Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks
Google Chrome's new cache change could boost performance
US Health Dept urges hospitals to patch critical Citrix Bleed bug
NetCat For Hackers. Basic syntax and switches | by Muhammad Saim | Dec, 2023 | Medium
TryHackme’s Advent of Cyber 2023 — Day 1 Writeup with Answers by Karthikeyan Nagaraj | by Karthikeyan Nagaraj | Dec, 2023 | Medium
DevSecOps Like a Pro — A Chill Intro to Terraform | by Supa Safe | Dec, 2023 | Medium
Fix your Security Compliance : Part 1- Automation by Design | by Varun Gurnaney | Dec, 2023 | Medium
Safeguarding Democracy: XCOODE’s Pioneering AI Tool to Combat Election Disinformation in India | by XCOODE | Dec, 2023 | Medium
Back to Basics around OT Security | by JC Gaillard | Security Transformation Leadership | Dec, 2023 | Medium
Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S.
Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware
Particle Network's Intent-Centric Approach Aims to Simplify and Secure Web3
The Week in Ransomware - December 1st 2023 - Police hits affiliates
Cyberattack Defaces Israeli-Made Equipment at US Water Agency, Brewing Firm
TrickBot malware dev pleads guilty, faces 35 years in prison
404: Not Found
Fidelity National Financial back to ‘normal business operations’ after cyberattack
404: Not Found
Qlik Sense flaws leveraged in new CACTUS ransomware attacks
French government recommends against using foreign chat apps
Hackers use new Agent Raccoon malware to backdoor US targets
2 Apple WebKit zero-day bugs exploited on iPhone browsers
VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks
Windows 10 KB5032278 update adds Copilot AI assistant, fixes 13 bugs
LogoFAIL attack can install UEFI bootkits through bootup logos
Kimsuky hacking group faces US sanctions
North Carolina city compromised in pre-Thanksgiving cyberattack
404: Not Found
US states' court record systems impacted by document-leaking vulnerabilities
404: Not Found
Google to Delete Inactive Gmail Accounts From Today
New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia
Qlik Sense flaws exploited in Cactus ransomware campaign
Voltron Data Theseus helps organizations solve data processing challenges
Cable Transaction Assurance enhances the efficacy of front-line financial crime controls
Apple Patches Actively Exploited iOS Zero-Days
NCSC Urges UK Water Companies to Secure Control Systems
Black Basta’s ransom haul tops $100M in less than 2 years
404: Not Found
Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan
Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks
Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats
WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password
Critical Zyxel NAS vulnerabilities patched, update quickly!
Hitachi Vantara Pentaho+ allows organizations to oversee data from inception to deployment
UK Celebrates “World-First” Anti-Fraud Deal With Big Tech
Announcing IWCON 2023 Speakers Final Batch | by InfoSec Write-ups | Dec, 2023 | InfoSec Write-ups
Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917)
WINBLUE BOX . A try hack me box - khulah_sardar
How a Charge Point Operator accidentally leaked authentication information of all its potential customers | by Harm van den Brink | Nov, 2023 | Medium
Blind OS command injection. A portswigger lab’s report. | by Malik Haider Ali | Dec, 2023 | Medium
Blind OS command injection with output redirection. A portswigger’s Lab Report | by Malik Haider Ali | Dec, 2023 | Medium
What is MevBot’s Front Running Attack on Users? How to Avoid It? | by codingJourneyFromUnemployment | Dec, 2023 | Medium
Dots do matter: Why dots in Gmail addresses impact Google Workspace investigations | by Megan Roddie | Nov, 2023 | Medium
How secure Network-as-a-Service can help network transformation
404: Not Found
U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign Agents
Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices
Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws
New infosec products of the week: December 1, 2023
Unhappy network professionals juggling more with less
Bridging the gap between cloud vs on-premise security
Key drivers of software security for financial services
LogoFAIL bugs in UEFI code allow planting bootkits via images
Apple Issues Urgent Security Patches for Zero-Day Vulnerabilities
US govt sanctions North Korea’s Kimsuky hacking group
The Cybersecurity Landscape: Reviewing 2023 and Strategies for 2024
Zoom flaw enabled hijacking of accounts with access to meetings, team chat
404: Not Found
WhatsApp's new Secret Code feature hides your locked chats
Get 20% off Emsisoft's Enterprise Security EDR solution for the holidays
CISA: Attacks exploiting Unitronics PLCs in water utilities underway
404: Not Found
Cyberattack at Japan's space agency confirmed
Cyberattacks impact Capital Health hospitals
