Archive: 2019/2

0

2.1 Cloud Meta Data

https://gist.github.com/BuffaloWill/fa96693af67e3a3dd3fb AWShttp://169.254.169.254/latest/meta-data/iam/security-credentials/dummyhttp://169.254.169.254/latest/user-datahttp://169.254.169.254/latest/u

0

2 Cloud Catastrophes

2 Cloud Catastrophes Resource Hijackingbucket name is unique, if you delete it others can use the name https://github.com/EdOverflow/can-i-take-over-xyz Mitigating keep dns and cloud resources in sync

0

1 Top 10 Volunerabilities

1 Top 10 Volunerabilities exploit a pentetest framework XSS - Cross Site Scripting put js to form Beef framework CSRF protect endpoints XXE - Xml EXternal EntityMitigations disable DTD File Inject

0

7 Docker Infrasture

7 Docker Infrasture Kim Carter - BinaryMist Limited [Purple Team], a small company in Christchurch Docker Security Quik References – Kim Carter $9 ebook tooling docker security scanning haskell

0

OWASP NZ Day

Morning Pushpay Insomnia Security Erudite Software Pentester Lab Noon quantum security binary mist aura information security west pac privasec ports of Auckland Provoke solutions Afternoon red shiel

0

9 Serveless and JWT

9 Serveless and JWT @rowdymehulMehul Patel serverless IBM OpenWhisk https://openwhisk.apache.org/ AWS Google Kuberlesshttps://www.twistlock.com/2018/07/10/serverless-comparison-lambda-vs-azure-vs-gcp-

0

6 electron Security

6 electron Security disable node.js access permission handlinggeo, camera … browser normally ask the user but electron does not. the webview tag has isw own process and memory allocation alwys valid

0

8 Mobile Reverse Engineering

8 Mobile Reverse Engineering Karan Sharma (West Pac) reverse engineering tool apktool - desassemble and build apk files d2j-dex2jar turn an apk into jar file jadx similar to dex2jar but allows string