GitHub

5 free red teaming resources to get you started

cybersecurity, Don't miss, GitHub, Hot stuff, how-to, News, red team, strategy, tips /

5 free red teaming resources to get you started 2024-04-16 at 07:32 By Help Net Security Red teaming is evaluating the effectiveness of your cybersecurity by eliminating defender bias and adopting an adversarial perspective within your organization. Tactics may include anything from social engineering to physical security breaches to simulate a real-world advanced persistent threat. […]

React to this headline:

Loading spinner

5 free red teaming resources to get you started Read More »

Zarf: Open-source continuous software delivery on disconnected networks

DevSecOps, Don't miss, GitHub, News, open source, software /

Zarf: Open-source continuous software delivery on disconnected networks 2024-04-15 at 06:32 By Help Net Security Zarf is a free, open-source tool that enables continuous software delivery on disconnected networks. It currently offers fully automated support for K3s, K3d, and Kind and is also compatible with EKS, AKS, GKE, RKE2, and many other distro services. The

React to this headline:

Loading spinner

Zarf: Open-source continuous software delivery on disconnected networks Read More »

Threat Actors Manipulate GitHub Search to Deliver Malware

GitHub, Malware, Malware & Threats /

Threat Actors Manipulate GitHub Search to Deliver Malware 2024-04-12 at 14:31 By Ionut Arghire Checkmarx warns of a new attack relying on GitHub search manipulation to deliver malicious code. The post Threat Actors Manipulate GitHub Search to Deliver Malware appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Threat Actors Manipulate GitHub Search to Deliver Malware Read More »

Graylog: Open-source log management

Don't miss, GitHub, Hot stuff, log management, News, open source, software /

Graylog: Open-source log management 2024-04-11 at 07:01 By Mirko Zorz Graylog is an open-source solution with centralized log management capabilities. It enables teams to collect, store, and analyze data to get answers to security, application, and IT infrastructure questions. Graylog key features It is easy to install with a standard tech stack, combined with support

React to this headline:

Loading spinner

Graylog: Open-source log management Read More »

EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA)

authentication, certificate authority, Don't miss, GitHub, Hot stuff, News, open source, PKI, software /

EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA) 2024-04-09 at 07:32 By Mirko Zorz EJBCA is open-source PKI and CA software. It can handle almost anything, and someone once called it the kitchen sink of PKI. With its extensive history as one of the longest-standing CA software projects, EJBCA offers proven robustness, reliability, and

React to this headline:

Loading spinner

EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA) Read More »

XZ Utils backdoor: Detection tools, scripts, rules

backdoor, Binarly, Bitdefender, Don't miss, Elastic, GitHub, Hot stuff, Linux, News, open source, supply chain compromise /

XZ Utils backdoor: Detection tools, scripts, rules 2024-04-08 at 16:31 By Zeljka Zorz As the analysis of the backdoor in XZ Utils continues, several security companies have provided tools and advice on how to detect its presence on Linux systems. What happened? The open-source XZ Utils compression utility has been backdoored by a skilled threat

React to this headline:

Loading spinner

XZ Utils backdoor: Detection tools, scripts, rules Read More »

Mantis: Open-source framework that automates asset discovery, reconnaissance, scanning

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, software /

Mantis: Open-source framework that automates asset discovery, reconnaissance, scanning 2024-04-04 at 07:31 By Mirko Zorz Mantis is an open-source command-line framework that automates asset discovery, reconnaissance, and scanning. You input a top-level domain, and it identifies associated assets, such as subdomains and certificates. Mantis features The framework conducts reconnaissance on active assets and completes its

React to this headline:

Loading spinner

Mantis: Open-source framework that automates asset discovery, reconnaissance, scanning Read More »

Cloud Active Defense: Open-source cloud protection

cloud security, Don't miss, GitHub, Hot stuff, News, open source, software /

Cloud Active Defense: Open-source cloud protection 2024-04-02 at 07:31 By Mirko Zorz Cloud Active Defense is an open-source solution that integrates decoys into cloud infrastructure. It creates a dilemma for attackers: risk attacking and being detected immediately, or avoid the traps and reduce their effectiveness. Anyone, including small companies, can use it at no cost

React to this headline:

Loading spinner

Cloud Active Defense: Open-source cloud protection Read More »

Infosec products of the month: March 2024

Appdome, AuditBoard, Bedrock Security, Cado Security, Check Point, CyberArk, Cynerio, DataDome, Delinea, Drata, Exabeam, GitGuardian, GitHub, GlobalSign, Legato Security, Legit Security, Malwarebytes, News, Ordr, Pentera, Portnox, Regula, Sentra, Sonatype, Spin.AI, Tenable, Tufin, Viavi Solutions, Zoom /

Infosec products of the month: March 2024 2024-04-01 at 05:46 By Help Net Security Here’s a look at the most interesting products from the past month, featuring releases from: Appdome, AuditBoard, Bedrock Security, Cado Security, Check Point, CyberArk, Cynerio, DataDome, Delinea, Drata, Exabeam, GitGuardian, GitHub, GlobalSign, Legato Security, Legit Security, Malwarebytes, Ordr, Pentera, Portnox, Regula,

React to this headline:

Loading spinner

Infosec products of the month: March 2024 Read More »

Drozer: Open-source Android security assessment framework

Android, Application Security, Don't miss, GitHub, Hot stuff, mobile security, News, open source, penetration testing, software, WithSecure /