404: Not Found
Google: Taiwan facing deluge of Chinese cyberattacks
Lazarus-linked cryptomixing service subjected to US sanctions
Apple fixes two new iOS zero-days in emergency updates
Capital Health Hospitals hit by cyberattack causing IT outages
Fewer cybersecurity professionals losing their jobs in breach ‘blame’ game
404: Not Found
What can you get for $200? Several megabytes of ChatGPT training data
404: Not Found
Android Banking Malware FjordPhantom Steals Funds Via Virtualization
Enhancements to Proofpoint Federal Solutions
Cactus ransomware exploiting Qlik Sense flaws to breach networks
Staples confirms cyberattack behind service outages, delivery issues
North Korean Hackers Amass $3bn in Cryptocurrency Heists
Google 0-day browser bug under attack, patch available
404: Not Found
68% of US Websites Exposed to Bot Attacks
Flow Security unveils GenAI DLP module to prevent data leaks in real-time
SDO Introduces cryptographic proximity validation for mobile push
Delinea Secret Server enhancements increase privileged access management adoption
Dremio introduces GenAI-powered data documentation and labeling to reduce manual work
Zyxel warns of multiple critical vulnerabilities in NAS devices
FjordPhantom Android Malware Targets Banks With Virtualization
Manufacturing Top Targeted Industry in Record-Breaking Cyber Extortion
Top Free Resources for Ethical Hacking and Bug Bounty Beginners | InfoSec Write-ups
CISA urges water facilities to secure their Unitronics PLCs
ThreatNG empowers organizations to identify and mitigate their ransomware risk
Egress unveils graymail detection capability to improve employee productivity
FjordPhantom Android malware uses virtualization to evade detection
Booking.com Customers Scammed in Novel Social Engineering Campaign
RedLine Stealer Malware Deployed Via ScrubCrypt Evasion Tool
Google Unveils RETVec - Gmail's New Defense Against Spam and Malicious Emails
Nitrokey releases NetHSM, a fully open-source hardware security module
CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks
North Korea's Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks
This Free Solution Provides Essential Third-Party Risk Management for SaaS
7 Uses for Generative AI to Enhance Security Operations
SAS collaborates with AWS to help customers unlock more value from their data
Thousands of Dollar Tree Staff Hit by Supplier Breach
Black Basta Ransomware Group Makes $100m Since 2022
Okta Admits All Customer Support Users Impacted By Breach
U.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers
AI: The new puppet master behind cyberattacks
404: Not Found
City of Long Beach Confirms Data Breach in Recent Cyberattack | by Amir Hossain | Nov, 2023 | Medium
Cybersecurity: Achieving the ‘Hole-in-One’ of Digital Defence | by ArmourZero | Nov, 2023 | Medium
Portswigger Labs — File Upload. Today, we are delving into the the… | by Ry4nnnn | Nov, 2023 | Medium
Understanding ASA Firewalls — Part 1 | by Abhinav Maharjan | Nov, 2023 | Medium
Beware! 9 Cunning Scams That Could Target You in 2024 | by Matrix3D India | Nov, 2023 | Medium
Organizations can't ignore the surge in malicious web links
Mosint: Open-source automated email OSINT tool
Bridging the risk exposure gap with strategies for internal auditors
What custom GPTs mean for the future of phishing
Infosec products of the month: November 2023
PII Disclosure Worth $750 | by the_unlucky_guy | Nov, 2023 | Medium
Imposing consequences on cyber adversaries — How we help the FBI to fight cybercrime | by Samuel Hassine | Nov, 2023 | Filigran Blog
Hunting for AMSI Bypassing methods | by Mostafa Yahia | Nov, 2023 | Medium
Being Prepared for Adversarial Attacks
Cornell Discovers a Threat at the Core of ChatGPT | Towards AI
Cyber Security Certifications are USELESS if You Don’t Do These Things… | by Alexis Lingad | Oct, 2023 | Medium
XSS - Weaponization ATO. Hi fellow hunters, In this write-up I… | by p4n7h3rx | Nov, 2023 | Medium
Cybersecurity Risk of Opening Up to the Internet | by Paritosh | Nov, 2023 | Medium
How to detect encryption - cyberhansu
Make a file encryption similar to ransomware | by R09sh | Nov, 2023 | Medium
Abusing XSS to bypass OPT |CTF. *** Series on web hacking ***** | by Tomato | Nov, 2023 | Medium
The Right To Create Your Own Encryption Keys: Meet the Clipper Chip and Skipjack | by Prof Bill Buchanan OBE | ASecuritySite: When Bob Met Alice | Nov, 2023 | Medium
Hacked Tokens: A Horror Story. Dissecting how a hacked token caused a… | by Jake Teo | Nov, 2023 | Level Up Coding
Navigating the Cybersecurity Maze: Implementing SIEM | by Matthias | Nov, 2023 | Medium
A Speedy Chat with a Cybersecurity Wizard | ILLUMINATION-Curated
Innovate Safely with GPTs | by Dan Klein | Labs Notebook | Nov, 2023 | Medium
Abloy Classic Camlock Picking and Gutting - YouTube
