Security

InfoSec

InfoSec knowledge

https://www.netmeister.org/blog/infosec-competencies.html

Container security

https://blog.gitguardian.com/how-to-improve-your-docker-containers-security-cheat-sheet/

Web API security

https://labs.detectify.com/2021/08/10/how-to-hack-apis-in-2021/

DoH

• request to Google DNS over HTTPS, unlikely to be blocked
• retrieves text with list of C&C servers
• picks one to download next stage payload
• writes payload to disk as a well-known windows process
• https://www.bleepingcomputer.com/news/security/attackers-abuse-google-dns-over-https-to-download-malware/

package manager security investigation

https://jordan-wright.com/blog/post/2020-11-12-hunting-for-malicious-packages-on-pypi/

JavaScript / TypeScript prototype vulnerability

https://portswigger.net/daily-swig/prototype-pollution-the-dangerous-and-underrated-vulnerability-impacting-javascript-applications

collection of security issues

https://news.google.com/articles/CBMiYGh0dHBzOi8vdGVjaGNydW5jaC5jb20vMjAyMC8xMS8wMS93ZXdvcmstZW1wbG95ZWVzLXVzZWQtYW4tYWxhcm1pbmdseS1pbnNlY3VyZS1wcmludGVyLXBhc3N3b3JkL9IBZGh0dHBzOi8vdGVjaGNydW5jaC5jb20vMjAyMC8xMS8wMS93ZXdvcmstZW1wbG95ZWVzLXVzZWQtYW4tYWxhcm1pbmdseS1pbnNlY3VyZS1wcmludGVyLXBhc3N3b3JkL2FtcC8?hl=en-US&gl=US&ceid=US%3Aen

“WeWork is committed to protecting the privacy and security of our members and employees,” said WeWork spokesperson Colin Hart. “We immediately initiated an investigation into this potential issue and took steps to address any concerns. We are also nearing the end of a multi-month process of upgrading all of our printing capabilities to a best in class security and experience solution. We expect this process to be completed in the coming weeks.”