startup_online_master.pdf
3.6 MB
Стартап в Сети. Мастер-классы успешных предпринимателей, Дэвид Коэн, Брэд Фелд, Марина Иутина (Пер.), 2012
🤔6❤1
What A Startup by Gracie Van
What A Startup is startup newsletter & community, designed for early-stage founders.
Each week, I send 2–3 emails packed with sharp insights, real startup stories, and proven practical strategies to help you move faster and build smarter.
Whether you're validating your first idea or knee-deep in customer chaos, this is your corner of the internet to think clearly, learn from others, and feel a little less alone while building.
✅ Official page
#startup
What A Startup is startup newsletter & community, designed for early-stage founders.
Each week, I send 2–3 emails packed with sharp insights, real startup stories, and proven practical strategies to help you move faster and build smarter.
Whether you're validating your first idea or knee-deep in customer chaos, this is your corner of the internet to think clearly, learn from others, and feel a little less alone while building.
#startup
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2😁2👍1
Forwarded from CyberSecBastion
Java Spring Bug Hunter's Secure Coding Playbook (2025 Edition) by DevSecops Guides
Java Spring Security with SAST Arsenal from Semgrep to Claude
𝗧𝗮𝗯𝗹𝗲 𝗼𝗳 𝗰𝗼𝗻𝘁𝗲𝗻𝘁:
✅ Attack Vectors Covered:
✅ SQL Injection through Spring Data JPA dynamic queries
✅ Java Deserialization via Jackson's polymorphic typing
✅ LDAP Injection in Spring LDAP template queries
✅ XXE Attacks through XML parsers in Spring endpoints
✅ Path Traversal in Spring MVC file handling
✅ CSRF bypasses in Spring Security configurations
✅ SpEL Injection through Spring Expression Language
✅ Authentication bypasses in custom security filters
❗️Web
#AppSec
Java Spring Security with SAST Arsenal from Semgrep to Claude
𝗧𝗮𝗯𝗹𝗲 𝗼𝗳 𝗰𝗼𝗻𝘁𝗲𝗻𝘁:
✅ Attack Vectors Covered:
✅ SQL Injection through Spring Data JPA dynamic queries
✅ Java Deserialization via Jackson's polymorphic typing
✅ LDAP Injection in Spring LDAP template queries
✅ XXE Attacks through XML parsers in Spring endpoints
✅ Path Traversal in Spring MVC file handling
✅ CSRF bypasses in Spring Security configurations
✅ SpEL Injection through Spring Expression Language
✅ Authentication bypasses in custom security filters
❗️Web
#AppSec
👍5👏2🤝1
Forwarded from CyberSecBastion
𝗝𝗮𝘃𝗮_𝗦𝗽𝗿𝗶𝗻𝗴_𝗕𝘂𝗴_𝗛𝘂𝗻𝘁𝗲𝗿'𝘀_𝗦𝗲𝗰𝘂𝗿𝗲_𝗖𝗼𝗱𝗶𝗻𝗴_𝗣𝗹𝗮𝘆𝗯𝗼𝗼𝗸.pdf
28.8 MB
Java Spring Bug Hunter's Secure Coding Playbook (2025 Edition) by DevSecops Guides
👍6
THE DIGITAL FORENSICS HANDBOOK A COMPREHENSIVE GUIDE FOR SUCCESSFULLY CONDUCTING DIGITAL FORENSIC INVESTIGATIONS BY LUCAS MAHLER, 2019
Key Highlights:
✅ Historical background and evolution of digital forensics.
✅ Distinction between Computer Forensics and Network Forensics.
✅ Core skills of a digital investigator and the legal dimension of evidence.
✅ System and file analysis (NTFS, PDF, Word).
✅ Data recovery and evidence extraction from browsers and email.
✅ Password cracking techniques and live RAM analysis.
Why it matters:
✅ For lawyers & judges: understanding and presenting digital evidence in court.
✅ For practitioners & researchers: practical tools for more effective investigations.
✅ For students & professionals: a comprehensive guide linking law and technology.
See also:
❗️Digital Forensics Guide (GitHub)
#book #forensic
Key Highlights:
✅ Historical background and evolution of digital forensics.
✅ Distinction between Computer Forensics and Network Forensics.
✅ Core skills of a digital investigator and the legal dimension of evidence.
✅ System and file analysis (NTFS, PDF, Word).
✅ Data recovery and evidence extraction from browsers and email.
✅ Password cracking techniques and live RAM analysis.
Why it matters:
See also:
❗️Digital Forensics Guide (GitHub)
#book #forensic
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4❤3
Digital Forensics Handbook.pdf
10.7 MB
THE DIGITAL FORENSICS HANDBOOK A COMPREHENSIVE GUIDE FOR SUCCESSFULLY CONDUCTING DIGITAL FORENSIC INVESTIGATIONS BY LUCAS MAHLER, 2019
❤3👍2🔥1
Forwarded from CyberSecBastion
Semgrep Playground - An online interactive tool for writing and sharing rules
Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep supports 30+ languages and can run in an IDE, as a pre-commit check, and as part of CI/CD workflows.