60 US credit unions offline after cloud ransomware infection • The Register
Churches & Comic-cons | Mapping the Archetypes Clip - YouTube
Docker: Accelerated Container Application Development
Russian drones use Ukrainian SIMs for flight guidance
Webinar - The Blackfriday "Phishing is more active" - YouTube
Okta: Breach Affected All Customer Support Users – Krebs on Security
Cyber breach impacting Kentucky homeowners
[223] KABA Matrix (16 pin) picked - YouTube
Exploits? - YouTube
Extracting Training Data from ChatGPT
Silent cyber menace: Majority of US websites are unprotected against simple bot attacks - SiliconANGLE
Tricard - Malware sandboxes fingerprinting – Unicorn Security – Breaching Unicorns
We Hacked Ourselves With DNS Rebinding
861. Two small Old English style 2 lever padlocks picked open | GIVEAWAY | NO keys | Who wants them? - YouTube
Employee Data Leaked in North Carolina City Due to Thanksgiving Cyber Attack - Cyber Daily - Cyber Security News
Autonomous Hacking of PHP Web Applications at the Bytecode Level
CTO at NCSC Summary: week ending December 3rd
Booking.com hackers increase attacks on customers - BBC News
2 municipal water facilities report falling to hackers in separate breaches | Ars Technica
To Schnorr and beyond (part 2) – A Few Thoughts on Cryptographic Engineering
Abusing Okta's SWA authentication method
North Korea's Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks
What Everyone Got Wrong About the MGM Hack
TRAP; RESET; POISON; - Taking over a country Kaminsky style - SEC Consult
BLUFFS is the new Bluetooth flaw - Local Trending News
[222] Hori Trident with T pins picked - YouTube
Cyberattack – November 2023 — blender.org
Decompilation Debugging | clearbluejar
Ransomware attack on hospital chain causes chaos - YouTube
Google Will Start Deleting Old Accounts in 2 Days. Here's How to Save Your Google Account - CNET
I developed a mediclaim fraud detection system, utilizing advanced analytics and machine learning. This solution enhances accuracy, reduces costs, and ensures fairness by identifying anomalies in claim submissions, fortifying the security and reliability
Wash trading server for the purpose of making a user's bitcoin completely untraceable. This is just a proof-of-concept.
A SSI Proof-of-Concept
Undetected Fortnite Cheat Hack Aimbot ESP
Valorant Cheat Hack Aimbot ESP
Project implementation of security using Spring Boot 3.0 and JSON Web Tokens (JWT)
Valorant Cheat Hack Aimbot ESP
Created an EC2 instance with the associated security groups using terraform modular structure - BASIC
Valorant cheat hack | Fecurity cheat crack
Undetected Fortnite Cheat Hack Aimbot ESP
Build for Jing Long Security Guars
Valorant cheat hack | Fecurity cheat crack
RustDesk is a full-featured open source remote control alternative for self-hosting and security with minimal configuration.
Valorant Cheat Hack Aimbot ESP
Valorant Cheat Hack Aimbot ESP
Valorant Cheat Hack Aimbot ESP
Proof of concept for a chat app that communicates with Law Goat
Fortnite cheat hack | Kezza fortnite cheat
AWS SSM automation to disables incoming SSH access on port 22 for security groups.
Java side of ProofOfConcept Project. Will likely be merged with proofofconcept.
Source Code Vulnerability Detection using machine learning
Authentication and Security -- node, express, mongoose
Primeiro teste de Spring Security
A proof of concept method to calculate estimate the roots of a polynomial.
Security ethics and networking coursework..........
An experiment in storing and loading items from a server using a custom api
Fortnite cheat hack | Kezza fortnite cheat
Free Code Camp Info Security Application
Undetected Fortnite Cheat Hack Aimbot ESP
Undetected Fortnite Cheat Hack Aimbot ESP
Valorant Cheat Hack Aimbot ESP
A tool to monitor for changes of files in a given directory, as security measure to prevent website hickjack
더조은아카데미 SpringSecurity 프로그래밍 실습
This is the project for spring security test
Valorant Cheat Hack Aimbot ESP
Proof of Concept of using Raft Consensus to manage sharding of a Discord bot through many worker nodes
Valorant Cheat Hack Aimbot ESP
Undetected Fortnite Cheat Hack Aimbot ESP
Proof of concept developed for the CVE-2023-36664
Spring Security 2.5 연습
cyber security
this a reddit clone app using spring mvc , angular spring security
This repository contain the Security assessment of an open-source software for 5565
"SecurePass Strength Check" is a PHP-based API that assesses password strength using criteria like length and character diversity. It offers improvement suggestions and features robust security measures, including HTTPS support and rate limiting, making i
web utils
Database Management System using SQL database and PHP
Proof of concept mod that adds a new native function to Mint's virtual machine
Proof of concept (POC) using D3 to create small multiple line charts. Project code: 1045.
