GitHub

Open-source AV/EDR bypassing lab for training and learning

cybersecurity, GitHub, News, open source, research, skill development, software /

Open-source AV/EDR bypassing lab for training and learning 22/11/2023 at 07:31 By Mirko Zorz Best EDR Of The Market is a user-mode endpoint detection and response (EDR) project designed to serve as a testing ground for understanding and bypassing EDR’s user-mode detection methods. These techniques are mainly based on a dynamic analysis of the target […]

React to this headline:

Loading spinner

Open-source AV/EDR bypassing lab for training and learning Read More »

PolarDNS: Open-source DNS server tailored for security evaluations

cybersecurity, DNS, Don't miss, GitHub, News, open source, Oryxlabs, software /

PolarDNS: Open-source DNS server tailored for security evaluations 21/11/2023 at 08:36 By Mirko Zorz PolarDNS is a specialized authoritative DNS server that allows the operator to produce custom DNS responses suitable for DNS protocol testing purposes. What can you do with PolarDNS? PolarDNS can be used for testing of: DNS resolvers (server-side) DNS clients DNS

React to this headline:

Loading spinner

PolarDNS: Open-source DNS server tailored for security evaluations Read More »

HARmor: Open-source tool for sanitizing and securing HAR files

Don't miss, Frontegg, GitHub, News, open source, software /

HARmor: Open-source tool for sanitizing and securing HAR files 15/11/2023 at 10:04 By Mirko Zorz HARmor is an open-source tool that sanitizes HTTP Archive files. Easy to install and run, it enables the safe handling and sharing of HAR files. What are HAR files? HAR files are critical for support teams working to debug and

React to this headline:

Loading spinner

HARmor: Open-source tool for sanitizing and securing HAR files Read More »

10 corporate cybersecurity blogs worth your time

Akamai, AT&T Cybersecurity, AWS, Cloudflare, cybersecurity, Don't miss, Dropbox, ESET, GitHub, Google Cloud, Hot stuff, IBM, Intel, Mandiant, News, Sophos /

10 corporate cybersecurity blogs worth your time 14/11/2023 at 09:02 By Help Net Security In this article, we’ve curated a list of insightful corporate cybersecurity blogs that provide analysis and actionable advice to help you keep your company’s digital assets secure. This list is not meant to be exhaustive since thousands of companies have infosec

React to this headline:

Loading spinner

10 corporate cybersecurity blogs worth your time Read More »

k0smotron: Open-source Kubernetes cluster management

Aurigo Software Technologies, cybersecurity, GitHub, Kubernetes, Mirantis, News /

k0smotron: Open-source Kubernetes cluster management 14/11/2023 at 07:32 By Help Net Security Open-source solution k0smotron is enterprise-ready for production-grade Kubernetes cluster management with two support options. Kubernetes cluster management Management and worker planes do not have to run on the same infrastructure provider, making k0smotron ideal for consolidating Kubernetes control planes for edge, hybrid, and

React to this headline:

Loading spinner

k0smotron: Open-source Kubernetes cluster management Read More »

Aqua Trivy open-source security scanner now finds Kubernetes security risks

Aqua Security, cybersecurity, Don't miss, GitHub, Kubernetes, News, scanning, software /

Aqua Trivy open-source security scanner now finds Kubernetes security risks 08/11/2023 at 08:31 By Mirko Zorz The Aqua Trivy open-source scanner now supports vulnerability scanning for Kubernetes components and Kubernetes Bill of Materials (KBOM) generation. Now, companies can better understand the components within their Kubernetes environment and how secure they are to reduce risk. “Aqua

React to this headline:

Loading spinner

Aqua Trivy open-source security scanner now finds Kubernetes security risks Read More »

Kubescape 3.0 elevates open-source Kubernetes security

ARMO, GitHub, Kubernetes, News, open source, software /

Kubescape 3.0 elevates open-source Kubernetes security 07/11/2023 at 08:32 By Help Net Security Targeted at the DevSecOps practitioner or platform engineer, Kubescape, the open-source Kubernetes security platform has reached version 3.0. Vulnerability scan results Kubescape 3.0 features Kubescape 3.0 adds new features that make it easier for organizations to secure their Kubernetes clusters, including: Compliance

