Exploiting Github to Mine Crypto

Zeno

Remarkable posts, stories, tools, tutorials and tips from the DevSecOps community!

🌐 View in your browser | ✍️ Publish on FAUN | 🦄 Become a sponsor

Patrons

Get a .COM for just $6.98

A mighty domain for a mini price. Get your next big domain at Namecheap !

Advertise with FAUN

Meet developers where they are, not where you want them to be. Fill the form and download our mediakit.

From FAUNers 🐾

A Summary of Fuzzing Tools and Dictionaries For Bug Bounty Hunters

Fuzzing is the process or technique of sending multiple requests to a target website within a certain time interval. In other words, it is also similar to brute force. Read more about the tools allowing Fuzzing like wfuzz andFfuf.

By @tutorialboy24

👉 Create your FAUN Page if it's not done yet and start sharing your blog posts, news, and tools on FAUN Developer Community, collect badges and more!

Sponsors

Best VPN Deal

NordVPN 68% Black Friday discount is here!

👉 Access anything online without restrictions
👉 Add extra layers of security to your digital life
👉 Get the best online protection tools along with your NordVPN service.
👉 Get 3 months FREE with the 2-year plan

From the web

AWS security assessment: what scanners are missing and how threat modeling may help you?

There are many tools available today that are designed to automate security checks. But some people rely too much on tools, as if conducting an AWS security assessment is the same as formatting the scanner’s output into fancy-looking report.

This blog post focuses on what scanners are missing and why tools cannot fully replace the assessor.

SLSA dip — At the Source of the problem! ✅

This article is part of a series about the security of the software supply chain. Each article will be analyzing a component of the Supply chain Levels for Software Artifacts (SLSA) model in depth, from the developer’s workstation all the way to the consumer side of the chain.

How to implement DevSecOps in a Kubernetes cluster environment-Github Actions and Azure DevOps

Using Kube-bench (checks performed to determine Kubernetes is deployed securely) and Kubescape (an open source tool that includes risk analysis, security compliance, RBAC visualizer, and image vulnerabilities scanning) integrated in Github Actions.

How Mitiga Found PII in Exposed Amazon RDS Snapshots

A recent Mitiga Research Team investigation found the well-regarded Amazon Relational Database Service is leaking PII via exposed RDS Snapshots.

AWS IAM Roles, a tale of unnecessary complexity

IAM was designed to manage authentication and authorization in a single AWS account. As adoption of the cloud grew, organizations started to identify the need for using multiple AWS accounts.

Instead of refactoring the architecture, AWS did what AWS does best - it built a new service.

Supporters

Join Humans Behind Code

👉 If you're a Developer or a maintainer of a widely adopted Open Source project and you think it's worth talking about it and your experiences in building it, join Humans Behind Code and get interviewed and published on faun.dev!

Post Developers Jobs for Free on FAUN

Reach developers where they are not where you want them to be.
Post jobs for free reach thousands of developers.

Quick Hits

Cloud-native application security provider Apiiro announced that it has raised $100 million in Series B funding. To date, the company has raised $135 million.

A newly disclosed vulnerability in Microsoft Corp.’s Azure Cosmos DB was found to open the door to an attacker without needing authentication under certain conditions.

Researchers spotted a new evasive malware, tracked as KmsdBot, that infects systems via an SSH connection that uses weak credentials.

Fall 2022 SOC reports are now available with 154 services in scope. Customers can download the Fall 2022 SOC reports through AWS Artifact in the AWS Management Console.

Videos

Exploiting Github to Mine Crypto ✅

97 Things Every Cloud Engineer Should Know

Migrating to the cloud has become a "sine qua non" these days. The compact articles in 97 Things Every Cloud Engineer Should Know inspect the entirety of cloud computing, including fundamentals, architecture and migration.

Book picks

Multi-Cloud Strategy for Cloud Architects

Learn how to adopt and manage public clouds by leveraging BaseOps, FinOps, and DevSecOps.

Tools

RaduLupan/aws-secops

Collection of scripts for perfoming security operations in AWS

Patrowl/PatrowlHears

PatrowlHears - Vulnerability Intelligence Center / Exploits

deepfence/ThreatMapper

Open source cloud native security observability platform. Linux, K8s, AWS Fargate and more.

deepfence/PacketStreamer

Distributed tcpdump for cloud native environments

Meme of the week

Zeno #348: Exploiting Github to Mine Crypto
Legend: ✅ = editors' choice / ♻️ = Old but gold / ✨ = sponsored / 🔰 = beginner friendly

You received this email because you are subscribed to FAUN.
🐾 FAUN is a world wide community of developers 👣 We help developers learn and grow by keeping them up with what matters.

You can manage your subscription options here (recommended) or use the old way here (legacy). If you have any problem, read this or reply to this email.

Important: We are gradually migrating to a new system. If you don't create an account on FAUN (here ), you will stop receiving our weekly newsletter.

Recommend

GBTC负溢价升至历史新高，又有暴雷要来了吗？

Calling all space nerds: New documentary Good Night Oppy will give you all the f...

盘点国际足联背书的四款WEB3足球游戏

Echelon's Reflect smart fitness mirror helps you stay fit at a low of $700 (30%...

The Best Black Friday Deals On Automotive Gear

VC firm Sequoia Capital's Doug Leone on the fallout from FTX collapse

FTX Founder Deepfake Offers Refund to Victims in Verified Twitter Account Scam

“含中量”超标！盘点卡塔尔世界杯的中国品牌

Facebook And Instagram Will Now Give Teens Stricter Privacy Settings By Default

AirPods Black Friday Deals Continue With Best-Ever Price on AirPods 2 at $79

About Joyk