Welcome back to another #FreeCourseThursday! And this one is so exciting, you might want to throw a party. Or perhaps a... bash? (We'll see ourselves out.) Seriously though, log in or sign up to securityblue.team today to get a complete intro to Bash. #Bash #FreeCourses
Security Blue Team’s Post
More Relevant Posts
-
Cloud Architect @ Publicis Sapient | GCP, DevSecOps, Terraform, Atlantis, GKE, GCE, Checkov, Prisma Cloud | SME of GCP | Freelance Trainer
Dear Connections, Hope you all are doing well and staying safe. I have always dreamed of doing a POC based on DevSecOps, so I dedicated this weekend to implementing an IaC pipeline using #Terraform and #GKE #CloudBuild pipeline. The code worked perfectly, but I realized it didn't follow security best practices. To prevent insecure resource creation, I searched for a suitable tool and discovered #Checkov, which is now managed by #PrismaCloud. By including Checkov in my `cloudbuild.yaml` file before executing `terraform apply`, I introduced a #ShiftLeft approach that prevented the pipeline from applying insecure configurations. I invite you to check out the repository at the following link: https://lnkd.in/gkWHqcTZ Feel free to share your thoughts and suggestions, and let's keep learning together! #DevSecOps #IaC #SecurityBestPractices
-
تکنیک جدیدی کشف شده که با استفاده از Callback های TLS برای اجرای Payload بدون ایجاد Thread در Remote Process ای صورت میگیرد. این روش از تکنیک Threadless injection کمک گرفته چون در RemoteTLSCallbackInjection فراخوانی API ای صورت نمیگیره برای اجرای Payload. از مراحل پیاده سازی میتونیم موارد زیر رو اشاره کنیم: The PoC follows these steps: Create a suspended process using the CreateProcessViaWinAPIsW function (i.e. RuntimeBroker.exe). Fetch the remote process image base address followed by reading the process's PE headers. Fetch an address to a TLS callback function. Patch a fixed shellcode (i.e. g_FixedShellcode) with runtime-retrieved values. This shellcode is responsible for restoring both original bytes and memory permission of the TLS callback function's address. Inject both shellcodes: g_FixedShellcode and the main payload. Patch the TLS callback function's address and replace it with the address of our injected payload. Resume process. The g_FixedShellcode shellcode will then make sure that the main payload executes only once by restoring the original TLS callback's original address before calling the main payload. A TLS callback can execute multiple times across the lifespan of a process, therefore it is important to control the number of times the payload is triggered by restoring the original code path execution to the original TLS callback function. #RedTeam #MalDev #Evasion
GitHub - Maldev-Academy/RemoteTLSCallbackInjection: Utilizing TLS callbacks to execute a payload without spawning any threads in a remote process
github.com
-
Check out our exclusive 'Kubernetes Cheat Sheet' with must-know commands. 👇 👉 READ MORE HERE: https://kode.wiki/42cRLW6 Looking for the rest? It's waiting for you at KodeKloud! Don't forget to share this post to share the wisdom! Give us a thumbs up 👍 if this cheat sheet has helped you!
-
-
The Bishop Fox open source tool Swagger Jacker can be used by #offensivesecurity professionals to audit #OpenAPI definition files. Discover how it works in this explainer from tool creator and Cosmos team member Tony West.
Introducing Swagger Jacker: Auditing OpenAPI Definition Files
bishopfox.com
-
The Bishop Fox open source tool Swagger Jacker can be used by #offensivesecurity professionals to audit #OpenAPI definition files. Discover how it works in this explainer from tool creator and Cosmos team member Tony West.
Introducing Swagger Jacker: Auditing OpenAPI Definition Files
bishopfox.com
-
The Bishop Fox open source tool Swagger Jacker can be used by #offensivesecurity professionals to audit #OpenAPI definition files. Discover how it works in this explainer from tool creator and Cosmos team member Tony West.
Introducing Swagger Jacker: Auditing OpenAPI Definition Files
bishopfox.com
-
Gitleaks: Open-source solution for detecting secrets in your code From the content: Gitleaks is an open-source SAST tool designed to detect and prevent hardcoded secrets such as passwords, API keys, and tokens in Git repositories....[read more] https://buff.ly/3XIKBbV Follow #techbeatly @techbeatly gmsocial, tbsocial
Gitleaks: Open-source solution for detecting secrets in your code - Help Net Security
https://www.helpnetsecurity.com
-
🚀 Sauce Connect 5.0 is here 🚀 It’s one of our biggest updates yet — and it’s a free upgrade for all Sauce users. You’ll unlock: 🔥 Enhanced performance 🔒 Advanced security protocols 🔄 Simplified integration and onboarding Get started: https://lnkd.in/gKfTeRe6
Downloading Sauce Connect Proxy | Sauce Labs Documentation
docs.saucelabs.com
-
In this 2-part tutorial, you'll learn how to create policies, how to build and publish them as a bundle served by Nginx and register them with OPA. You'll also look at example policies to restrict the tolerations that pods can use. More: https://lnkd.in/gCc_GGbV
-
Creating Self-Signed Certificates in Nginx: A Complete Tutorial Video Link: https://lnkd.in/d29UgMnk YouTube Channel: https://lnkd.in/d9kEvWCb LinkedIn: https://lnkd.in/dreig-Yy #NginxTutorial #SelfSignedCertificates #WebSecurityEssentials #NginxGuide #SSLConfiguration #ServerManagement #HTTPSsetup #NginxTips #WebDevelopmentSkills #TechTutorial
Creating Self-Signed Certificates in Nginx: A Complete Tutorial
https://www.youtube.com/
