Collaborate Disseminate
I’ve recently begun using Auditbeat for capturing and streaming audit logs from my Linux machine.
I browsed the main rules repository, and noticed that many rules rely on the keywords feature of Sigma (e.g. this rule). However, I’m unable … Continue reading Sigma "keywords" rules and Auditbeat
How can I know whether a program is genuine? The ways I have thought of are checking what the user base has said and knowing the author background. Occasionally my antivirus will flag a webpage as suspicious. Am I on the right lines?
… Continue reading How to know whether a program is genuine? [closed]
I used pentester.com for a couple of days. The site appears to have been there for a long time but there is little information on it on the internet. Their Facebook page is fairly new and they don’t have wide presence on the internet. It a… Continue reading Is Pentester.com a Safe Site? [closed]
I’m attempting to come up with a detection for when devs commit/push changes to pull requests after they have been reviewed and approved but before they have been merged.
There are various actions that I’ve found that seem useful like pull… Continue reading Can a detection be written from Github audit events that finds commit/pushes done after review approvals in pull requests? [migrated]
We want to be 27001 certified and our company is based on one core application that is hosted in our cloud infrastructure but provided by a vendor.
Is there a situation where an auditor needs access to the source code to be able to justify… Continue reading ISO 27001: do we need audit access to the code of the core application
In relation to another question I wanted to ask, supposing I pulled the drives from a laptop, and the GPU/CPU/TPM/RAM are soldered on the mother board (along with lots of other random chips). What software ("images") persists on … Continue reading Dump All Images Possible On a Laptop Motherboard [migrated]
Over a dozen vulnerabilities discovered in Tor audit, including a high-risk flaw that can be exploited to inject arbitrary bridges.
The post Tor Code Audit Finds 17 Vulnerabilities appeared first on SecurityWeek.
Continue reading Tor Code Audit Finds 17 Vulnerabilities
Suppose you need a laptop repair, so you bring it to
A big box store where you have some sort of coverage (who will have the computer for 2-3 weeks)
A small chain of repair shops
a small independent repair shop
All in the United States. … Continue reading Laptop Repair vs. Evil Maid
I’ve recently been experiencing a situation as follows:
How can I understand the IO of an unknown device?
Say, for example, I am gifted a bluetooth speaker. How can I understand its potential for transmission? If it claims to be just a blu… Continue reading How can we verify the security of a device? [duplicate]
I’ve just inherited the maintenance of an old website. The code is awful and I’d like to demonstrate to my superiors that the code is bad and vulnerable.
<?php
if (!empty($_GET[‘page’])){
include ‘controleurs/’.$_GET[‘pa… Continue reading Inheriting Old Website Maintenance: Demonstrating Code Vulnerabilities [closed]