React to this headline:

Loading spinner

Kubescape 3.0 elevates open-source Kubernetes security Read More »

New Open-Source ‘Trap Stealer’ Pilfers Data in just 6 Seconds

Discord, GitHub, Stealer, Threat Actors, Threat Intelligence, Trap Stealer /

New Open-Source ‘Trap Stealer’ Pilfers Data in just 6 Seconds 06/11/2023 at 15:33 By cybleinc Cyble Research and Intelliegence Labs analyzes Trap Stealer, an open source stealer that can rapidly pilfer sensitive data. The post New Open-Source ‘Trap Stealer’ Pilfers Data in just 6 Seconds appeared first on Cyble. This article is an excerpt from

React to this headline:

Loading spinner

New Open-Source ‘Trap Stealer’ Pilfers Data in just 6 Seconds Read More »

Logging Made Easy: Free log management solution from CISA

CISA, Don't miss, GitHub, Hot stuff, log management, logging, NCSC, News, open source, software, Windows /

Logging Made Easy: Free log management solution from CISA 30/10/2023 at 13:17 By Help Net Security CISA launched a new version of Logging Made Easy (LME), a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. CISA’s version reimagines technology developed by the United Kingdom’s National Cyber Security Centre

React to this headline:

Loading spinner

Logging Made Easy: Free log management solution from CISA Read More »

Raven: Open-source CI/CD pipeline security scanner

cybersecurity, Cycode, Don't miss, GitHub, News, open source, scanning /

Raven: Open-source CI/CD pipeline security scanner 27/10/2023 at 08:32 By Help Net Security Raven (Risk Analysis and Vulnerability Enumeration for CI/CD) is an open-source CI/CD pipeline security scanner that makes hidden risks visible by connecting the dots across vulnerabilities woven throughout the pipeline that, when viewed collectively, reveal a much greater risk than when assessed

React to this headline:

Loading spinner

Raven: Open-source CI/CD pipeline security scanner Read More »

GOAD: Vulnerable Active Directory environment for practicing attack techniques

Active Directory, cybersecurity, GitHub, Hot stuff, News, open source, penetration testing /

GOAD: Vulnerable Active Directory environment for practicing attack techniques 26/10/2023 at 07:01 By Mirko Zorz Game of Active Directory (GOAD) is a free pentesting lab. It provides a vulnerable Active Directory environment for pen testers to practice common attack methods. GOAD-Light: 3 vms, 1 forest, 2 domains “When the Zerologon vulnerability surfaced, it highlighted our

React to this headline:

Loading spinner

GOAD: Vulnerable Active Directory environment for practicing attack techniques Read More »

Wazuh: Free and open-source XDR and SIEM

Elastic, GitHub, News, open source, SIEM, software, XDR /

Wazuh: Free and open-source XDR and SIEM 24/10/2023 at 07:00 By Help Net Security Wazuh is an open-source platform designed for threat detection, prevention, and response. It can safeguard workloads in on-premises, virtual, container, and cloud settings. Wazuh system comprises an endpoint security agent installed on monitored systems and a management server that processes and

React to this headline:

Loading spinner

Wazuh: Free and open-source XDR and SIEM Read More »

ELITEWOLF: NSA’s repository of signatures and analytics to secure OT

cybersecurity, GitHub, Government, ICS/SCADA, News, NSA /

ELITEWOLF: NSA’s repository of signatures and analytics to secure OT 17/10/2023 at 05:02 By Help Net Security Cyber entities continue to show a persistent interest in targeting critical infrastructure by taking advantage of vulnerable OT assets. To counter this threat, NSA has released a repository for OT Intrusion Detection Signatures and Analytics to the NSA

React to this headline:

Loading spinner

ELITEWOLF: NSA’s repository of signatures and analytics to secure OT Read More »

DIY attack surface management: Simple, cost-effective and actionable perimeter insights

Cloud, cybersecurity, DNS, Don't miss, Expert analysis, Expert corner, exploit, GitHub, Hot stuff, misconfiguration, News, open source, opinion, SaaS, vulnerability, web application, WithSecure /

