aegilops :github::microsoft: · @aegilops
126 followers · 470 posts · Server fosstodon.orgI open sourced a tool to create lists of repos to run GitHub CodeQLβs Multi-Repository Variant Analysis on, using a keyword search on GitHub.
It's a Bash script you can trigger with a VSCode build task. It uses the GitHub API (via the GitHub CLI) to fill a list in the VSCode settings.
Itβs a stopgap before this sort of feature makes it into the product.
https://github.com/advanced-security/mrva-code-search
#MRVA #VariantAnalysis #CodeQL #GitHub #VSCode #BuildTask #SAST #VulnerabilityResearch
#mrva #variantanalysis #CodeQL #github #vscode #buildtask #sast #vulnerabilityresearch
aegilops :github::microsoft: · @aegilops
118 followers · 432 posts · Server fosstodon.org
You can now run a single static analysis query across thousands of repos on GitHub using CodeQL's MRVA (Multi-repo Variant Analysis).
That's great both for security research and rapidly auditing exposure to a single vuln or weakness for security teams.
It works from the CodeQL extension for VSCode, with open source public repos & private repos where CodeQL Code Scanning is enabled.
#GitHub #SecurityResearch #VulnerabilityResearch #CodeQL #VariantAnalysis #MRVA #SAST
#github #securityresearch #vulnerabilityresearch #CodeQL #variantanalysis #mrva #sast
TODO Courses · @TODO
0 followers · 1 posts · Server infosec.exchange
We've just setup shop on Mastodon! πThe TODO training platform's still in early development, however, if you're looking to learn #ReverseEngineering, #VulnerabilityResearch, and #OffensiveSecurity then you've come to your right place. π¨βπ»π©βπ»π§βπ»
#reverseengineering #vulnerabilityresearch #offensivesecurity
JamesStevenson · @JamesStevenson
42 followers · 6 posts · Server infosec.exchangeI've been working on a #ReverseEngineering, #VulnerabilityResearch , #PenTesting, and #OffensiveSecurity training platform over the past few months. It's still in the 'MVP' stage so I'd love any feedback folk have for it! π§βπ»π©βπ»π¨βπ»
#reverseengineering #vulnerabilityresearch #pentesting #offensivesecurity
JamesStevenson · @JamesStevenson
202 followers · 7 posts · Server infosec.exchangeI've been working on a #ReverseEngineering, #VulnerabilityResearch , #PenTesting, and #OffensiveSecurity training platform over the past few months. It's still in the 'MVP' stage so I'd love any feedback folk have for it! π§βπ»π©βπ»π¨βπ»
#reverseengineering #vulnerabilityresearch #pentesting #offensivesecurity
JamesStevenson · @JamesStevenson
202 followers · 7 posts · Server infosec.exchange
I've finally setup an account on Mastodon πβπ β Now that I'm here, thought that I'd fill my feed with a few bits and pieces that I've been up to over the past year. π§΅β
π±β100% off #Android #Malware Analysis Course:
https://www.udemy.com/course/android-malware-analysis/?couponCode=MASTODON
π€β 100% off Android Games #ReverseEngineering Course:
https://www.udemy.com/course/learn-reverse-engineering-through-android-games/?couponCode=MASTODON
πβ 75% Off My Android / #iOS #VulnerabilityResearch and #PenTesting book: https://ko-fi.com/jamesstevenson/link/MASTODON
#android #malware #reverseengineering #ios #vulnerabilityresearch #pentesting
anne-marie creamer · @amcreamer
161 followers · 62 posts · Server zirk.usI should have hash tagged this π- #vulnerability #vulnerabilityresearch #CSM #illness #interdependence #woundedstoryteller #havicarel
#havicarel #woundedstoryteller #interdependence #illness #CSM #vulnerabilityresearch #vulnerability
Tinker βοΈ · @tinker
8184 followers · 4740 posts · Server infosec.exchange
To this! It's looks like @alex has set up a Mastodon instance that can be messed around with as a sort of lab environment (is that right, Alex?!) - Perhaps a valid target for web app pentesting and bug research for Mastodon?