Fortnite cheat hack | Kezza fortnite cheat
A repository for proof of concepts demonstrating data exfil via css injection.
The project report delves into a new way of voting that uses blockchain technology. Instead of traditional methods, like paper ballots or electronic systems, blockchain brings in transparency and security by creating a decentralized and tamper-proof syste
A project to be a proof of concept of things you can do with the velocidrone web socket
Fortnite cheat hack | Kezza fortnite cheat
Cybersecurity Course
Fortnite cheat hack | Kezza fortnite cheat
Valorant cheat hack | Fecurity crack valorant
Welcome here! This would be my ultimate guide to learning cyber security! 🚀 This repository is designed to be your go-to resource for mastering the essentials of cybersecurity. Whether you're a beginner or looking to advance your skills, this roadmap and
Spring Security form udemy 1-12-23
Valorant cheat hack | Fecurity crack valorant
This is my project which involves a method of Network Intrusion Detection using Apriori Algorithm. The source code of the project is written in the Python programming language. This is an attempt to combine the concepts of data mining and cyber security t
Basic Anatomy of a Linux Container taught by Liz Rice, Aqua Security.
Security with JWT and method-based assurance.
A Python script that cooks up strong and secure passwords inspired by the legendary defense skills of Rahul Dravid. This simple yet effective password generator combines uppercase letters, lowercase letters, digits, and special characters to create robust
Fortnite cheat hack | Kezza fortnite cheat
Proof of concept for google recaptcha integration from frontend
Learning about servers, git, security, CI/CD, databases, and containers through frontend masters course
ATM Simulation This project is a simple Python program that simulates an Automated Teller Machine (ATM). The model allows users to perform basic ATM operations such as checking the balance, making deposits, and withdrawing money. Additionally, it includes
linux security repo
linux security repository
linux security repository
참고: https://www.inflearn.com/course/%EC%8A%A4%ED%94%84%EB%A7%81%EB%B6%80%ED%8A%B8-%EC%8B%9C%ED%81%90%EB%A6%AC%ED%8B%B0/dashboard
linux security repository
linux security repository
Henry Kissinger Parents – Henry Alfred Kissinger popularly known as Henry Kissinger was an American diplomat, political theorist, geopolitical consultant, and politician. He served as United States Secretary of State and national security advisor under th
gRPC to Websocket API proxy proof of concept
Deluder is a tool for intercepting traffic of proxy unaware applications. Currently, Deluder supports OpenSSL, SChannel and WinSock out of the box. ⚡
Valorant cheat hack | Fecurity crack valorant
information security related articles
Fortnite hack cheat |fortnite cheat crack
Trying out AOC this year, my spin on it is that I want to practice dev methods such as unit testing as I go to see if I can re-coup the time it takes to write them to prove that it is faster to write unit tests as I go. This isn't a scientific experiment,
spring security guides
Security repository for Chameleon Security projects
This will contain PowerShell functions that can be leveraged for cyber security purposes.
Transforming device management and security in the cloud era, with Microsoft Intune!
The "GameStore" app is a Laravel-based platform that allows users to store, view, and purchase games, as well as manage their profiles. It uses Laravel's MVC architecture, Eloquent ORM, and security measures, with a dynamic interface created using Blade.
Privacy and Security Code
Properties File for Spring Security Config
OverTheWire IT security introductory challenges with notes and solutions.
PiroAttack - A Python 3 app for SECURITY TESTING PURPOSES ONLY!
Proof of Concept for my Senior Capstone Project
Introduction to IT security guide
A simple proof of concept game of space invaders
Comprehensive documentation for setting up a Security Operations Center (SOC) lab.
Fortnite cheat hack | Kezza fortnite cheat
Strengthening Network Security Through Comprehensive Assessment
Fortnite cheat hack | Kezza fortnite cheat
A proof of concept demonstration open telemetry instrumentation with springboot applications
A proof of concept for transforming Audio Waveforms into printable 3D models using openscad
Valorant cheat hack | Fecurity crack valorant
Jetpack Compose-powered Android client with smart, automated server switching and security features.
