.webp "Arena-Hard-Auto : Advancing LLM Evaluation With Style Control Integration")
.webp "How To Install/Run – Streamlining OSINT Workflows For Enhanced Capabilities")
CVE-2024-36401 : GeoServer Unauthenticated Remote Code Execution In Evaluating Property Name Expressions
GeoServer is an open-source software server written in Java that provides the ability to view, edit, and share geospatial data. It is designed to be a flexible, efficient solution for distributing geospatial data from a variety of sources such as Geographic Information System (GIS) databases, web-based data, and personal datasets. In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5...
BetterScan-CE Wiki : Integrating Comprehensive Security Scans Into DevOps
It is a Code and Infrastructure (IaC) and Cloud-native Scanning/SAST/Static Analysis/Linting solution using many tools/Scanners with One Report. You can also add any tool to it. Currently, it supports many languages and tech stacks. If you like it, please give it a GitHub star/fork/watch/contribute. This will ensure continuous development. Run this command in your code directory (checkout from Git - .git...
Betterscan – Comprehensive Security Orchestration For Code And Infrastructure
Scan your source code and infra IaC against top security risks Betterscan is a orchestration toolchain that uses state of the art tools to scan your source code and infrastructure IaC and analyzes your security and compliance risks. Currently supports: PHP, Java, Scala, Python, PERL, Ruby, .NET Full Framework, C#, C, C++, Swift, Kotlin, Apex (Salesforce), Javascript, Typescript, GO, Infrastructure as a Code (IaC) Security and Best Practices (Docker, Kubernetes (k8s), Terraform AWS, GCP, Azure), Secret Scanning (166+ secret types), Dependency...
SQLRecon – Comprehensive Guide To SQL Server Exploitation And Defense
SQLRecon is a Microsoft SQL Server toolkit that is designed for offensive reconnaissance and post-exploitation. For detailed information on how to use each technique, refer to the wiki. You can download a copy of SQLRecon from the releases page. Alternatively, feel free to compile the solution yourself. This should be as straight forward as cloning the repo, double clicking the solution file and...
OnMouseMove-HtmlFile-PoC : Unpacking The HTML File Exploit In Russian APT Cyberattacks
PoC for onMouseMove HTML file used in the Russian APT Group campaign targeting Ukraine The HTML File is included as an attachment in the phishing email, when the victim opens the html file and moves the mouse, this triggers the event handler attribute "onmousemove" which runs the Javascript, which further decodes the base64 encoded blob present in the HTML Body....
AWS CDK – Cloud Development Kit
AWS CDK uses the familiarity and expressive power of programming languages for modeling your applications. It provides high-level components called constructs that preconfigure cloud resources with proven defaults, so you can build cloud applications with ease. Prerequisites You have python3 installed and setup locally in your system path, refer to the docs for installation You have installed and configured the AWS CDK locally Ensure you have all...
K3S – Lightweight Kubernetes
The docker container runtime must be used to complete some of the included scenarios. K3s uses containerd by default, so adding docker support requires the following steps during installation Ensure docker version is up-to-date. Reference this repo curl https://releases.rancher.com/install-docker/20.10.sh | sh Change cgroup to cgroupfs because k3s does not use systemd cgroup echo -e '{n "exec-opts": ["native.cgroupdriver=cgroupfs"]n}' | sudo tee /etc/docker/daemon.json sudo systemctl daemon-reload sudo systemctl restart docker Install...
Microsoft Azure – Cloud Computing Services
Azure Kubernetes Services (AKS) is Microsoft's managed kubernetes offering running on Azure. Explore the robust capabilities of Microsoft Azure in our comprehensive guide to cloud computing services. This article delves into Azure Kubernetes Services (AKS), Microsoft's managed Kubernetes offering that enhances the scalability and efficiency of your applications. Get started with a step-by-step setup guide and practical tips to maximize...
ELFieScanner – Advanced Threat Detection Techniques In Linux Process Memory
A C++ POC for advanced process memory scanning that attempts to detect a number of malicious techniques used by threat actors & those which have been incorporated into open-source user-mode rootkits. ELFieScanner inspects every running process (both x86/x64) and its corresponding loaded libraries to look for evil. It then outputs the resultant telemetry into a NDJSON file. ELFieScanner offers four...
AWS – Amazon Web Services
Elastic Kubernetes Service (EKS) is a managed kubernetes offering by AWS. Discover how to harness the power of Amazon Web Services (AWS) to deploy a robust, scalable Kubernetes environment. This tutorial guides you through setting up an EKS cluster, configuring essential tools like eksctl, kubectl, and awscli, and deploying the Kubernetes Goat for real-world application testing. Perfect for beginners and...
.webp "Bomber : Navigating Security Vulnerabilities In SBOMs")
