open source

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure

AWS, cybersecurity, database security, Don't miss, GitHub, Hot stuff, News, open source, software /

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure 2024-02-07 at 07:31 By Mirko Zorz Prowler is an open-source security tool designed to assess, audit, and enhance the security of AWS, GCP, and Azure. It’s also equipped for incident response, continuous monitoring, hardening, and forensics preparation. Details The tool includes hundreds of controls that […]

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure Read More »

Google Open Sources AI-Aided Fuzzing Framework

AI, Application Security, Artificial Intelligence, Google, open source /

Google Open Sources AI-Aided Fuzzing Framework 2024-02-05 at 14:46 By Ionut Arghire Google has released its fuzzing framework in open source to boost the ability of developers and researchers to identify vulnerabilities. The post Google Open Sources AI-Aided Fuzzing Framework appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

Google Open Sources AI-Aided Fuzzing Framework Read More »

Latio Application Security Tester: Use AI to scan your code

Artificial Intelligence, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, OpenAI, software /

Latio Application Security Tester: Use AI to scan your code 2024-02-05 at 08:02 By Mirko Zorz Latio Application Security Tester is an open-source tool that enables the usage of OpenAI to scan code from the CLI for security and health issues. Features and future plans James Berthoty, the creator of Latio Application Security Tester, told

Latio Application Security Tester: Use AI to scan your code Read More »

CVEMap: Open-source tool to query, browse and search CVEs

CISA, CVE, cybersecurity, Don't miss, GitHub, HackerOne, Hot stuff, News, open source, Project Discovery, software /

CVEMap: Open-source tool to query, browse and search CVEs 2024-02-01 at 07:01 By Mirko Zorz CVEMap is an open-source command-line interface (CLI) tool that allows you to explore Common Vulnerabilities and Exposures (CVEs). It’s designed to offer a streamlined and user-friendly interface for navigating vulnerability databases. Although CVEs are crucial for pinpointing and discussing security

CVEMap: Open-source tool to query, browse and search CVEs Read More »

Faction: Open-source pentesting report generation and collaboration framework

Don't miss, GitHub, News, open source, penetration testing, report, software /

Faction: Open-source pentesting report generation and collaboration framework 2024-01-30 at 07:31 By Mirko Zorz Faction is an open-source solution that enables pentesting report generation and assessment collaboration. Josh Summitt, the creator of Faction, has always disliked the process of writing reports, preferring to focus on uncovering bugs. A key frustration for him was the redundant

Faction: Open-source pentesting report generation and collaboration framework Read More »

Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897)

Don't miss, exploit, Hot stuff, Jenkins, News, open source, PoC, security update, SonarSource, vulnerability /

Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897) 2024-01-29 at 13:31 By Helga Labus Several proof-of-concept (PoC) exploits for a recently patched critical vulnerability (CVE-2024-23897) in Jenkins has been made public and there’s evidence of exploitation in the wild. About CVE-2024-23897 Jenkins is a widely used Java-based open-source automation server that helps

Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897) Read More »

New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security

open source, Supply Chain Security, Vulnerabilities /

New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security 2024-01-25 at 16:46 By Kevin Townsend Two new products aim to secure the traditional OSS supply chain, and the new AI model software supply chain. The post New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security appeared first on SecurityWeek. This article

New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security Read More »

Automated Emulation: Open-source breach and attack simulation lab

cybersecurity, Don't miss, GitHub, News, open source, software, Terraform /

Automated Emulation: Open-source breach and attack simulation lab 2024-01-25 at 07:31 By Mirko Zorz Automated Emulation is an open-source Terraform template designed to create a customizable, automated breach and attack simulation lab. The solution automatically constructs the following resources hosted on AWS: One Linux server deploying Caldera, Prelude Operator Headless, and VECTR One Windows Client

Automated Emulation: Open-source breach and attack simulation lab Read More »

Software supply chain attacks are getting easier

cybercrime, cybersecurity, Don't miss, News, open source, report, ReversingLabs, software, supply chain attacks, survey /

Software supply chain attacks are getting easier 2024-01-24 at 06:03 By Help Net Security ReversingLabs identified close to 11,200 unique malicious packages across three major open-source software platforms in 2023: npm, PyPI, and RubyGems. These findings mark an astounding 1,300% increase in malicious packages from 2020 and an increase of 28% over 2022 when a

Software supply chain attacks are getting easier Read More »

Skytrack: Open-source aircraft reconnaissance tool

Don't miss, GitHub, News, open source, OSINT, software /

Skytrack: Open-source aircraft reconnaissance tool 2024-01-18 at 07:31 By Mirko Zorz Skytrack is an open-source command-line tool for plane spotting and aircraft OSINT reconnaissance. The tool utilizes multiple data sources to collect information on aircraft, can produce a PDF report for a specific aircraft, and offers conversion between ICAO and Tail Number designations. Suitable for

Skytrack: Open-source aircraft reconnaissance tool Read More »

Tsurugi Linux: Tailoring user experience for digital forensics and OSINT investigations

cybersecurity, DFIR, Linux, News, open source, software /

Tsurugi Linux: Tailoring user experience for digital forensics and OSINT investigations 2024-01-16 at 06:31 By Mirko Zorz Tsurugi Linux is a heavily customized open-source distribution focused on supporting DFIR investigations. The project focuses mainly on live forensics analysis, post-mortem analysis, and digital evidence acquisition. Users can also perform malware analysis, OSINT and computer vision activities.