Fortnite cheat hack | Kezza fortnite cheat
Spring Security Trainig
Valorant cheat hack | Fecurity crack valorant
Elevate network security using real-time monitoring solution! NIDS, powered by the NSL-KDD dataset, detects and responds to suspicious activities, known attack signatures, and abnormal patterns.
Valorant Cheat Hack Aimbot ESP
EffortLogger: Agile project tracking tool, balancing privacy, security, and efficiency for individual contributors and enterprise-scale teams.
Build Snyk Gitlab Broker on ECS Fargate including ALB, Security Groups and ECS Service. the Gitlab Token will be pulled from AWS SCM
Welcome to ChainRaffle, an innovative decentralized lottery system powered by smart contracts. ChainRaffle leverages the transparency and security of blockchain technology to create a fair and provably random lottery experience.
Valorant Cheat Hack Aimbot ESP
An open-source site detailing better information security practices.
(SIEM) Security information and event management
Linux Security github
Includes proof of concepts for some of my Capstone feasibility tests.
Proof of concept script created for research paper for DSU's FA23 CSC786 Cyber Problems course.
Simple products store applying security standards
Adjust classifier free guidance scale adaptively. Just a proof-of-concept.
Linux Security github
A proof of concept tool that allows you to embed any spotify song to listen without ads.
writeups|proof of concepts|exploits
Linux Security github
Proof of concept text to local database utility, platform independent and lightweight built in Java.
Security Arduino Project
Code for Udemy course "Learn to secure Spring Boot applications with the New OAuth 2.0 Stack in Spring Security 5"
Linux Security gitbub
a proof of concept for an application based OS that runs on bash.
Valorant Cheat Hack Aimbot ESP
Security Spring Boot JWT PostgreSQL Docker
This project serves as a proof-of-concept for integrating Amazon Cognito for user authentication. It includes routes for user authentication, registration, email verification, and token management.
Valorant Cheat Hack Aimbot ESP
An assignment for CMPE 272, designing and implementing a secure webserver.
This is a project made for Airost Internship Program by TEAM 10. This project will use Arduino Uno to drive the servo motor up, which is same as a barrier lifted to allow registered car to pass through in a parking system.
IDEA4RC proof of concept infrastrucuture
Undetected Fortnite Cheat Hack Aimbot ESP
JWT and passport active directory
Just a simple proof of concept http server written in C
Undetected Fortnite Cheat Hack Aimbot ESP
An end-to-end data pipeline from on-prem SQL Server to Azure Data Lake Gen2 using Azure Data Factory, with layered data processing in Databricks, analytics via Azure Synapse, reporting in Power BI, and security through Azure Active Directory and Key Vault
Proof of concept: Surface electromyography in conjunction with sentiment analysis could externally manifest the act of ‘taming the tongue,’ as articulated in James 3:1-12.
Valorant Cheat Hack Aimbot ESP
Valorant Cheat Hack Aimbot ESP
A curated collection of the latest academic research papers and developments in AI Security. This repository aims to provide a comprehensive source for researchers and enthusiasts to stay updated on AI Security trends and findings. Contributions welcome!
Valorant Cheat Hack Aimbot ESP
Implementation of security
Undetected Fortnite Cheat Hack Aimbot ESP
Undetected Fortnite Cheat Hack Aimbot ESP
just as a proof of concept
Undetected Fortnite Cheat Hack Aimbot ESP
Undetected Fortnite Cheat Hack Aimbot ESP
The proof-of-concept application is designed to assist flower vendors in determining optimal prices for their products, considering various factors such as demand, quality, and quantity. The objective is to provide vendors with a tool to calculate the bes
Valorant Cheat Hack Aimbot ESP
Unique Revolutionary Shell RPG Cyber Security Game, including markdown, picture, text & sound for GUI simulation without affecting performance.
Proof Of Concept: OpenTelemetry on the simplest web that sends logs to OpenShift Collector
on journey to improve the cyber skills Cyper Security.
Proof of concept to generate PDFs documents with ReportLab in python
Join the Secure Chat revolution: A user-friendly chat application that prioritizes your security, without compromising on functionality and ease of use.
Valorant Cheat Hack Aimbot ESP
continuing to make progress on spring mvc, with spring security
Valorant Cheat Hack Aimbot ESP
Baseline cyber security controls for small and medium organizations
A comprehensive network monitoring and analysis tool developed using Scapy library in Python. It provides real-time scanning and analysis of network traffic, detection of potential security threats such as DDoS attacks and ARP spoofing, as well as assessm
Community curated list of templates for the nuclei engine to find security vulnerabilities.
spectrum.py is a discord.py style proof-of-concept library for making chatbots for Star Citizen's Spectrum chat
Vibranium Dome, The first open-source LLM WAF for Agents.
