If you send 1000s of PUT requests to even a private s3 bucket which you don’t have authorisation for you can create mega bills.

Is this a new form of attack? Sounds like it could be pretty dangerous.

medium.com/@maciej.pocwie…

Black Hat Asia 2024 Conference Slides reddit.com/r/ReverseEngin…

Cyber Security Career Path

Detailed information on dozens of different professions related to cyber security:

- hard skills
- soft skills
- education
- certifications
- average salary

github.com/rezaduty/cyber…

Contributor rezaduty

Today 12:22 ICSE, we’re showing off FormatFuzzer for effective generation of binary file formats: conf.researchr.org/details/icse-2…
github.com/uds-se/FormatF…

Kudos to Google Project Zero's j00ru//vx who published new research today detailing his audit of the Windows Registry which includes 50 CVEs: googleprojectzero.blogspot.com/2024/04/the-wi…

Are you experiencing these SecOps/SOC antipatterns (common mistakes) now? have you seen them in the past?

We see these antipatterns pretty frequently across organizations and industries of all sizes as they struggle with a bottom-up technology-first approach to SecOps.

What do you say to open source continuous security monitoring for Microsoft 365?! 😲🤩💙

🎓 Google Cloud Skills Boost
🛣️ Security Engineer Learning Path

Use the 30 day free trial to take this 14 part course on Google Cloud security

Covers
• GCP basics
• Networking
• Security best practices
• GCP Security services

+ more

cloudskillsboost.google/paths/15

Today we are open-sourcing and sharing a longevity assistant called Sequel

- locally stored: we don’t get or see your data
- chat with your complete health picture: blood labs, Whoop, DEXA, MRI, therapies, drugs or supplements you’re on
- run a local LLM or OpenAI

Links ⬇️

Looks like someone dropped a Linux kernel 0day
github.com/YuriiCrimson/E…

''GitHub - 0x36/Pixel_GPU_Exploit: A kernel exploit for Pixel7/8 Pro with Android 14''

#infosec #pentest #redteam #blueteam
github.com/0x36/Pixel_GPU…

🛠️ gram

A 🪞 polished 🪞 threat model diagramming tool

Create a dataflow diagram using the web app, and get:
• Collaborative editing
• Threat and control suggestions
• Integrations with Okta and Jira

by Klarna

github.com/klarna-incubat…

⏰ goalert

A fully featured, open-source on-call and alerting platform

Features:
• Scheduling
• Automated escalations
• Alert triggers (API, email, Prometheus, etc.)
• Notifications (SMS, Voice, Email, Slack)

github.com/target/goalert

GitHub - netsecfish/dlink

Sigh… github.com/netsecfish/dli…

𝗗𝗮𝗺𝗻 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗹𝗲 𝗥𝗲𝘀𝘁𝗮𝘂𝗿𝗮𝗻𝘁 - is an intentionally vulnerable Web API game for learning and training purposes dedicated to devs, ethical hackers, and security engineers.

Blog: buff.ly/3vAM9Jh
Repo: buff.ly/3J2xjhT

#CyberSecurity

OWASP Data Breach Notification owasp.org/blog/2024/03/2…

👥 SO-CON 2024 slides are now available

SpecterOps 🇺🇦's conference, with a big focus on graph based defense

I found a few particularly interesting:
Elad Shamir on NTLM security
Luke Jennings on the SaaS kill chain
Daniel Heinsen on AWS identity attack paths

github.com/SpecterOps/pre…

Exploiting n-day in Home Security Camera 0xbigshaq.github.io/2024/01/05/tp-…

🤯🤯🧠 stuff from H4x0r.DZ🇩🇿 As always! 😎

github.com/h4x0r-dz/Leake…

Woah found a new resource for free security training - pwn.college

Looks like they get pretty advanced in their topics too. Love seeing free trainings for folks trying to up their skills.