DIY attack surface management: Simple, cost-effective and actionable perimeter insights 16/10/2023 at 11:46 By Help Net Security Modern-day attack surface management (ASM) can be an intimidating task for most organizations, with assets constantly changing due to new deployments, assets being decommissioned, and ongoing migrations to cloud providers. Assets can be created and forgotten about, only

React to this headline:

Loading spinner

DIY attack surface management: Simple, cost-effective and actionable perimeter insights Read More »

Yeti: Open, distributed, threat intelligence repository

Don't miss, GitHub, Hot stuff, News, open source, Threat Intelligence /

Yeti: Open, distributed, threat intelligence repository 12/10/2023 at 07:01 By Help Net Security Yeti serves as a unified platform to consolidate observables, indicators of compromise, TTPs, and threat-related knowledge. It enhances observables automatically, such as domain resolution and IP geolocation, saving you the effort. With its user-friendly interface built on Bootstrap and a machine-friendly web

React to this headline:

Loading spinner

Yeti: Open, distributed, threat intelligence repository Read More »

GNOME users at risk of RCE attack (CVE-2023-43641)

Debian, Don't miss, Fedora, GitHub, Hot stuff, Linux, News, open source, Red Hat, SUSE, Ubuntu, vulnerability, vulnerability disclosure /

GNOME users at risk of RCE attack (CVE-2023-43641) 10/10/2023 at 14:32 By Zeljka Zorz If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption vulnerability (CVE-2023-43641) in the libcue library. About CVE-2023-43641 Discovered by GitHub security researcher Kevin Backhouse,

React to this headline:

Loading spinner

GNOME users at risk of RCE attack (CVE-2023-43641) Read More »

Chalk: Open-source software security and infrastructure visibility tool

Crash Override, cybersecurity, Don't miss, GitHub, News, software, software development /

Chalk: Open-source software security and infrastructure visibility tool 03/10/2023 at 06:32 By Mirko Zorz Chalk is a free, open-source tool that helps improve software security. You add a single line to your build script, and it will automatically collect and inject metadata into every build artifact: source code, binaries, and containers. Gaining visibility Chalk enables

React to this headline:

Loading spinner

Chalk: Open-source software security and infrastructure visibility tool Read More »

Securing GitHub Actions for a safer DevOps pipeline

CISA, Cloud, cloud security, credentials, cybersecurity, DevOps, Don't miss, Features, GitHub, Hot stuff, Kubernetes, monitoring, News, NSA, open source, opinion, StepSecurity /

Securing GitHub Actions for a safer DevOps pipeline 02/10/2023 at 07:32 By Mirko Zorz GitHub Actions provides a platform for continuous integration and continuous delivery (CI/CD), enabling your build, test, and deployment process automation. It allows you to establish workflows that build and test each pull request in your repository and deploy approved pull requests

React to this headline:

Loading spinner

Securing GitHub Actions for a safer DevOps pipeline Read More »

Stolen GitHub Credentials Used to Push Fake Dependabot Commits

Application Security, GitHub /

Stolen GitHub Credentials Used to Push Fake Dependabot Commits 27/09/2023 at 17:17 By Ionut Arghire Threat actors have been using stolen GitHub personal access tokens to push malicious code posing as Dependabot contributions. The post Stolen GitHub Credentials Used to Push Fake Dependabot Commits appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Stolen GitHub Credentials Used to Push Fake Dependabot Commits Read More »

Network Flight Simulator: Open-source adversary simulation tool

AlphaSOC, cybersecurity, Don't miss, GitHub, News, research, software /

Network Flight Simulator: Open-source adversary simulation tool 27/09/2023 at 06:31 By Mirko Zorz Network Flight Simulator is a lightweight utility that generates malicious network traffic and helps security teams evaluate security controls and network visibility. The tool performs tests to simulate DNS tunneling, DGA traffic, requests to known active C2 destinations, and other suspicious traffic

React to this headline:

Loading spinner

Network Flight Simulator: Open-source adversary simulation tool Read More »

Scroll to Top