Application built with Laravel that provides secure user authentication using JSON Web Tokens (JWT), incorporates email verification for enhanced user security, and allows users to reset their passwords seamlessly.
Relative Agnostic System Hardening for Linux: a reasonable approach to automating security
hanya buat mendalami security code dengan sonarlint dan sonarcube
Valorant Cheat Hack Aimbot ESP
Repository for WallTree Global website
Fortnite cheat hack | Kezza fortnite cheat
the database server
CourseEnroll is a Java-based enrollment application designed for educational institutions. With a user-friendly interface, administrators can effortlessly manage courses, while students can browse, check prerequisites, and enroll seamlessly. The applicati
Project in Node JS with Express... use websocket, rabbitmq, security things... Fullstack class
This repository holds proof of concepts and code to show that LLM fine tuning or prompt tuning is not privacy protecting.
Security Audit Platform
Aplicación de dispositivos móviles realizada en flutter. Aplicación de cursos y recursos digitales sobre cirbeseguridad
This project is a credit card fraud detection system developed to identify and prevent fraudulent transactions in real-time. Leveraging big data technologies, machine learning models, and real-time processing, this project aims to enhance the security of
This is a personal note capturing various AWS resources for securing the AWS account
REST API com Spring Boot 3, Spring Security, Spring Data JPA, JWT, Swagger, Testes end2end, DTO
Storely is a versatile management system designed for businesses, schools, and kindergartens, combining a user-friendly Vuetify interface, robust Express backend, and a scalable MongoDB database. This modular solution addresses diverse operational needs w
App social use Java 17, Spring (Boot, Cloud, Data, Security), JPA / Hibernate, PostgreSQL, JWT, AWS S3 bucket Docker, JUnit, Mockito, TypeScript, React.js
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
a blockchain-based eVault system for legal records that can ensure security, transparency, and accessibility for all stakeholders.
Landing page for a proof of concept food waste solution.
Fagun with Bugs an Powerful Security Scanning & SQA Testing Tools
E-Comm-and-Cyber-Security Material
A Node.js + Serverless + S3 + SQS + DLQ proof of concept
dgpso google slsa proof of concept
Baseline deployment for engineering engagement with new clients onboarding onto the EMEA Managed Security Platform
spring boot, spring security, postgresql, elasticsearch, react, bootstrap
Experiments and proof of concepts
BTL Python with topic: AI - Face Recognition by @baconquy.
Project from the course Basics of information security in infrastructure systems.
A secure unix socket proxy. Similar to tecnativa/docker-socket-proxy, but more flexible and written in Go with no dependencies
AWS Security Services
A Proof of Concept editor for Preload Tables in Unity Asset Bundles.
The User Authentication System is a web application that focuses on providing a seamless and secure user authentication experience. The project aims to handle user registration, login, and account management in a user-friendly manner, ensuring privacy and
x86-64 code/pe virtualizer
Its a webpage which have lot of cyber security gadgets to use and learn its a user friendly webpage that every cyber security student needs to use it and learn.
Repository to support the master's thesis "Enhancing 5G Security: A Comparison of 256-bit Symmetric-key Cryptosystems on FPGA"
A curated list of awesome resources about the security of space systems.
专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing WAF
Sandbox environments for security awareness training content
Artificial Intelligence/Machine Learning Application and Pipeline Security-Focused Development Framework
Throw a bunch of headers at a web app and see what sticks
Composite GitHub CI Action containing the minimal viable security lint for brave repositories
Authentication Portal based on Caddy Security
Multiple dimension proof-of-concept
Ruby implementation of PASETO tokens
Permify Homebrew Tap
InterFi provides blockchain security and assessment services. In this repository, we'll upload audited smart contracts, and projects. To request a smart contract audit, contact https://t.me/interfiaudits or hello@interfi.network
Esmerald framework - Highly scalable, performant, easy to learn, easy to code and for every sizeable and complex application
A hosts file for blocking bad domains usually found in phishing emails targeting Greek users
Work in progress...
This tool is designed to provide estimates of the security queue in the CPH airport at a user-defined point in time in the future. The tool uses Machine Learning based on historical data to estimate the queue.
Seditio Blog Script Fast and Security
Fully customisable, offensive security reporting solution designed for pentesters, red teamers and other security-related people alike.
Front end (UI) plugin to support security-analytics
An IP list of bad actors targeting public infra like website, ssh endpoints, etc.
In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).
A proof-of-concept process dumper directly to memory
Proof of concept of different Design Patterns in Microservices
Proof-of-Concept tool to generate (MSI)XVC download links for Windows Store / Xbox Game Pass titles.