Tsurugi Linux: Tailoring user experience for digital forensics and OSINT investigations Read More »

Adalanche: Open-source Active Directory ACL visualizer, explorer

Active Directory, cybersecurity, GitHub, News, open source, software /

Adalanche: Open-source Active Directory ACL visualizer, explorer 2024-01-15 at 07:01 By Mirko Zorz Adalanche provides immediate insights into the permissions of users and groups within an Active Directory. It’s an effective open-source tool for visualizing and investigating potential account, machine, or domain takeovers. Additionally, it helps identify and display any misconfigurations. What unique features make

Adalanche: Open-source Active Directory ACL visualizer, explorer Read More »

Fly Catcher: Detect aircraft spoofing by monitoring for malicious signals

cybersecurity, Don't miss, GitHub, hardware, Hot stuff, News, open source, Raspberry Pi, reconnaissance, software /

Fly Catcher: Detect aircraft spoofing by monitoring for malicious signals 2024-01-10 at 07:02 By Mirko Zorz Fly Catcher is an open-source device that can detect aircraft spoofing by monitoring for malicious ADS-B signals in the 1090MHz frequency. Angelina Tsuboi, the developer of Fly Catcher, is an enthusiastic pilot, cybersecurity researcher, and tinkerer. She was driven

Fly Catcher: Detect aircraft spoofing by monitoring for malicious signals Read More »

SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448)

Cacti, Don't miss, Hot stuff, network monitoring, News, open source, security update, SQL injection, Synopsys, vulnerability /

SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448) 2024-01-09 at 14:01 By Helga Labus A blind SQL injection vulnerability (CVE-2023-51448) in Cacti, a widely-used network monitoring, performance and fault management framework, could lead to information disclosure and potentially remote code execution. Cacti is often used in network operation centers of telecoms and web hosting

SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448) Read More »

AuthLogParser: Open-source tool for analyzing Linux authentication logs

cybersecurity, Don't miss, GitHub, Hot stuff, Linux, News, open source, software /

AuthLogParser: Open-source tool for analyzing Linux authentication logs 2024-01-08 at 07:31 By Mirko Zorz AuthLogParser is an open-source tool tailored for digital forensics and incident response, specifically crafted to analyze Linux authentication logs (auth.log). The tool examines the auth.log file, extracting crucial details like SSH logins, user creations, event names, IP addresses, among others. It

AuthLogParser: Open-source tool for analyzing Linux authentication logs Read More »

DriveFS Sleuth: Open-source tool for investigating Google Drive File Stream’s disk forensic artifacts

cloud security, computer forensics, Don't miss, GitHub, Google Drive, News, open source, software /

DriveFS Sleuth: Open-source tool for investigating Google Drive File Stream’s disk forensic artifacts 2024-01-04 at 07:31 By Mirko Zorz DriveFS Sleuth automates the investigation of Google Drive File Stream disk artifacts. The tool can parse the disk artifacts and build a filesystem tree-like structure enumerating the synchronized files along with their respective properties. “While engaged

DriveFS Sleuth: Open-source tool for investigating Google Drive File Stream’s disk forensic artifacts Read More »

15 open-source cybersecurity tools you’ll wish you’d known earlier

ARMO, CISA, Don't miss, Elastic, GitHub, Google, Mirantis, News, open source, Oryxlabs, report, SpecterOps, survey /

15 open-source cybersecurity tools you’ll wish you’d known earlier 2024-01-04 at 07:01 By Help Net Security Open-source tools represent a dynamic force in the technological landscape, embodying innovation, collaboration, and accessibility. These tools, developed with transparency and community-driven principles, empower users with the freedom to scrutinize, modify, and adapt solutions according to their unique needs.

15 open-source cybersecurity tools you’ll wish you’d known earlier Read More »

Subdominator: Open-source tool for detecting subdomain takeovers

cybersecurity, Don't miss, GitHub, News, open source, software, Stratus /

Subdominator: Open-source tool for detecting subdomain takeovers 20/12/2023 at 07:01 By Mirko Zorz Subdominator is a dependable and fast open-source command-line interface tool to identify subdomain takeovers. It boasts superior accuracy and reliability, offering improvements compared to other tools. “Initially, Subdominator was created internally because all the current subdomain takeover tools had gaps in their

Subdominator: Open-source tool for detecting subdomain takeovers Read More »

EMBA: Open-source security analyzer for embedded devices

cybersecurity, Don't miss, embedded systems, GitHub, News, open source, penetration testing, software /

EMBA: Open-source security analyzer for embedded devices 19/12/2023 at 08:02 By Mirko Zorz The EMBA open-source security analyzer is tailored as the central firmware analysis tool for penetration testers and product security groups. It assists throughout the security evaluation procedure, extracting firmware, conducting static and dynamic analysis through emulation, and creating a web-based report. EMBA

EMBA: Open-source security analyzer for embedded devices Read More »

Scroll to Top