Test Images and Challenges
https://dfir.training/resources/downloads/ctf-forensic-test-images
yesterday at 07:41 am
yesterday at 07:41 am
Moving away from spreadsheets: How to automate your third-party risk management process
Spreadsheets are dumb. Okay, it’s not that spreadsheets are dumb, or that the people who use them are dumb. That’s not at all what I’m saying. What’s dumb is using spreadsheets to manage third-party information security risk. https://www.helpnetsecurity.com/2019/08/12/third-party-risk-management-...
8 days ago
Simple Guide to SAML vs OIDC
SAML (Security Assertion Markup Language) and OIDC (OpenID Connect) are the most widely used federation protocols for web based single sign-on. In the case of SAML, the most commonly used flow is Redirect/POST Bindings (SP or IDP initiated) and in the case of OIDC, it is Authorization code flow. ...
2 weeks ago
AWS IAM Privilege Escalation Cookbook
Eine kleine Liste was man alles falsch konfigurieren kann. An attacker with the iam:CreatePolicyVersion permission can create a new version of an IAM policy that they have access to. This allows them to define their own custom permissions. https://github.com/RhinoSecurityLabs/AWS-IAM-Privilege-Es...
4 weeks ago
HACKTALE
HackTale is a new, innovative approach for teaching and training cyber experts via gamification. HackTale is a platform designed for the creation of cyber-games. Each game simulates a different attack scenario and focuses on different aspects of cyber-defense. https://www.hacktale.com
4 weeks ago
Understanding Docker container escapes
Trail of Bits recently completed a security assessment of Kubernetes, including its interaction with Docker. https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/
a month ago
Docker for Pentesters
Ein sehr praktischer Artikel um Einsatz von Docker fürs Pentesten: Over the last few years I have done a complete 180 on Docker (well, containerization in general). One of the very first posts I wrote on this blog was about plundering Docker images, and at the time I was not a fan. https://blog.r...
a month ago
AWS Security Roadmap
Cloud Security (egal ob AWS, Azure, Google, OpenShift, ...) ist ein weites Feld. Oft sieht man den Wald vor lauter Bäumen nicht mehr, da unterschiedliche Sichtweisen und Stakeholder sich des Themas annehmen (Compliance, Datenschutz, die-Sicht-der-Hacker, das ganze Thema Berechtigungsverwaltung). ...
a month ago
British Airways Hit With Record Fine Following 2018 Cyberattack
UK[1] zeigt wohin die Reise gehen mag. Hier (@AT) zeigt man sich bezüglich Strafen ja noch abwartend. In Bayern haben sie gutes Bier und guten Datenschutz! Sie prüfen schon sehr genau (auch technisch!) und zeigen das auch sehr transparent her[2] [1] UK-based airline British Airways (BA) is facing...
a month ago
API Security Checkliste
Eine (unter vielen) API Securit Checklisten für Dev-Teams oder Security Tester. Da APIs immer wichtiger werden (Mobile Apps, IoT, IIoT, etc) sind solche Listen gut damit man (beim Entwickeln und beim Testen) nichts vergisst. https://github.com/mingrammer/api-security-checklist
a month ago