Drozer: Open-source Android security assessment framework 2024-03-27 at 06:32 By Mirko Zorz Drozer is an open-source security testing framework for Android, whose primary purpose is to make the life of mobile application security testers easier. Drozer features The solution enables the identification of security vulnerabilities in applications and devices by taking on the role of

React to this headline:

Loading spinner

Drozer: Open-source Android security assessment framework Read More »

20 essential open-source cybersecurity tools that save you time

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software /

20 essential open-source cybersecurity tools that save you time 2024-03-25 at 08:01 By Mirko Zorz Open-source software’s adaptive nature ensures its durability, relevance, and compatibility with new technologies. When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers working to find practical solutions to many problems, one of

React to this headline:

Loading spinner

20 essential open-source cybersecurity tools that save you time Read More »

GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta

Application Security, GitHub, Vulnerabilities /

GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta 2024-03-21 at 14:16 By Ionut Arghire GitHub’s code scanning autofix delivers remediation suggestions for two-thirds of the identified vulnerabilities. The post GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta Read More »

WebCopilot: Open-source automation tool enumerates subdomains, detects bugs

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, scanning, software /

WebCopilot: Open-source automation tool enumerates subdomains, detects bugs 2024-03-21 at 07:31 By Mirko Zorz WebCopilot is an open-source automation tool that enumerates a target’s subdomains and discovers bugs using various free tools. It simplifies the application security workflow and reduces reliance on manual scripting. “I built this solution to streamline the application security process, specifically

React to this headline:

Loading spinner

WebCopilot: Open-source automation tool enumerates subdomains, detects bugs Read More »

Lynis: Open-source security auditing tool

Don't miss, GitHub, Hot stuff, Linux, macOS, News, open source, scanning, software, Unix /

Lynis: Open-source security auditing tool 2024-03-19 at 06:06 By Mirko Zorz Lynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD. Hardening with Lynis Lynis conducts a thorough security examination of the system directly. Its main objective is to evaluate security measures and recommend enhancing system hardening. The tool

React to this headline:

Loading spinner

Lynis: Open-source security auditing tool Read More »

Quicmap: Fast, open-source QUIC protocol scanner

Don't miss, GitHub, networking, News, open source, penetration testing, scanning, software /

Quicmap: Fast, open-source QUIC protocol scanner 2024-03-18 at 12:01 By Mirko Zorz Quicmap is a fast, open-source QUIC service scanner that streamlines the process by eliminating multiple tool requirements. It effectively identifies QUIC services, the protocol version, and the supported ALPNs. “As I started researching the QUIC protocol, I noticed that my favorite scanner had

React to this headline:

Loading spinner

Quicmap: Fast, open-source QUIC protocol scanner Read More »

90% of exposed secrets on GitHub remain active for at least five days

cybersecurity, Data leak, GitGuardian, GitHub, News, report, survey /

90% of exposed secrets on GitHub remain active for at least five days 2024-03-15 at 07:30 By Help Net Security 12.8 million new secrets occurrences were leaked publicly on GitHub in 2023, +28% compared to 2022, according to GitGuardian. Remarkably, the incidence of publicly exposed secrets has quadrupled since the company started reporting in 2021.

React to this headline:

Loading spinner

90% of exposed secrets on GitHub remain active for at least five days Read More »

MobSF: Open-source security research platform for mobile apps

Android, code analysis, cybersecurity, Don't miss, GitHub, Hot stuff, iOS, mobile, mobile apps, mobile devices, News, open source, software /

MobSF: Open-source security research platform for mobile apps 2024-03-14 at 07:30 By Mirko Zorz The Mobile Security Framework (MobSF) is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile. MobSF can be used for mobile app security assessment, penetration testing, malware analysis, and privacy evaluation. The Static Analyzer is adept

React to this headline:

Loading spinner

MobSF: Open-source security research platform for mobile apps Read More »

CloudGrappler: Open-source tool detects activity in cloud environments

AWS, Azure, Cado Security, cloud security, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, Permiso, software /

CloudGrappler: Open-source tool detects activity in cloud environments 2024-03-11 at 09:07 By Mirko Zorz CloudGrappler is an open-source tool designed to assist security teams in identifying threat actors within their AWS and Azure environments. The tool, built on the foundation of Cado Security’s cloudgrep project, offers enhanced detection capabilities based on the tactics, techniques, and

React to this headline:

Loading spinner

CloudGrappler: Open-source tool detects activity in cloud environments Read More »

OpenARIA: Open-source edition of the Aviation Risk Identification and Assessment (ARIA)

GitHub, MITRE, News, open source, software /

OpenARIA: Open-source edition of the Aviation Risk Identification and Assessment (ARIA) 2024-03-08 at 06:51 By Mirko Zorz MITRE now offers an open-source version of its Aviation Risk Identification and Assessment (ARIA) software suite, OpenARIA. This initiative is dedicated to enhancing aviation safety and efficiency through the active involvement of the aviation community. ARIA suite The

React to this headline:

Loading spinner

OpenARIA: Open-source edition of the Aviation Risk Identification and Assessment (ARIA) Read More »

New infosec products of the week: March 8, 2024

Check Point, Delinea, GitHub, News, Pentera, Sentra /

New infosec products of the week: March 8, 2024 2024-03-08 at 06:07 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Check Point, Delinea, Pentera, and Sentra. Delinea Privilege Control for Servers enforces least privilege principles on critical systems In Privilege Control for Servers, session

React to this headline:

Loading spinner

New infosec products of the week: March 8, 2024 Read More »

Scroll to Top