Sebas

Vibe coders after realizing they'll still have to dance on TikTok to market their SaaS.

We're back. See you Monday: newsletter.securitypills.news Drop your email, we won't phish you.

I've pushed a few updates to github.com/assetnote/reac…. Vercel and Netlify are no longer flagged as vuln. Offsite redirs not followed. Custom header support in case you need auth or custom UA. Redir test cases are more accurate now (both base path and redir tested).

@galnagli Are those AWS creds exposed intentionally? :P

Today I enter into my vibe-coding era, exciting times ahead! Cursor & nano are lock and loaded - ready to build 🔨

According to the National Intelligence Service, around 8,400 individuals are employed in cyber warfare in North Korea. Previously, there were 6 hacking groups and 17 support organizations backing cyber attack activities, but this number has now increased by nearly 20%. - Korean: donga.com/news/Politics/… - English: donga.com/en/article/all…

My article regarding Poisoned Pipeline Execution attacks on CI/CD pipelines has just been published 🔗bishopfox.com/blog/poisoned-…

🕵️‍♂️ Deluder 🔍 A tool for intercepting traffic of proxy unaware applications, supporting multiple networking libraries: * OpenSSL * GnuTLS * SChannel * WinSock and Linux Sockets + more! github.com/Warxim/deluder

🛠 pphack: A Client-Side Prototype Pollution Scanner Scan for prototype pollution using chromedp, customize payloads and JavaScript with this powerful tool 👤 @edoardottt2 github.com/edoardottt/pph…

⚔ Visualizing ACLs with Adalanche A tool for enumerating and visualizing ACLs in Active Directory, helping to identify misconfigurations and potential attack paths By @lsecqt lsecqt.github.io/Red-Teaming-Ar…

🛠️ proctools: Extract information & dump sensitive strings from Windows processes: 🔍 procsearch: find sensitive strings in process memory ℹ️ procinfo: display file version info 📝 procargs: extract command line args ❌ prockill: terminate processes github.com/mlcsec/proctoo…

🛠 Debug your GitHub Actions via SSH with action-tmate A GitHub Action that allows users to debug their GitHub Actions by using SSH or a web shell to access the host system on which the actions run 👤 Max Schmitt github.com/mxschmitt/acti…

🤖 LLM-powered fuzzing via OSS-Fuzz A framework that uses LLMs to generate fuzz targets for C/C++ projects and benchmarks them on the oss-fuzz platform. 👤 @google github.com/google/oss-fuz…

🛠️ graphrunner A post-exploitation toolset for interacting with the Microsoft Graph API It provides different tools for: * Reconnaissance * Persistence * Pillaging of data from a Microsoft Entra ID (Azure AD) account 👤 @dafthack github.com/dafthack/Graph…

🛠 Jira-Lens: Fast and customizable vulnerability scanner for JIRA Perform 25+ checks including CVEs and multiple disclosures on a provided JIRA instance 👤 @mayank_pandey01 github.com/MayankPandey01…

Receive the latest security news each Monday: 🛠️ Appsec ⛓️ Blockchain 🛡️ Blue Team ☁️ Cloud Sec 🐳 Container Sec 🤖 ML ⚔️ Red Team 📦 Supply Chain 🕵️Threat Hunting Join 2,000+ security professionals newsletter.securitypills.news/subscribe Follow me ( @0xroot ) for more content like this

🔖 Security Pills #55 🛠️ A Recipe for Scaling Security @ddworken 🛡️ Detect threats using Microsoft Graph logs @fabian_bader ☁️ All Google Kubernetes Engine Risk @roinisimi ⚔️ electroniz3r @_r3ggi 📦 Forging signed commits on GitHub + more! newsletter.securitypills.news/p/security-pil…

@TheIceRoot If you have enjoyed this content, please help us by: 1️⃣ Joining over 2000 security professionals to get the latest trends in security. 2️⃣ Following me (@0xroot) for more content like this. Visit securitypills.news for more information.

☁ Google Cloud Incident Response Cheat Sheet * Common Attack Paths in GCP 🧧 * Logs for Threat Hunting & Incident Response 🧙‍♂️ * GCP Attack Matrix 📊 * Service Accounts 🔑 Includes documentation with + details for each TTP 👤@TheIceRoot & Wes Guerra medium.com/google-cloud/g…

☁️ Cloud Threat Landscape A cloud threat intelligence database, providing details on actors, tools and attack vectors Dive into @wiz_io's public database: 🚨107 incidents 🎭96 threat actors ⚔️100+ attack techniques wiz.io/cloud-threat-l…

have a great cyberweekend.