Hack the Box Walktrough
Who hasn’t lost crypto before? Well hope not, especially when you download tools with dependencies requiring you to risk losing what you haven't found yet! Built by Paranoid developers with privacy and security in mind. Create an issue for any requests. R
OWASP Foundation Web Respository
OpenFGA SDK for .NET - https://www.nuget.org/packages/OpenFga.Sdk
This repository is a collection I've put together, focusing on various backend engineering topics. It's a place where you can find information on API design, databases, deployment, distributed computing, networking, performance optimization, security, and
PWN is an open security automation framework that aims to stand on the shoulders of security giants, promoting trust and innovation.
reliable fake and temp email filter solution for site operators
🕹️ A proof-of-concept project made during my studies to manage game dedicated servers using the Source RCON protocol through a web interface.
GCP Audit checks projects in Google Cloud for compliance with CIS Benchmarks
🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubi
AuthCrunch provides Authentication, Authorization, and Accounting (AAA) Security Functions (SF) in Golang
Displays Dependabot security alerts for multiple GitHub repositories.
Work in progress...
:tada: (RuoYi)官方仓库 基于SpringBoot,Spring Security,JWT,Vue3 & Vite、Element Plus 的前后端分离权限管理系统
Project energy labeling accounts and landing zones based on findings from a centralized security hub for AWS cloud.
The repository of NexNix, an operating system aimed to be fast and secure, with the right balance of simplicity and power
The regolibrary package contains the controls Kubescape uses for detecting misconfigurations in Kubernetes manifests.
Some useful tips for various types of CTF challenges
The CxAST TeamCity plugin enables you to trigger SAST, SCA, and KICS scans directly from a TeamCity project.
Proof-of-Concept of an extensible image file formats API
Light LDAP implementation
Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
My personal repertoire of technology and security-related notes.
The trustworthy ReDoS checker
Source code for security.filecoin.io
A fast, secure and easy to use VPN. Built by the makers of Firefox.
Toolkit compatible with multiple Linux distros that allows for installation of handpicked applications, along with corresponding configs that have been tuned for reasonable privacy and security.
Technicals hands on, samples, Proof of concepts using frameworks
Trend Micro Cloud One File Storage Security plugins reference code.
Secures REST APIs with Spring Security and JWT Token-based Authentication powered by Spring Reactive stack
Security Bundle based on Json Web Token
The Kubernetes Security Profiles Operator
A proof of concept for a space-invaders style game with face tracking for character movement and support for Gamecube Donkey Konga Bongos to fire the gun.
A Proof-of-concept (PoC) for machine visualization using WebGL and SignalR.
Privacy and Security focused Segment-alternative, in Golang and React
A Virtual Machine Monitor for modern Cloud workloads. Features include CPU, memory and device hotplug, support for running Windows and Linux guests, device offload with vhost-user and a minimal compact footprint. Written in Rust with a strong focus on sec
Main website servers
Ansible scripts for AAS and SASO subjects (Advanced System Administration/Security in Operating System Administration))
Real-time, container-based file scanning at enterprise scale
RetroWrite -- Retrofitting compiler passes through binary rewriting
OWASP Honeypot, Automated Deception Framework.
Proof of concept Shiny application for the level 2 and 3 attainment by age 19 National Statistics publication
Work in progress personal website; proof of concept static site generator using dry-system, rom-rb, and dry-view
A browser extension for OSINT search
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
BetterTLS: A Name Constraints test suite for HTTPS clients.
The Single Sign-On Multi-Factor portal for web apps
Plugins for Wazuh Dashboard
Sentry, feature-complete and packaged up for low-volume deployments and proofs-of-concept
Scapy: the Python-based interactive packet manipulation program & library. Supports Python 2 & Python 3.
The overlay contains new or updated security tools.
The wolfSSL library is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. wolfSSL supports up to TLS 1.3!
Java web and command line applications demonstrating various security topics
Share passwords securely
Java-Web-Security - Sichere Webanwendungen mit Java entwickeln
CVE-2023-49914 -- InteraXon Muse 2 devices allow remote attackers to cause a denial of service (incorrect Muse App report of an outstanding, calm meditation state) via a 480 MHz RF carrier that is modulated by a "false" brain wave, aka a Brain-Hack attack. For example, the
CVE-2023-6464 -- A vulnerability was found in SourceCodester User Registration and Login System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument user leads to sql inje
CVE-2023-6465 -- A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as problematic. This affects an unknown part of the file registered-user-testing.php. The manipulation of the argument regmobilenumber leads to cross
CVE-2023-6466 -- A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file /planet of the component User Comment Handler. The manipulation leads to cross site scripting. The attack can be in
CVE-2023-6467 -- A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /Websquare/likeClickComment/ of the component Comment Like Handler. The manipulation leads to improper enforcement
CVE-2023-6472 -- A vulnerability, which was classified as problematic, has been found in PHPEMS 7.0. This issue affects some unknown processing of the file app\content\cls\api.cls.php of the component Content Section Handler. The manipulation leads to cross site scripting
CVE-2023-6473 -- A vulnerability, which was classified as problematic, was found in SourceCodester Online Quiz System 1.0. This affects an unknown part of the file take-quiz.php. The manipulation of the argument quiz_taker/year_section leads to cross site scripting. It is
CVE-2023-26024 -- IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. IBM X-Force ID: 247898.
