Malicious Notepad++ installers push StrongPity malware - Bill Toulas bleepingcomputer.com/news/security/…

GitHub - fullhunt/log4j-scan: A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228 github.com/fullhunt/log4j…

Wrapped up the Introduction to Azure Pentesting class! This was super fun and I had a great time teaching. Access the course video and the lab here - azure.enterprisesecurity.io

Useful logs for Incident Responders Bigger format: github.com/corelight/bro-…

Andy Robbins So, if you're looking at it from a compliance angle, CISA has a draft of a Zero Trust Maturity Model that isn't useless, is pretty prescriptive. cisa.gov/sites/default/…

linkedin.com/video/event/ur… 120 registrations to my FREE webinar on battling Ransomware without buying ANY commercial security tools or products.

This is my favorite cybersecurity report of the year. 🔥

For #auditd on #Linux you can use my best practice auditd configuration, which is still actively maintained and gets frequent updates via PR If you've found ways to improve it, please provide them as pull request to help everyone else github.com/Neo23x0/auditd

@HackrowdSec Bug Bounty Tips Katie Paxton-Fear The XSS Rat - Proud XSS N00b :-) The @OWASP_MSTG Mobile Security Testing Guide has everything you need to escalate on mobile security. You can use the included Mobile Security Checklist to guide you through all the steps and the MSTG to learn everything you need to know. github.com/OWASP/owasp-ms…

Помните (t.me/alukatsky/5439) принцип «трех слов» при создании паролей от английского центра ИБ (NCSC)? У новозеландского CERT схожая идея, но они отказываются от случайности в выборе слов, входящих в пароль, увеличивая их число с трех до четырех. Такие запоминать попроще

And... we're done! That heavily censored token will let us perform any action in AzureAD as a Global Admin now! Defenders: The "Prevention" section of this blog post offers guidance to find/fix/prevent these attack paths in your own environments: medium.com/p/82667d17187a

This will be a thread discussing a real world breach involving a drone delivered exploit system that occurred this summer Some details I am not able to discuss, however for the blue teams & red teams out there I hope this provides a good measure of capability. 🧵🚁 🎮🖥️🦠

How to be Mobile Penetration tester in 2022 Mega Guide🧵(1/n)👇 For Beginner

📚Here’s our list: Must-read books for every #infoSec practitioner, a thread 🧵👇

Get 400 hours of cybersecurity training for just $79 in this deal bleepingcomputer.com/offer/deals/ge…

WhatsApp cannot be trusted