software

Whispr: Open-source multi-vault secret injection tool

Whispr: Open-source multi-vault secret injection tool 2024-11-04 at 07:03 By Mirko Zorz Whispr is an open-source CLI tool designed to securely inject secrets from secret vaults, such as AWS Secrets Manager and Azure Key Vault, directly into your application’s environment. This enhances secure local software development by seamlessly managing sensitive information. Whispr key features Safe […]

Whispr: Open-source multi-vault secret injection tool Read More »

50% of financial orgs have high-severity security flaws in their apps

50% of financial orgs have high-severity security flaws in their apps 2024-11-01 at 08:03 By Help Net Security Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 76% of organizations in the financial services sector, with 50% of organizations carrying critical security debt, according to Veracode.

50% of financial orgs have high-severity security flaws in their apps Read More »

OT PCAP Analyzer: Free PCAP analysis tool

OT PCAP Analyzer: Free PCAP analysis tool 2024-10-29 at 07:34 By Mirko Zorz EmberOT’s OT PCAP Analyzer, developed for the industrial security community, is a free tool providing a high-level overview of the devices and protocols in packet capture files. “The OT PCAP Analyzer was designed specifically with critical OT environments in mind. We’ve created

OT PCAP Analyzer: Free PCAP analysis tool Read More »

Argus: Open-source information gathering toolkit

Argus: Open-source information gathering toolkit 2024-10-23 at 07:33 By Help Net Security Argus is an open-source toolkit that simplifies information gathering and reconnaissance. It features a user-friendly interface and a collection of powerful modules, enabling the exploration of networks, web applications, and security configurations. Argus offers a collection of tools categorized into three main areas:

Argus: Open-source information gathering toolkit Read More »

Aranya: Open-source toolkit to accelerate secure by design concepts

Aranya: Open-source toolkit to accelerate secure by design concepts 2024-10-21 at 06:31 By Help Net Security SpiderOak launched its core technology platform as an open-source project called Aranya. This release provides the same level of security as the company’s platform, which is already in use by the Department of Defense. The Aranya project marks a

Aranya: Open-source toolkit to accelerate secure by design concepts Read More »

GhostStrike: Open-source tool for ethical hacking

GhostStrike: Open-source tool for ethical hacking 2024-10-17 at 07:31 By Mirko Zorz GhostStrike is an open-source, advanced cybersecurity tool tailored for ethical hacking and Red Team operations. It incorporates cutting-edge techniques, including process hollowing, to stealthily evade detection on Windows systems, making it an asset for penetration testing and security assessments. “I decided to develop

GhostStrike: Open-source tool for ethical hacking Read More »

YARA: Open-source tool for malware research

YARA: Open-source tool for malware research 2024-10-09 at 08:01 By Help Net Security YARA is a powerful tool designed primarily to aid malware researchers in identifying and categorizing malware samples, though its applications are broader. The tool enables users to create detailed descriptions, or “rules,” for malware families or any other target based on textual

YARA: Open-source tool for malware research Read More »

OpenBSD 7.6 released: security improvements, new hardware support, and more!

OpenBSD 7.6 released: security improvements, new hardware support, and more! 2024-10-08 at 21:01 By Help Net Security OpenBSD is a free, multi-platform 4.4BSD-based UNIX-like operating system. The 57th release, OpenBSD 7.6, comes with new features, various improvements, bug fixes, and tweaks. Security improvements Added -fret-clean option to the compiler, defaulting to off. This new option

OpenBSD 7.6 released: security improvements, new hardware support, and more! Read More »

Rspamd: Open-source spam filtering system

Rspamd: Open-source spam filtering system 2024-10-07 at 07:01 By Mirko Zorz Rspamd is an open-source spam filtering and email processing framework designed to evaluate messages based on a wide range of rules, including regular expressions, statistical analysis, and integrations with custom services like URL blacklists. The system analyzes each message and assigns a verdict, which

Rspamd: Open-source spam filtering system Read More »

MaLDAPtive: Open-source framework for LDAP SearchFilter parsing, obfuscation, and more!