(HT @JoshCGrossman for the tip!)
Talk to @alex to be sure and for more information.
But here's the link to the server:
https://cybervillains.com/explore
#WebAppPentesting #vulnerabilityresearch #mastodon
Tinker βοΈ · @tinker
8184 followers · 4740 posts · Server infosec.exchange
So @jerry has brought together all these hackers, all these information security professionals, all these web application penetration testers...
...and put them together on an open sourced web application.
Look, I ain't telling you to hack this specific server. But I am telling you to have fun with the software (IN YOUR OWN LAB ENVIRONMENT!!!)
Anyhoo... information on how to report vulnerabilities within Mastodon here: https://github.com/mastodon/mastodon/security/policy
_______
#WebAppPentesting #infosec #FOSS #VulnerabilityResearch
#WebAppPentesting #infosec #foss #vulnerabilityresearch
weetster · @weetster
169 followers · 74 posts · Server ioc.exchangeItβs crazy to me how often I find some vulnerable code in a library but itβs unreachable for whatever reason. Maybe it becomes reachable one day or maybe it sits there forever, just out of reach, because either way itβs not worth anyoneβs time to report or fix. #infosec #vulnerabilityresearch
#infosec #vulnerabilityresearch
ITSEC News · @itsecbot
856 followers · 32557 posts · Server schleuss.online
Episode 225: Unpacking the Azure CHAOS DB Flaw with Nir Ohrfeld of Wiz - Weβre joined by Nir Ohfeld of Wiz. Nir helped discover the recent CHAOS DB flaw in... https://feeds.feedblitz.com/~/665103670/0/thesecurityledger~Episode-Unpacking-the-Azure-CHAOS-DB-Flaw-with-Nir-Ohrfeld-of-Wiz/ #vulnerabilityresearch #wiztechnologies #cloudcomputing #microsoftazure #cybersecurity #technologies #companies #microsoft #spotlight #cosmosdb #podcasts #chaosdb #azure #cloud #wiz
#wiz #cloud #azure #chaosdb #podcasts #cosmosdb #spotlight #microsoft #companies #technologies #cybersecurity #microsoftazure #cloudcomputing #wiztechnologies #vulnerabilityresearch
ITSEC News · @itsecbot
738 followers · 32490 posts · Server schleuss.online
Episode 210: Moving The Goal Posts On Vendor Transparency: A Conversation With Intelβs Suzy Greenberg - In this episode of the podcast, Paul speaks with Intel Vice President Suzy Greenbe... https://feeds.feedblitz.com/~/648714610/0/thesecurityledger~Episode-Moving-The-Goal-Posts-On-Vendor-Transparency-A-Conversation-With-Intel%e2%80%99s-Suzy-Greenberg/ #vulnerabilitydisclosure #vulnerabilityresearch #softwaresupplychain #productassurance #vulnerabilities #cybersecurity #suzygreenberg
#suzygreenberg #cybersecurity #vulnerabilities #productassurance #softwaresupplychain #vulnerabilityresearch #vulnerabilitydisclosure
ITSEC News · @itsecbot
738 followers · 32490 posts · Server schleuss.online
Critical Flaws Found In Widely Used Netmask Open Source Library - An IP address parsing flaw in the netmask NPM module affects hundreds of thousands of applications... https://feeds.feedblitz.com/~/647967552/0/thesecurityledger~Critical-Flaws-Found-In-Widely-Used-Netmask-Open-Source-Library/ #applicationdevelopment #vulnerabilityresearch #applicationsecurity #vulnerabilities #cybersecurity #technologies #opensource #companies #sickcodes #software #netmask #rfi/lfi #threats #ipv4 #ssrf
#ssrf #ipv4 #threats #rfi #netmask #software #sickcodes #companies #opensource #technologies #cybersecurity #vulnerabilities #applicationsecurity #vulnerabilityresearch #applicationdevelopment
ITSEC News · @itsecbot
738 followers · 32490 posts · Server schleuss.online
