475 Photos and videos
We're back. See you Monday:
newsletter.securitypills.new…
Drop your email, we won't phish you.
4
1,756
Sebas retweeted
4 Dec 2025
I've pushed a few updates to github.com/assetnote/react2s…. Vercel and Netlify are no longer flagged as vuln. Offsite redirs not followed. Custom header support in case you need auth or custom UA. Redir test cases are more accurate now (both base path and redir tested).
2
25
166
17,138
Sebas retweeted
1 Aug 2024
According to the National Intelligence Service, around 8,400 individuals are employed in cyber warfare in North Korea. Previously, there were 6 hacking groups and 17 support organizations backing cyber attack activities, but this number has now increased by nearly 20%.
- Korean: donga.com/news/Politics/arti…
- English: donga.com/en/article/all/202…
2
32
73
11,492
My article regarding Poisoned Pipeline Execution attacks on CI/CD pipelines has just been published
🔗bishopfox.com/blog/poisoned-…
20 Mar 2024
Dive into our blog on the surge of app security attacks on CI/CD pipelines. Discover how to shield against poisoned pipeline executions and real-world remote code execution scenarios. More here: bfx.social/3IHtwGJ #AppSec #DevOps #Cybersecurity
1
20
73
14,013
🕵️♂️ Deluder
🔍 A tool for intercepting traffic of proxy unaware applications, supporting multiple networking libraries:
* OpenSSL
* GnuTLS
* SChannel
* WinSock and Linux Sockets
more!
github.com/Warxim/deluder
1
502
🛠 pphack: A Client-Side Prototype Pollution Scanner
Scan for prototype pollution using chromedp, customize payloads and JavaScript with this powerful tool
👤 @edoardottt2
github.com/edoardottt/pphack
1
3
5
780
⚔ Visualizing ACLs with Adalanche
A tool for enumerating and visualizing ACLs in Active Directory, helping to identify misconfigurations and potential attack paths
By @lsecqt
lsecqt.github.io/Red-Teaming…
6
15
1,638
🛠️ proctools: Extract information & dump sensitive strings from Windows processes:
🔍 procsearch: find sensitive strings in process memory
ℹ️ procinfo: display file version info
📝 procargs: extract command line args
❌ prockill: terminate processes
github.com/mlcsec/proctools
1
272
🛠 Debug your GitHub Actions via SSH with action-tmate
A GitHub Action that allows users to debug their GitHub Actions by using SSH or a web shell to access the host system on which the actions run
👤 Max Schmitt
github.com/mxschmitt/action-…
246
🤖 LLM-powered fuzzing via OSS-Fuzz
A framework that uses LLMs to generate fuzz targets for C/C projects and benchmarks them on the oss-fuzz platform.
👤 @google
github.com/google/oss-fuzz-g…
2
6
573
🛠️ graphrunner
A post-exploitation toolset for interacting with the Microsoft Graph API
It provides different tools for:
* Reconnaissance
* Persistence
* Pillaging of data from a Microsoft Entra ID (Azure AD) account
👤 @dafthack
github.com/dafthack/GraphRun…
3
274
🛠 Jira-Lens: Fast and customizable vulnerability scanner for JIRA
Perform 25 checks including CVEs and multiple disclosures on a provided JIRA instance
👤 @mayank_pandey01
github.com/MayankPandey01/Ji…
5
395
🔖 Security Pills #55
🛠️ A Recipe for Scaling Security @ddworken
🛡️ Detect threats using Microsoft Graph logs @fabian_bader
☁️ All Google Kubernetes Engine Risk @roinisimi
⚔️ electroniz3r @_r3ggi
📦 Forging signed commits on GitHub
more!
newsletter.securitypills.new…
2
3
7
2,010
Receive the latest security news each Monday:
🛠️ Appsec
⛓️ Blockchain
🛡️ Blue Team
☁️ Cloud Sec
🐳 Container Sec
🤖 ML
⚔️ Red Team
📦 Supply Chain
🕵️Threat Hunting
Join 2,000 security professionals
newsletter.securitypills.new…
Follow me ( @0xroot ) for more content like this
155
☁ Google Cloud Incident Response Cheat Sheet
* Common Attack Paths in GCP 🧧
* Logs for Threat Hunting & Incident Response 🧙♂️
* GCP Attack Matrix 📊
* Service Accounts 🔑
Includes documentation with details for each TTP
👤@TheIceRoot & Wes Guerra
medium.com/google-cloud/goog…
1
3
8
655
If you have enjoyed this content, please help us by:
1️⃣ Joining over 2000 security professionals to get the latest trends in security.
2️⃣ Following me (@0xroot) for more content like this.
Visit securitypills.news for more information.
176
☁️ Cloud Threat Landscape
A cloud threat intelligence database, providing details on actors, tools and attack vectors
Dive into @wiz_io's public database:
🚨107 incidents
🎭96 threat actors
⚔️100 attack techniques
wiz.io/cloud-threat-landscap…
4
473
🔐 Frameless BITB
A new approach to Browser In The Browser (BITB) without iframes, allowing the bypass of traditional framebusters used by login pages like Microsoft and compatible with Evilginx
👤 @waelmas01
github.com/waelmas/frameless…
1
2
4
674