MaLDAPtive: Open-source framework for LDAP SearchFilter parsing, obfuscation, and more! 2024-10-04 at 07:01 By Help Net Security MaLDAPtive is an open-source framework for LDAP SearchFilter parsing, obfuscation, deobfuscation, and detection. At its core, the project features a custom-built C# LDAP parser designed for tokenization and syntax tree parsing. It also incorporates specialized properties to ensure

MaLDAPtive: Open-source framework for LDAP SearchFilter parsing, obfuscation, and more! Read More »

Suricata: Open-source network analysis and threat detection

Suricata: Open-source network analysis and threat detection 2024-10-02 at 07:31 By Help Net Security Suricata is an open-source network intrusion detection system (IDS), intrusion prevention system (IPS), and network security monitoring engine. Suricata features Suricata offers comprehensive capabilities for network security monitoring (NSM), including logging HTTP requests, capturing and storing TLS certificates, and extracting files

Suricata: Open-source network analysis and threat detection Read More »

3 easy microsegmentation projects

3 easy microsegmentation projects 2024-10-01 at 07:31 By Help Net Security Like many large-scale network security projects, microsegmentation can seem complex, time-consuming, and expensive. It involves managing intricate details about inter-device service connectivity. One web server should connect to specific databases but not to others, or load balancers should connect to some web servers while

3 easy microsegmentation projects Read More »

SCCMSecrets: Open-source SCCM policies exploitation tool

SCCMSecrets: Open-source SCCM policies exploitation tool 2024-09-30 at 07:31 By Help Net Security SCCMSecrets is an open-source tool that exploits SCCM policies, offering more than just NAA credential extraction. SCCM policies are a key target for attackers in Active Directory environments, as they can expose sensitive technical information, including account credentials. Attackers may retrieve these

SCCMSecrets: Open-source SCCM policies exploitation tool Read More »

Tosint: Open-source Telegram OSINT tool

Tosint: Open-source Telegram OSINT tool 2024-09-27 at 07:31 By Mirko Zorz Tosint is an open-source Telegram OSINT tool that extracts useful information from Telegram bots and channels. It’s suited for security researchers, investigators, and others who want to gather insights from Telegram sources. Several law enforcement agencies utilize Tosint to gather intelligence and monitor cybercriminal

Tosint: Open-source Telegram OSINT tool Read More »

NetAlertX: Open-source Wi-Fi intruder detector

NetAlertX: Open-source Wi-Fi intruder detector 2024-09-25 at 08:01 By Mirko Zorz NetAlertX is an open-source Wi-Fi/LAN intruder detection tool that scans your network for connected devices and alerts you when new or unknown devices are detected. It provides visibility into your network activity to help you monitor unauthorized access. “NetAlertX comes with a range of

NetAlertX: Open-source Wi-Fi intruder detector Read More »

Certainly: Open-source offensive security toolkit

Certainly: Open-source offensive security toolkit 2024-09-23 at 07:31 By Mirko Zorz Certainly is an open-source offensive security toolkit designed to capture extensive traffic across various network protocols in bit-flip and typosquatting scenarios. Built-in protocols: DNS, HTTP(S), IMAP(S), SMTP(S). “The reason why we created Certainly was to simplify the process of capturing and collecting requests that

Certainly: Open-source offensive security toolkit Read More »

Paid open-source maintainers spend more time on security

Paid open-source maintainers spend more time on security 2024-09-23 at 06:31 By Help Net Security Paid maintainers are 55% more likely to implement critical security and maintenance practices than unpaid maintainers and are dedicating more time to implementing security practices like those included in industry standards like the OpenSSF Scorecard and the NIST Secure Software

Paid open-source maintainers spend more time on security Read More »

CrowdSec: Open-source security solution offering crowdsourced protection

CrowdSec: Open-source security solution offering crowdsourced protection 2024-09-18 at 08:01 By Mirko Zorz Crowdsec is an open-source solution that offers crowdsourced protection against malicious IPs. CrowdSec features For this project, the developers have two objectives: Provide free top-quality intrusion detection and protection software. There’s community participation in creating new detection rules as new vulnerabilities are

CrowdSec: Open-source security solution offering crowdsourced protection Read More »

Detecting vulnerable code in software dependencies is more complex than it seems

Detecting vulnerable code in software dependencies is more complex than it seems 2024-09-18 at 07:31 By Mirko Zorz In this Help Net Security interview, Henrik Plate, CISSP, security researcher, Endor Labs, discusses the complexities AppSec teams face in identifying vulnerabilities within software dependencies. Plate also discusses the limitations of traditional software composition analysis (SCA) solutions

Detecting vulnerable code in software dependencies is more complex than it seems Read More »

EchoStrike: Generate undetectable reverse shells, perform process injection

EchoStrike: Generate undetectable reverse shells, perform process injection 2024-09-16 at 07:31 By Mirko Zorz EchoStrike is an open-source tool designed to generate undetectable reverse shells and execute process injection on Windows systems. “EchoStrike allows you to generate binaries that, when executed, create an undetectable RevShell, which can be the first entry point into a company.

EchoStrike: Generate undetectable reverse shells, perform process injection Read More »

Scroll to Top