Episode 201: Bug Hunting with Sick Codes - The work of vulnerability research has changed a lot in the last two decades. In this episode, Secur... https://feeds.feedblitz.com/~/643019766/0/thesecurityledger~Episode-Bug-Hunting-with-Sick-Codes/ #vulnerabilityresearch #internetofthings #vulnerabilities #supplychain #opensource #companies #interview #smarthome #spotlight #sickcodes #consumer #podcasts #software #smarttv #threats #tcl
#tcl #threats #smarttv #software #podcasts #consumer #sickcodes #spotlight #smarthome #interview #companies #opensource #supplychain #vulnerabilities #internetofthings #vulnerabilityresearch
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Talos Vulnerability Discovery Year in Review β 2020 - While major attacks like ransomware and COVID-19-themed campaigns made headlines across the globe th... http://feedproxy.google.com/~r/feedburner/Talos/~3/UyoB-dTZhAc/vulnerability-discovery-2020.html #vulnerabilitydisclosuretimeline #vulnerabilitydiscovery #vulnerabilityresearch #yearinreview2020 #talos #cve
#cve #talos #yearinreview2020 #vulnerabilityresearch #vulnerabilitydiscovery #vulnerabilitydisclosuretimeline
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Vulnerability Spotlight: Zoom Communications User Enumeration - Video conferencing and calling software has spiked in popularity as individuals across the globe are... more: http://feedproxy.google.com/~r/feedburner/Talos/~3/tECLCl4ynf0/zoom-user-enumeration.html #vulnerabilityspotlight #vulnerabilityresearch
#vulnerabilityresearch #vulnerabilityspotlight
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Vulnerability Spotlight: Information disclosure vulnerability in Microsoft Media Foundation - Marcin βIcewallβ Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Microsoft ... more: http://feedproxy.google.com/~r/feedburner/Talos/~3/VnXYz6tR7IU/vuln-spotlight-microsoft-media-foundation-april-2020.html #microsoftmediafoundation #vulnerabilityspotlight #microsoftpatchtuesday #vulnerabilityanalysis #vulnerabilityresearch
#vulnerabilityresearch #vulnerabilityanalysis #microsoftpatchtuesday #vulnerabilityspotlight #microsoftmediafoundation
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Vulnerability Spotlight: Multiple vulnerabilities in Videolabs libmicrodns - Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
A specific li... more: http://feedproxy.google.com/~r/feedburner/Talos/~3/yoEpWwmjR1k/vuln-spotlight-videolabs-microdns.html #vulnerabilityadvisories #vulnerabilityspotlight #vulnerabilityresearch #denialofservice #vulnspotlight #videolabs
#videolabs #vulnspotlight #denialofservice #vulnerabilityresearch #vulnerabilityspotlight #vulnerabilityadvisories
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Vulnerability Spotlight: Information disclosure in Windows 10 Kernel - Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recent... more: http://feedproxy.google.com/~r/feedburner/Talos/~3/fqXfmBjGe5A/vuln-spotlight-windows-10-kernel-information-disclosure.html #vulnerabilityspotlight #microsoftpatchtuesday #vulnerabilityanalysis #vulnerabilityresearch #microsofwindows #windows10kernel #microsoft
#microsoft #windows10kernel #microsofwindows #vulnerabilityresearch #vulnerabilityanalysis #microsoftpatchtuesday #vulnerabilityspotlight
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Vulnerability Spotlight: WAGO products contain remote code execution, other vulnerabilities - Patrick DeSantis, Kelly Leuschner and Lilith [-_-]; of Cisco Talos discovered these vulnerabilities.... more: http://feedproxy.google.com/~r/feedburner/Talos/~3/i09N3xe3dv4/wago-vulnerability-spotlight-march-2020.html #vulnerabilityspotlight #vulnerabilityresearch #vulnerabilities #controllers #wagopfc #wago #ics
#ics #wago #wagopfc #controllers #vulnerabilities #vulnerabilityresearch #vulnerabilityspotlight