Collaborate Disseminate
When looking for a way to shrink the attack surface for pypi package-typo-squatting, I came across a package called pip-audit on an article on the RedHat blog.
I attempted to use it, but I’m quite confused about how to use it when in diffe… Continue reading Does pip-audit just search requirements.txt for known CVEs?
The other day corporate or the vendor used their cloud deployment tool to replace some of our DLLs, and it got me wondering; does anyone still use hashdeep when they initially roll out a server or important workstation, store the hashes to… Continue reading Is hashdeep deprecated?
Is there an admx file to disable the Reading Pane in Outlook 365 to prevent Phishing?
I looked here but I don’t see anything of the sort.
Continue reading GPO to turn off and disable the reader pane in Outlook for Office 365?
We need to prove to our corporate security that scans in AMP are hurting our business.
I found the following old documentation on FireAMP, which seems to indicate you can extract information on what files have been scanned; and I’m thinkin… Continue reading In CiscoAMP can one determine how long the scan of a file took based on the times between scans in history.db?
I have a terminal emulator that I’d like to manage from Python;
but since the author of the Python library that is used to do this is telling me to download a tool that I’ve never heard of, I’m skeptical about installing it.
I’ve certainly… Continue reading Is pipx a legitimate python tool? [migrated]
I’ve noticed that people don’t use a user account for a specific task;
I keep thinking the concept is called a "service account"
But it causes a lot of issues surrounding security; for instance one should not use their general ad… Continue reading What is it called when you only use a user account for a specific task in your OS?
Since the 20H2 build of Windows 10 came out, if I want to run a script without copying and pasting it into a PowerShell window, I have to write the following command:
Set-ExecutionPolicy -ExecutionPolicy ByPass -Scope Process -Force
Back when I was a Java developer, we used to use build.properties or build.xml to store sensitive information outside of the VCS and just add the file with whatever passwords would go in it after check out.
But that’s pretty language speci… Continue reading How does one tighten up their git repo security for Powershell?
I read on ssh.com that there are new ECDSA ssh keys that one should be using to create the public / private key pair; and that’s it’s a USÂ Government Standard based on elliptical curves (probably something mathy). I also noticed that they… Continue reading Should I be using ECDSA keys instead of RSA for SSH?
In this question I saw that you can use command key to store credentials and then just run a command like mstsc /v:servername to connect to it without typing anything.
Additionally, you can delete it using the /delete switch of cmdkey…w… Continue reading Is it safe to use cmdkey to store credentials?