96 private links
I hacked into a @Bing CMS that allowed me to alter search results and take over millions of @Office365 accounts. How did I do it? Well, it all started with a simple click in @Azure… 👀 This is the story of #BingBang 🧵⬇️
OWASP has created the OWASP Kubernetes Top 10, which helps identify the most likely risks.
Quickly collect data from thousands of exposed Elasticsearch or Kibana instances and generate a report to be analysed. - GitHub - 9oelM/elasticpwn: Quickly collect data from thousands of exposed Elasticsearch or Kibana instances and generate a report to be analysed.
Vulnerable app with examples showing how to not use secrets - GitHub - OWASP/wrongsecrets: Vulnerable app with examples showing how to not use secrets
This repository brings together tool builders, bloggers, speakers, book authors, and other interesting Mastodon accounts - GitHub - cipher387/OSINT-and-Cybersecurity-accounts-in-Mastodon: This repository brings together tool builders, bloggers, speakers, book authors, and other interesting Mastodon accounts
Hello, we shall run the OWASP juice shop as a deployment, and expose it as a service in a local kubernetes cluster launched with kind. Hence, familiarity with kubernetes deployment and service is essential to follow along. You can try this with any cluster, though I am using a cluster that was launched with kind. For those not aware, kind is a tool that makes launching k8s clusters on your local machine easy.
Welcome to the page where you will find each hacking trick/technique/whatever I have learnt from CTFs, real life apps, reading researches, and news.
Periodic cyber security newsletters that capture the latest news, summaries of conference talks, research, best practices, tools, events, vulnerabilities, and analysis of trending threats and attacks - GitHub - TalEliyahu/awesome-security-newsletters: Periodic cyber security newsletters that capture the latest news, summaries of conference talks, research, best practices, tools, events, vulnerabilities, and analysis of trending threats and attacks
Run Juice Shop on Kubernetes
Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening - GitHub - arkenfox/user.js: Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
Die lange Liste der Hackerangriffe des Jahres in Deutschland.
It’s been a while since my last post on medium but I’m back, I want to tell you a short story about a private bug bounty program and why you can always check public Repos on GitHub, because you will…
A reference of the reporting settings administrators configure in kibana.yml.
A curated list of awesome GraphQL Security frameworks, libraries, software and resources - GitHub - Escape-Technologies/awesome-graphql-security: A curated list of awesome GraphQL Security frameworks, libraries, software and resources
Useful Google Dorks for WebSecurity and Bug Bounty - GitHub - Proviesec/google-dorks: Useful Google Dorks for WebSecurity and Bug Bounty
Trivy v0.29.0 release brings many updates, such as RBAC security and Helm chart scanning, custom extensions, a Trivy Operator Lens integration, and more
This is the first post in a series called ‘Smashing the Modern Web Tech Stack.’ Web Applications today are more complex than ever. I’m writing this series to organize and process some core ideas and…