DevTestSecOps
@DevTestSecOps
138 subscribers
469 photos
29 videos
37 files
695 links
Forwards and notes on development, testing, security, and operations from @q587p.

About me: studied as System Architect, worked as a SysAdmin, working now as an Test Automation Engineer. Also, I'm interested in hacking (and everything related to it).

జ్
Download Telegram
About
Blog
Apps
Platform
Join
DevTestSecOps
138 subscribers
DevTestSecOps
#security #RCE
45 viewsedited  
DevTestSecOps
DevTestSecOps
#security #RCE
#log4j

- Overview by @LunaSecIO: https://www.lunasec.io/docs/blog/log4j-zero-day/

- Vulnerable Hashes by @mubix: https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes

- IP’s Exploiting by @GreyNoiseIO: https://gist.github.com/gnremy/c546c7911d5f876f263309d7161a7217

- Detection Rules by @cyb3rops: https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b

(from https://twitter.com/FrankMcG/status/1469375212160438275)
53 views
DevTestSecOps
Forwarded from Sergey
50 views
DevTestSecOps
DevTestSecOps
#security #RCE
40 views
DevTestSecOps
DevTestSecOps
#log4j - Overview by @LunaSecIO: https://www.lunasec.io/docs/blog/log4j-zero-day/ - Vulnerable Hashes by @mubix: https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes - IP’s Exploiting by @GreyNoiseIO: https://gist.github.com/gnremy/c546c7911d5f876f…
#security

#CISA about #log4j

https://www.cyberscoop.com/log4j-cisa-easterly-most-serious/
CyberScoop
CISA warns 'most serious' Log4j vulnerability likely to affect hundreds of millions of devices
Cybersecurity and Infrastructure Security Agency Director Jen Easterly told industry leaders in a phone briefing Monday that a vulnerability in a widely-used logging library “is one of the most serious I’ve seen in my entire career, if not the most serious.”…
39 views
DevTestSecOps
DevTestSecOps
#security #CISA about #log4j https://www.cyberscoop.com/log4j-cisa-easterly-most-serious/
https://blog.checkpoint.com/2021/12/13/the-numbers-behind-a-cyber-pandemic-detailed-dive/
Check Point Software
The Numbers Behind Log4j CVE-2021-44228 - Check Point Software
Get A detailed dive for the numbers Behind the Apache Log4j Vulnerability CVE-2021-44228 and how Check Point can help
39 views
DevTestSecOps
Sergey
Photo
#log4j #conspiracy
199 views
DevTestSecOps
DevTestSecOps
#log4j #conspiracy
#log4j #memes

https://log4jmemes.com/
53 views
DevTestSecOps
DevTestSecOps
#log4j - Overview by @LunaSecIO: https://www.lunasec.io/docs/blog/log4j-zero-day/ - Vulnerable Hashes by @mubix: https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes - IP’s Exploiting by @GreyNoiseIO: https://gist.github.com/gnremy/c546c7911d5f876f…
#log4j also affects #testing

#ReportPortal as example:

https://github.com/reportportal/reportportal/issues/1613
GitHub
Log4J vulnerabilities: CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105 · Issue #1613 · reportportal/reportportal
Background The Apache Log4j utility is a commonly used component for logging requests. On December 9, 2021, a vulnerability was reported that could allow a system running Apache Log4j version 2.14....
63 views
DevTestSecOps
DevTestSecOps pinned «#log4j - Overview by @LunaSecIO: https://www.lunasec.io/docs/blog/log4j-zero-day/ - Vulnerable Hashes by @mubix: https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes - IP’s Exploiting by @GreyNoiseIO: https://gist.github.com/gnremy/c546c7911d5f876f…»
DevTestSecOps
DevTestSecOps
xa-267.pdf
xa-271.pdf
41.1 MB
#security #xakep

#journal from https://xakep.ru (in Russian)
56 views
DevTestSecOps
#video #live #testing #conference in Russian

Tech stream: https://youtu.be/fUGa3QmnQ3o

Manager stream:
https://youtu.be/r7tlvxlDJYM
YouTube
ProQuality Conference 2021 - Tech Stream
ProQuality Conference 2021 - Tech Stream

--------------------------------------------------------------------------------------------------------------

Timeline:
0:35 - Внедрение автоматизации мобильного тестирования с нуля на проекте
01:00:28 - Тестирование…
61 views
DevTestSecOps
Forwarded from xkcd
60 views
DevTestSecOps
Forwarded from xkcd
'Thanks to the ForcedEntry exploit, your company's entire tech stack can now be hosted out of a PDF you texted to someone.'
65 views
DevTestSecOps
DevTestSecOps
2021-08-Best-Hacking-Techniques.pdf
2021-11-WiFiHackingRogueAccessPoints.pdf
63.8 MB
#security #journal

Hakin9 (https://hakin9.org) November 2021 version
84 views
DevTestSecOps
For the new era - the new type of information's source!

Receive #CVE Trends from Twitter in one dashboard - https://cvetrends.com/

"CVE Trends gathers crowdsourced intel about CVEs from Twitter's filtered stream API and combines it with data from NIST's NVD and GitHub APIs."
CVE Trends
CVE Trends - crowdsourced CVE intel
Monitor trending CVEs in real-time; crowdsourced intel sourced from Twitter, NIST NVD, Reddit, and GitHub.
73 views
DevTestSecOps
#security #quote

We asked to look for a browser padlock, then Letsencrypt gave phishers free SSL.

We asked not to click links and pop-ups, then GDPR made them do it anyway.

We asked to update automatically, then Russians broke into Medoc & Solarwinds.

And then we asked them to enable logging…
81 viewsedited  
DevTestSecOps
#search

https://www.ghacks.net/2021/12/27/search-engine-duckduckgo-had-another-record-year-in-2021/
ghacks.net
Search Engine DuckDuckGo had another record year in 2021
Privacy-focused search engine DuckDuckGo had another record year in 2021, reaching more than 34,5 billion search queries in the year.
81 views
DevTestSecOps
Many data breach disclosures raise more questions than they answer, but this takes it to a whole new level. 💾💾

https://t.co/GfVGafiEFW
The Mainichi
Tokyo police lose 2 floppy disks containing personal info on 38 public housing applicants
TOKYO -- The Metropolitan Police Department (MPD) has lost two floppy disks containing personal information on 38 people, the department announced on
304 views
DevTestSecOps
Forwarded from Чужий
https://twitter.com/miketheitguy/status/1477097527593734144
Twitter
Mike
Dear @msexchangeteam. The FIP-FS “Microsoft” Scan Engine Failed to Load. Can’t Convert “2201010001” to long.
77 views