HackerContent’s Post

🚀💻Security is our priority! Check out our new post: "XZ Vulnerability" Expand your knowledge about cybersecurity and discover the pros and cons related to the use of open source.🌐👉https://bit.ly/3xM0seS #PandoraFMS #OpenSource #TechBlog #Cybersecurity #Vulnerabilities.

We've published a little article about our open-source contributions. We'll continue do our bit to push the state of open-source security tooling forward and helping the wider community benefit from the work we're doing at Pulse. We've been doing some other interesting things, like submitting new functionality and checks for common hardening findings to the Nuclei security scanner project. This is allowing our more security-savvy clients to run tooling such as Nuclei themselves to find the common hardening issues. The added bonus was simplified reporting for the common hardening problems, letting both us and our clients focus on the more impactful immediate vulnerabilities and treat security hardening as an ongoing process. More info around the tooling we've released and other projects we've contributed to are available in the article here: https://lnkd.in/g-srcNwj

"The simplest way to avoid repo-jacking when you’re downloading software directly from GitHub is to reference a specific commit ID" When using GitHub Actions or migrating to GitHub actions, I'm always trying to remember to tell people about this. Don't forget! Check out more general security hardening for #githubactions here: https://lnkd.in/guCgsS7b

This is your regular reminder that security software is still software and comes with all the problems that regular software does. We should judge PAN by how it responds to this CVE, not just by the criticality of the bug. Nonetheless, Horizon3.ai's blog is a solid write-up. It's always nice to read an old-school blog outlining the attack path from bug to exploit. https://lnkd.in/g5xKKefS

Today I am proud to be officially releasing a tool I've been working on: SSH-Snake. Put simply, SSH-Snake performs three basic tasks: 1. On the current system, find any SSH private keys, 2. On the current system, find any hosts or destinations (user@host) that the private keys may be accepted by, 3. Attempt to SSH into all of the discovered destinations using all of the private keys discovered. The interesting thing about SSH-Snake, however, is that it can perform all of these tasks recursively: once it connects to a new destination, it starts tasks #1-#3 again. It continues this into perpetuity; or until no new keys/destinations are found. It's completely self-replicating and self-propagating -- and completely fileless. How many systems and how far can you traverse a network using discovered ssh private keys on each system? SSH-Snake answers that question. The source code, documentation, and technical details can be found at https://lnkd.in/g27Y9KJb A technical blog post can be found at https://lnkd.in/gs7MRZF9 #security #offensivesecurity #redteam #hackingtools #cybersecurity

🚀 Excited to announce the October edition of the GitHub Security Webinar Series! Previously known as AppSec Happy Hour, this monthly webinar brings you cutting-edge security insights and best practices, all in a collaborative, engaging environment. Whether you're looking to explore new opportunities, grow existing relationships, or elevate your security expertise with GitHub Advanced Security, this is the perfect event for you! 📅 Save the date: October 10, 2024   📎 Register here: GitHub Security Webinar: https://lnkd.in/e2Sj5hEk Let’s work together to create a more secure future for developers and enterprises.  #CyberSecurity #GitHubSecurity #AdvancedSecurity #DevSecOps #GitHubWebinar #AppSec #ContinuousSecurity

Guest Blog: Ox Security onlearning from the Recent GitHub Extortion Campaigns: A new threat actor group known as Gitloker has launched an alarming campaign that wipes victims’ GitHub repositories and attempts to extort them. Victims are finding their repositories erased, replaced only by a solitary README file bearing the message: “I hope this message finds you well. This is an urgent notice to inform you that […] The post Guest Blog: Ox Security onlearning from the Recent GitHub Extortion Campaigns first appeared on IT Security Guru. The post Guest Blog: Ox Security onlearning from the Recent GitHub Extortion Campaigns appeared first on IT Security Guru.

🚀💻Security is our priority! Check out our new post: "XZ Vulnerability" Expand your knowledge about cybersecurity and discover the pros and cons related to the use of open source.🌐👉https://bit.ly/3Wc0x5J #PandoraFMS #OpenSource #TechBlog #Cybersecurity #Vulnerabilities.

Trying to get back on the horse! Check out my latest post on the cybersecurity blog, tonight we broke into Blackfield, a hard rated hacking challenge on Hack The Box. This features one of my favorite AD attacks: AS-REP Roasting, where authenticated users in the domain can simply request the password hash of service accounts. Thanks goodness no one ever has that configured in their environment! (You'd be surprised). Click the link to learn more. https://lnkd.in/exJZz2cF