CVE-2023-28895 -- The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip.
CVE-2023-28896 -- Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle.
CVE-2023-3443 -- An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential
CVE-2023-38268 -- IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260585.
CVE-2023-3949 -- An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for unauthorized users to view a public projects'
CVE-2023-3964 -- An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public p
CVE-2023-42006 -- IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. IBM X-Force ID: 265266.
CVE-2023-43015 -- IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a
CVE-2023-4317 -- An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with the Developer role to update a pip
CVE-2023-43453 -- An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component.
CVE-2023-43454 -- An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component.
CVE-2023-43455 -- An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component.
CVE-2023-44382 -- October is a Content Management System (CMS) and web platform to assist with development workflow. An authenticated backend user with the `editor.cms_pages`, `editor.cms_layouts`, or `editor.cms_partials` permissions who would normally not be permitted to
CVE-2023-44402 -- Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the `embeddedAsarIntegrityValidation` and `onlyLoadAppFromAsar` fuses enabled. Apps without these fuses
CVE-2023-45168 -- IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 267966.
CVE-2023-4518 -- A vulnerability exists in the input validation of the GOOSE
CVE-2023-45252 -- DLL Hijacking vulnerability in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, due to the installation of the service in a directory that grants write privileges to standard users, allows attackers to manipulate files, execute
CVE-2023-45253 -- An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile method performed by the log4net library.
CVE-2023-4658 -- An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the `Allowed to merge
CVE-2023-46746 -- PostHog provides open-source product analytics, session recording, feature flagging and A/B testing that you can self-host. A server-side request forgery (SSRF), which can only be exploited by authenticated users, was found in Posthog. Posthog did not ver
CVE-2023-48016 -- Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter.
CVE-2023-48314 -- Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - B
CVE-2023-48801 -- In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerabil
CVE-2023-48813 -- Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php.
CVE-2023-48842 -- D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi.
CVE-2023-48886 -- A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request.
CVE-2023-48887 -- A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request.
CVE-2023-48893 -- Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/staff_act.php.
CVE-2023-4912 -- An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial
CVE-2023-49276 -- Uptime Kuma is an open source self-hosted monitoring tool. In affected versions the Google Analytics element in vulnerable to Attribute Injection leading to Cross-Site-Scripting (XSS). Since the custom status interface can set an independent Google Analyt
CVE-2023-49277 -- dpaste is an open source pastebin application written in Python using the Django framework. A security vulnerability has been identified in the expires parameter of the dpaste API, allowing for a POST Reflected XSS attack. This vulnerability can be exploi
CVE-2023-49281 -- Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users ar
CVE-2023-49371 -- RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit.
CVE-2023-5226 -- An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using
CVE-2023-5427 -- A local non-privileged user can make improper GPU processing operations to gain access to already freed memory.
CVE-2023-5634 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ArslanSoft Education Portal allows SQL Injection.This issue affects Education Portal: before v1.1.
CVE-2023-5635 -- Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ArslanSoft Education Portal allows Account Footprinting.This issue affects Education Portal: before v1.1.
CVE-2023-5636 -- Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection.This issue affects Education Portal: before v1.1.
CVE-2023-5637 -- Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensitive Strings Within an Executable.This issue affects Education Portal: before v1.1.
CVE-2023-5915 -- A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. This vulnerability may allow to a remote attacker to cause a denial-of-service condition to the FCN/FCJ controller by sending a
CVE-2023-5995 -- An issue has been discovered in GitLab EE affecting all versions starting from 16.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the policy bot to gai
CVE-2023-6033 -- Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker to execute javascript in victim's browser.
CVE-2023-6449 -- The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7_antiscript_file_name' function in versions up to, and including
CVE-2023-6461 -- Cross-site Scripting (XSS) - Reflected in GitHub repository viliusle/minipaint prior to 4.14.0.
CVE-2023-6462 -- A vulnerability, which was classified as problematic, was found in SourceCodester User Registration and Login System 1.0. Affected is an unknown function of the file /endpoint/delete-user.php. The manipulation of the argument user leads to cross site scri
CVE-2023-6463 -- A vulnerability has been found in SourceCodester User Registration and Login System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument first_na