endorama + security   285

google/tink: Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. - google/tink
type:library  lang:multi  lang:java  lang:golang  lang:c++  lang:obj-c  security  cryptography  primitives  encryption 
29 days ago by endorama
awnumar/memguard: Secure software enclave for storage of sensitive information in memory.
Secure software enclave for storage of sensitive information in memory. - awnumar/memguard
type:library  lang:golang  security  crypto  memory  allocation 
29 days ago by endorama
RhinoSecurityLabs/AWS-IAM-Privilege-Escalation: A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs.
A centralized source of all AWS IAM privilege escalation methods released by Rhino Security Labs. - RhinoSecurityLabs/AWS-IAM-Privilege-Escalation
type:collection  aws:iam  security  red-team 
4 weeks ago by endorama
Tabletop Scenarios (@badthingsdaily) | Twitter
Gli ultimi Tweet di Tabletop Scenarios (@badthingsdaily). THESE 👏 TWEETS 👏 ARE 👏 FICTION👏

This account tweets fictional or headline inspired breach scenarios.

To play: Share opinions on prevention or response steps
type:collection  twitter  tabletop  security  exercise 
4 weeks ago by endorama
936: Password Strength - explain xkcd
Explain xkcd is a wiki dedicated to explaining the webcomic xkcd. Go figure.
type:article  explain  xkcd  password  strength  security 
5 weeks ago by endorama
10 Serverless security best practices | Snyk
10 serverless security best practices for securing your serverless and cloud functions, from managing secrets, to data security, function isolation, least privileges and many more!
type:cheatsheet  serverless  aws:lambda  security  best-practices 
6 weeks ago by endorama
Libsodium Quick Reference: Similarly-Named Functions and Their Use-Cases - Paragon Initiative Enterprises Blog
A quick comparison of libsodium functions with similar names/purposes, and which one to use for a specific use case
type:cheatsheet  security  encryption  libsodium 
6 weeks ago by endorama
nccgroup/PMapper: A tool for quickly evaluating IAM permissions in AWS.
A tool for quickly evaluating IAM permissions in AWS. - nccgroup/PMapper
type:tool  security  blue-team  aws:iam  check 
7 weeks ago by endorama
streaak/keyhacks: Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid. - streaak/keyhacks
type:collection  pentest  security  token  check 
7 weeks ago by endorama
Serverless Security: Best practices and mitigation strategies (re:Inf…
There are many inherent security benefits of using serverless (like no more patching servers or allowing direct network access to functions), but it does intro…
type:presentation  serverless  security  aws:lambda 
8 weeks ago by endorama
AWS IAM Privilege Escalation – Methods and Mitigation
At Rhino Security Labs, our focus is AWS penetration testing and AWS security research. This AWS IAM shows privilege escalation in AWS and other clouds.
type:collection  type:article  aws  security  privilege  escalation 
9 weeks ago by endorama
bgeesaman/kube-env-stealer: Automated GKE Kubelet Impersonation and Cluster Secret Stealer via kube-env
Automated GKE Kubelet Impersonation and Cluster Secret Stealer via kube-env - bgeesaman/kube-env-stealer
type:tool  security  kubernetes  exploit  red-team 
10 weeks ago by endorama
RhinoSecurityLabs/Cloud-Security-Research: Cloud-related research releases from the Rhino Security Labs team.
Cloud-related research releases from the Rhino Security Labs team. - RhinoSecurityLabs/Cloud-Security-Research
type:collection  security  exploit 
10 weeks ago by endorama
knqyf263/trivy: A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI
A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI - knqyf263/trivy
type:tool  container  vulnerability  scanner  security 
may 2019 by endorama
LGTM - Continuous security analysis
Find zero-days and prevent vulnerabilities with LGTM’s code analysis platform. Get continuous security analysis and automated code review. Free for open source.
type:application  security  code-review 
may 2019 by endorama
ProtonMail/gopenpgp: A high-level OpenPGP library
A high-level OpenPGP library. Contribute to ProtonMail/gopenpgp development by creating an account on GitHub.
type:library  lang:golang  encryption  gpg  security 
may 2019 by endorama
doyensec/electronegativity: Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications.
Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron applications. - doyensec/electronegativity
type:tool  electron  security 
may 2019 by endorama
derailed/popeye: 🧭 A Kubernetes cluster resource sanitizer
🧭 A Kubernetes cluster resource sanitizer. Contribute to derailed/popeye development by creating an account on GitHub.
type:tool  kubernetes  security  sanitizer 
may 2019 by endorama
Securely Deliver Your Applications Into Any Environment | Gravitational
Achieve true application portability while meeting the toughest compliance requirements.
type:platform  k8s  automation  deployment  security  compliance 
may 2019 by endorama
mozqnet/go-exploitdb
Contribute to mozqnet/go-exploitdb development by creating an account on GitHub.
type:tool  security  red-team  exploit  search 
april 2019 by endorama
rumyantseva/going-secure: Going secure with Go
Going secure with Go. Contribute to rumyantseva/going-secure development by creating an account on GitHub.
type:presentation  lang:go  security  development 
april 2019 by endorama
trimstray/the-book-of-secret-knowledge: A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more. - trimstray/the-book-of-secret-knowledge
type:collection  security  software  website  tools 
april 2019 by endorama
smallstep/certificates: 🛡️ An online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere.
🛡️ An online certificate authority and related tools for secure automated certificate management, so you can use TLS everywhere. - smallstep/certificates
type:application  security  certificate  authority 
april 2019 by endorama
Soluto/kamus: An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications
An open source, git-ops, zero-trust secret encryption and decryption solution for Kubernetes applications - Soluto/kamus
type:api  kubernetes  security  encryption 
april 2019 by endorama
lyft/cartography: Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database.
Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database. - lyft/cartography
type:application  security  mapping  aws 
april 2019 by endorama
dowjones/hammer: Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS)
Dow Jones Hammer : Protect the cloud with the power of the cloud(AWS) - dowjones/hammer
type:application  security  mapping  aws  cloud 
april 2019 by endorama
botherder/snoopdigg: Simple utility to ease the process of collecting evidence to find infections
Simple utility to ease the process of collecting evidence to find infections - botherder/snoopdigg
type:tool  forensic  image  gathering  evidence  security  compromise 
april 2019 by endorama
Scan your website - urlscan.io
urlscan.io allows you to scan a website and analyze the resources it requests and the domains it contacts. Understand what your website is doing.
type:website  security  analysis  web  scanning 
march 2019 by endorama
giuliocomi/csplogger: A CSP endpoint to aggregate, correlate and analyze report-uri violations across your infrastructure
A CSP endpoint to aggregate, correlate and analyze report-uri violations across your infrastructure - giuliocomi/csplogger
type:tool  csp  logger  security 
february 2019 by endorama
GitHub - RustyShackleford221/OSCP-Prep: A comprehensive guide/material for anyone looking to get into infosec or take the OSCP exam
A comprehensive guide/material for anyone looking to get into infosec or take the OSCP exam - RustyShackleford221/OSCP-Prep
type:guide  oscp  security  learning  exam 
february 2019 by endorama
« earlier      
per page:    204080120160

