Introduction · Reverse Engineering

security
CyberSecTools | Find Cybersecurity Tools and Resources
Explore the largest curated directory of cybersecurity tools and resources to enhance your security practices. Find the right solution for your domain.
Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz Blog
A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams with highly sensitive information.
Go Supply Chain Attack: Malicious Package Exploits Go Module...
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
Complete Beginner
Are you new to security and not sure how to start? This pathway will give you the core skills required to start your cyber security journey.
Metasploit Unleashed - Free Online Ethical Hacking Course | OffSec
Metasploit Unleashed (MSFU) is a Free Online Ethical Hacking Course by OffSec, which benefits Hackers for Charity. Learn how to use Metasploit.
Ming Di Leom's Blog
RCE Vulnerability in QBittorrent – Sharp Security
Attacking browser extensions
Learn about browser extension security and secure your extensions with the help of CodeQL.
OWASP Developer Guide | Table of Contents | OWASP Foundation
Table of Contents on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
The Strange Story of the Teens Behind the Mirai Botnet
Their DDoS malware threatened the entire Internet
Trojan Source Attacks
Some vulnerabilities are invisible. Rather than inserting logical bugs, adversaries can attack the encoding of source code files to inject vulnerabilities.
Secure Salted Password Hashing - How to do it Properly
How to hash passwords properly using salt. Why hashes should be salted and how to use salt correctly.
Messaging Layer Security is now an internet standard | The Mozilla Blog
Today, the Internet Engineering Task Force (IETF) is releasing the standard for Messaging Layer Security (MLS) protocol, a novel standard of communication
Microservice Security Design Patterns for Kubernetes (Part 1) - Brazil's Blog
In this multi-part blog series, I will describe some microservice security design patterns to implement micro-segmentation and deep inspection in your Kubernetes cluster
Encryption at Rest has become a buzzword. — Blog — Evervault
Companies often brag about encryption-at-rest? Is that really worth bragging about?
Angular University
A Step-by-Step Guide for learning JSON Web Tokens, including signatures, single page web application User Authentication and Session Management.
JWTs vs. sessions: which authentication approach is right for you?
Firstyear's blog-a-log
Firstyear's blog
Crypto 101
Booby-trapped sites delivered potent new backdoor trojan to macOS users
Written from scratch, DazzleSpy is the latest advanced piece of Mac malware.
A Thorough Introduction to PASETO
An in-depth look at the successor to JSON Web Tokens: PASETO.
OAuth 2.0 and OpenID Connect (in plain English)
Developer Advocate Nate Barbettini breaks down OpenID and OAuth 2.0 in Plain English. NOTE: This video is from 2018 and contains some information that is now...
What is a realm in JavaScript? · Gal Weizman
Realms are an old concept in the JavaScript ecosystem, but with the rise of supply chain types of attacks realms became a powerful tool for attackers to bypass well known browser runtime security tools. In order to address this concern, we first must understand - what is a realm in JavaScript?
An Illustrated Guide to OAuth and OpenID Connect
OAuth 2.0 and OpenID Connect (OIDC) are internet standards that enable one application to access data from another. Unfortunately, these standards use a lot ...
Authentication on the Web (Sessions, Cookies, JWT, localStorage, and more)
In this video, we will cover the fundamentals of user authentication in modern web applications and websites. In particular, we will explore stateful (sessio...
Ryan Pickren
Ryan Pickren's personal website to view resume and contact information.
Blog | Sam Curry
A technical blog
Qualys Security Blog | Expert network security guidance and news
Guidance, news, and information from the network security experts on the Qualys research team.
roadmap