabling users to search the internet for potential vulnerabilities and corresponding exploits. Akas Wisnu Aji,

React to this headline:

Loading spinner

SiCat: Open-source exploit finder Read More »

SOAPHound: Open-source tool to collect Active Directory data via ADWS

Active Directory, Don't miss, GitHub, Hot stuff, News, open source, software /

SOAPHound: Open-source tool to collect Active Directory data via ADWS 2024-02-08 at 07:02 By Mirko Zorz SOAPHound is an open-source data collection tool capable of enumerating Active Directory environments through the Active Directory Web Services (ADWS) protocol. How SOAPHound works SOAPHound is a substitute for various open-source security tools typically employed for extracting data from

React to this headline:

Loading spinner

SOAPHound: Open-source tool to collect Active Directory data via ADWS Read More »

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure

AWS, cybersecurity, database security, Don't miss, GitHub, Hot stuff, News, open source, software /

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure 2024-02-07 at 07:31 By Mirko Zorz Prowler is an open-source security tool designed to assess, audit, and enhance the security of AWS, GCP, and Azure. It’s also equipped for incident response, continuous monitoring, hardening, and forensics preparation. Details The tool includes hundreds of controls that

React to this headline:

Loading spinner

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure Read More »

Latio Application Security Tester: Use AI to scan your code

Artificial Intelligence, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, OpenAI, software /

Latio Application Security Tester: Use AI to scan your code 2024-02-05 at 08:02 By Mirko Zorz Latio Application Security Tester is an open-source tool that enables the usage of OpenAI to scan code from the CLI for security and health issues. Features and future plans James Berthoty, the creator of Latio Application Security Tester, told

React to this headline:

Loading spinner

Latio Application Security Tester: Use AI to scan your code Read More »

Researchers discover exposed API secrets, impacting major tech tokens

API security, AWS, cybersecurity, Data leak, Escape, GitHub, News, Slack, Stripe /

Researchers discover exposed API secrets, impacting major tech tokens 2024-02-05 at 07:33 By Help Net Security Escape’s security research team scanned 189.5 million URLs and found more than 18,000 exposed API secrets. 41% of exposed secrets were highly critical, i.e. could lead to financial risks for the organizations. Exposed API secrets The exposed secrets include

React to this headline:

Loading spinner

Researchers discover exposed API secrets, impacting major tech tokens Read More »

CVEMap: Open-source tool to query, browse and search CVEs

CISA, CVE, cybersecurity, Don't miss, GitHub, HackerOne, Hot stuff, News, open source, Project Discovery, software /

CVEMap: Open-source tool to query, browse and search CVEs 2024-02-01 at 07:01 By Mirko Zorz CVEMap is an open-source command-line interface (CLI) tool that allows you to explore Common Vulnerabilities and Exposures (CVEs). It’s designed to offer a streamlined and user-friendly interface for navigating vulnerability databases. Although CVEs are crucial for pinpointing and discussing security

React to this headline:

Loading spinner

CVEMap: Open-source tool to query, browse and search CVEs Read More »

Faction: Open-source pentesting report generation and collaboration framework

Don't miss, GitHub, News, open source, penetration testing, report, software /

Faction: Open-source pentesting report generation and collaboration framework 2024-01-30 at 07:31 By Mirko Zorz Faction is an open-source solution that enables pentesting report generation and assessment collaboration. Josh Summitt, the creator of Faction, has always disliked the process of writing reports, preferring to focus on uncovering bugs. A key frustration for him was the redundant

React to this headline:

Loading spinner

Faction: Open-source pentesting report generation and collaboration framework Read More »

Automated Emulation: Open-source breach and attack simulation lab

cybersecurity, Don't miss, GitHub, News, open source, software, Terraform /

Automated Emulation: Open-source breach and attack simulation lab 2024-01-25 at 07:31 By Mirko Zorz Automated Emulation is an open-source Terraform template designed to create a customizable, automated breach and attack simulation lab. The solution automatically constructs the following resources hosted on AWS: One Linux server deploying Caldera, Prelude Operator Headless, and VECTR One Windows Client

React to this headline:

Loading spinner

Automated Emulation: Open-source breach and attack simulation lab Read More »

Skytrack: Open-source aircraft reconnaissance tool

Don't miss, GitHub, News, open source, OSINT, software /

Skytrack: Open-source aircraft reconnaissance tool 2024-01-18 at 07:31 By Mirko Zorz Skytrack is an open-source command-line tool for plane spotting and aircraft OSINT reconnaissance. The tool utilizes multiple data sources to collect information on aircraft, can produce a PDF report for a specific aircraft, and offers conversion between ICAO and Tail Number designations. Suitable for

React to this headline:

Loading spinner

Skytrack: Open-source aircraft reconnaissance tool Read More »

Scroll to Top