❗️Playground
🔼 GitHub
#AppSec
Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep supports 30+ languages and can run in an IDE, as a pre-commit check, and as part of CI/CD workflows.
❗️Playground
#AppSec
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3❤2
DevSecOps, K8s security, Cloud AWS, Azure, GCP, Secure SDLC, API security and AppSec issues [English only]
Who is this channel for?
🤔 AppSec and DevSecOps engineer
🤔 Security Champion (SecChamp)
🤔 CloudSec researcher
🤔 Products Security Manager
What is here?
➡️ Official vendord docs, frameworks, standards, community's policy
➡️ Guides, manuals, e-books, checklist for defense
➡️ Blanks code, samples, pre-sets for CD/CI pipeline
➡️ Tools, utilities, github repos, review platforms
➡️ Author's articles, exclusive materials
➡️ etc..
Direct message, feedback, suggestions, exchange of materials @w2hack_feed_bot or direct on channel
Member of @w2hack family
✅ ✅ Join to CyberSecBastion ✅ ✅
#info
Who is this channel for?
What is here?
Direct message, feedback, suggestions, exchange of materials @w2hack_feed_bot or direct on channel
Member of @w2hack family
#info
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4
Yandex Offer Security (Oct 2025)
Для специалистов по информационной безопасности с опытом от 2 лет
11–17 октября, онлайн. Рекрутер заранее договорится с вами о временных интервалах, удобных для общения.
25 сентября мы проведём онлайн-встречу, где познакомимся, расскажем подробнее о наших проектах и задачах, ответим на ваши вопросы, а также сделаем разбор задач и дадим советы, как лучше подготовиться к секциям.
❗️ Забрать свою работу
❗️ Yandex for Security (TG Channel)
❗️ Как проходят интервью ИБ в Y
Дополнительно:
🔖 Все эвенты от Y
🔖 Стажировки
#job
Для специалистов по информационной безопасности с опытом от 2 лет
11–17 октября, онлайн. Рекрутер заранее договорится с вами о временных интервалах, удобных для общения.
25 сентября мы проведём онлайн-встречу, где познакомимся, расскажем подробнее о наших проектах и задачах, ответим на ваши вопросы, а также сделаем разбор задач и дадим советы, как лучше подготовиться к секциям.
Дополнительно:
#job
Please open Telegram to view this post
VIEW IN TELEGRAM
✍3🤮2🔥1😁1
Твоя личная свобода, твой персональный проект, твой доход, а не зарплата, шанс выйти из "аквариума"и увидеть мир!
#info #startup
Please open Telegram to view this post
VIEW IN TELEGRAM
1👎1🤝1
Media is too big
VIEW IN TELEGRAM
Started in 2021, rebuild in 2025
English edition is available via payhip
Secure DevOps, cloud security, applications security Issues, tips and tricks, advices, lifehack and samples of code
Include issues of:
SAST, DADT, SCA, Shift Left, IaC, K8s, Docker, Terraform, Harbor, GCP, AWS, Azure and etc
#info
Please open Telegram to view this post
VIEW IN TELEGRAM
1🔥2👀2
MITRE attacks detection rules part 1. The MITRE ATT&CK alerts for log point by Parastoo Razi, 2023
This document provides detection rules for the MITRE ATT&CK framework covering various tactics related to initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, and exfiltration.
Specific detection rules are listed covering activities like suspicious file executions, credential dumping tools, Active Directory reconnaissance, and more.
#defensive #windows
This document provides detection rules for the MITRE ATT&CK framework covering various tactics related to initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, and exfiltration.
Specific detection rules are listed covering activities like suspicious file executions, credential dumping tools, Active Directory reconnaissance, and more.
#defensive #windows
1❤4🔥3
Mitre Attacks Detection Rules_part1_2025.pdf
2.2 MB
MITRE attacks detection rules part 1. The MITRE ATT&CK alerts for log point by Parastoo Razi, 2023
1👍4🤔2🔥1
This media is not supported in your browser
VIEW IN TELEGRAM
The recruits do an aptitude test, which I heard is common, and the task is to "build a covert communications network in your home city" to "deploy it, back up the site, destroy it and restore it again" and to "keep the infrastructure up and running securely" and they have up to 8 hours to do it.
In this sense I believe it's as follows: build a covert communications network, this could mean setting up some benign sites that when inputting the correct information on a form, clicking the right button combination or simply a blog post where agents can post cryptic messages that look normal to the normal web users, but actually means something else in the eyes of the agency.
It can also mean setting up DMZ's throughout different parts several buildings/public spots that can connect to another system (kinda far fetched but I mean... it's the CIA so nothing is implausible).
A hidden service can be another option but to the dedicated threat actor this could be the glaring hint that something weird is going on around. (с) Txlio
#fun
Please open Telegram to view this post
VIEW IN TELEGRAM
3❤7👍3🤝2🤔1