related tags

0day  2fa  access  acquisition  adblocker  address  advice  aerial  agent  allocation  analysis  android  ansible  answer  anti-censorship  apache  arduino  assessment  attack  audit  auditing  authentication  authority  automation  awesome-list  aws  aws:iam  aws:lambda  backdoor  bash  best-practice  best-practices  binary  bind  bios  blue-team  book  boot-loader  bootcamp  bot  botnet  breach  browser  browser:chrome  browser:firefox  camera  career  censorship  certificate  certstream  change  chat  cheatsheet  check  chef  cis  cli  clicker  cloud  cloud-storage  cloudflare  cnc  code-review  collaboration  collector  comparison  competition  compliance  compromise  configuration  connection  container  corpus  cpu  cracker  credentials  cross-platform  crypto  cryptography  csp  css  ctf  cve  cyber  dataset  ddos  debugging  decompile  default  dependency  deployment  desktop  detection  development  device  devops  diff  digital  dmark  dns  docker  drone  education  electron  email  encryption  enisa  environment  escalation  evaluation  evidence  exam  examples  exercise  explain  exploit  expose  file  file-edit  file-system  file-transfer  finder  firewall  forensic  forensics  foss  frame  framework  framework:magento  free  frontend  fuzzing  gathering  gcp  gem  generator  geolocation  git  github  government  gpg  hack  hacked  hacking  handshake  hardening  hardware  heartbleed  hex  hidden  history  honeypot  hosted  hosts  html  http  iam  ids  image  incident-response  information  infosec  infrastructure  insecure  inspection  intel-me  internet  intrusion-detection  intrusion-prevention  iot  ip  ips  issue  it  javascript  journalism  k8s  kernel  key-server  keylogger  keypair  kubernetes  lab  lambda  lang:c++  lang:go  lang:golang  lang:java  lang:js  lang:multi  lang:obj-c  lang:python  learning  library  libsodium  linux  local  logger  malware  management  manager  mapping  measurement  meltdown  memory  messaging  metadata  microphone  mindmap  mitm  mitre  monitoring  must-read  netflix  network  networking  nginx  number  open-source  opengpg  openssh  openssl  opsec  opt  os:windows  oscp  osint  osquery  owasp  package  papers  password  passwords  pentest  pentesting  perimeter  pgp  phishing  physical  pki  policy  port-knocking  post-exploit  powing  primitives  privacy  privilege  programming  protection  protocol  proxy  prrsentation  psad  puppet  python  question  random  ransomware  raspberry  read  reconnaissance  red-team  reference  remote  remover  reporting  repository  research  resolver  resources  reverse-engineering  rootkit  rotation  router  ruby  saas  safety  sandbox  sanitizer  scanner  scanning  scripts  search  secret  secure  security  self-hosted  server  serverless  service  setup  sign  sinkholing  size  smtp  social  software  source  spectre  spider  spoofing  ssh  ssl  sso  static  streaming  strength  string  sudo  surface  surveillance  syn  sysadmin  system  tabletop  tcpdump  testing  threat-intelligence  threat-research  tls  token  tool  tools  tor  training  transparency  tunnel  twitter  type:answer  type:api  type:application  type:article  type:browser-extension  type:cheatsheet  type:checklist  type:code  type:collection  type:collective  type:company  type:course  type:extension  type:framework  type:guide  type:how-to  type:howto  type:lab  type:library  type:os  type:platform  type:poc  type:presentation  type:reference  type:research  type:review  type:store  type:thread  type:tool  type:tutorial  type:walkthrough  type:website  typosquatting  u2f  ubuntu  unicode  update  usb  version  visibility  vm  vpn  vulnerability  vulnerable  web  webgoat  website  wifi  wild  wireless  wordpress  xkcd  xss  yubikey 

Copy this bookmark:



description:


tags: