Rajkumar
@raj2569.bsky.social
Reposted by Rajkumar
'Wild Poppies' by Colleen Parker, contemporary artist and illustrator #womensart
July 6, 2025 at 7:46 AM
'Wild Poppies' by Colleen Parker, contemporary artist and illustrator #womensart
Reposted by Rajkumar
🔬 When I perform a secure code review, I also check whether the external components used are affected by public vulnerabilities (CVE). Recently, after a advice from my manager on this subject, I tried to go further and check whether the CVEs identified had a POC/Exploit.
#appsec #appsecurity #cve
#appsec #appsecurity #cve
July 5, 2025 at 2:57 PM
🔬 When I perform a secure code review, I also check whether the external components used are affected by public vulnerabilities (CVE). Recently, after a advice from my manager on this subject, I tried to go further and check whether the CVEs identified had a POC/Exploit.
#appsec #appsecurity #cve
#appsec #appsecurity #cve
Reposted by Rajkumar
🖼️ Katherine Bilokur
July 5, 2025 at 1:48 PM
🖼️ Katherine Bilokur
Reposted by Rajkumar
Scattered Spider Upgraded Their Tactics to Abuse Legitimate Tools to Evade Detection and Maintain Persistence
Scattered Spider Upgraded Their Tactics to Abuse Legitimate Tools to Evade Detection and Maintain Persistence
cybersecuritynews.com
July 5, 2025 at 11:36 AM
Scattered Spider Upgraded Their Tactics to Abuse Legitimate Tools to Evade Detection and Maintain Persistence
Reposted by Rajkumar
July 5, 2025 at 12:29 PM
Reposted by Rajkumar
Jeff Caruso: Inside Cyber Warfare thehackermaker.com/j...
Jeff Caruso: Inside Cyber Warfare - Phillip Wylie
Summary In this episode of the Phillip Wylie Show, host Phillip Wylie interviews Jeff Caruso, an expert in cyber warfare and author of a book on the subject. They discuss Jeff’s unique background, including his experience in the Coast Guard and his transition into the world of cybersecurity. The conversation delves into the evolution of…
thehackermaker.com
July 5, 2025 at 3:18 PM
Jeff Caruso: Inside Cyber Warfare thehackermaker.com/j...
Reposted by Rajkumar
10 Best Free Malware Analysis Tools To Break Down The Malware Samples – 2025
10 Best Free Malware Analysis Tools To Break Down The Malware Samples - 2025
cybersecuritynews.com
June 30, 2025 at 11:47 AM
10 Best Free Malware Analysis Tools To Break Down The Malware Samples – 2025
Reposted by Rajkumar
Notepad++ Vulnerability Let Attacker Gains Complete System Control – PoC Released
Notepad++ Vulnerability Let Attacker Gains Complete System Control - PoC Released
A severe privilege escalation vulnerability has been discovered in Notepad++ version 8.8.1, potentially exposing millions of users worldwide to complete system compromise.
cybersecuritynews.com
June 24, 2025 at 2:44 AM
Notepad++ Vulnerability Let Attacker Gains Complete System Control – PoC Released
Reposted by Rajkumar
Very interesting blog post from a secure code review perspective. I discovered it thanks to @pentesterlab.com
"Unexpected security footguns in Go's parsers"
#go #appsec #appsecurity
blog.trailofbits.com/2025/06/17/u...
"Unexpected security footguns in Go's parsers"
#go #appsec #appsecurity
blog.trailofbits.com/2025/06/17/u...
Unexpected security footguns in Go's parsers
File parsers in Go contain unexpected behaviors that can lead to serious security vulnerabilities. This post examines how JSON, XML, and YAML parsers in Go handle edge cases in ways that have repeated...
blog.trailofbits.com
June 23, 2025 at 6:37 AM
Very interesting blog post from a secure code review perspective. I discovered it thanks to @pentesterlab.com
"Unexpected security footguns in Go's parsers"
#go #appsec #appsecurity
blog.trailofbits.com/2025/06/17/u...
"Unexpected security footguns in Go's parsers"
#go #appsec #appsecurity
blog.trailofbits.com/2025/06/17/u...
Reposted by Rajkumar
NIST Released 19 Zero Trust Architecture Implementations Guide – What’s New
NIST Released 19 Zero Trust Architecture Implementations Guide - What's New
cybersecuritynews.com
June 14, 2025 at 9:36 AM
NIST Released 19 Zero Trust Architecture Implementations Guide – What’s New
Reposted by Rajkumar
Hello, friends! I'm thrilled to announce that The Homelab Almanac, v3.0 has officially launched! There is a **ton** of new stuff in this version, including:
- Proper DNS
- PKI
- Automatic signed certificates
- New secrets management
- Proxmox clustering
- Cloud integration
- Proper DNS
- PKI
- Automatic signed certificates
- New secrets management
- Proxmox clustering
- Cloud integration
Announcing The Homelab Almanac: Version 3.0
The best guide to homelabs just got a lot better—and bigger.
taggart-tech.com
June 7, 2025 at 4:58 AM
Hello, friends! I'm thrilled to announce that The Homelab Almanac, v3.0 has officially launched! There is a **ton** of new stuff in this version, including:
- Proper DNS
- PKI
- Automatic signed certificates
- New secrets management
- Proxmox clustering
- Cloud integration
- Proper DNS
- PKI
- Automatic signed certificates
- New secrets management
- Proxmox clustering
- Cloud integration
Reposted by Rajkumar
From Classic SOC to Autonomous SOC: The Future of Cyber Defense
From Classic SOC to Autonomous SOC: The Future of Cyber Defense
Modernize your SOC into an Autonomous Security Operations (ASO) model. what it means, why it matters, and how to prepare your team.
infosecwriteups.com
June 7, 2025 at 6:48 AM
From Classic SOC to Autonomous SOC: The Future of Cyber Defense
Reposted by Rajkumar
Want to contemplate time, the calendar and its intricacies, try this terrific read. bookshop.org/p/books/the-...
The Sun in the Church: Cathedrals as Solar Observatories
Cathedrals as Solar Observatories
bookshop.org
May 1, 2025 at 2:49 AM
Want to contemplate time, the calendar and its intricacies, try this terrific read. bookshop.org/p/books/the-...
Reposted by Rajkumar
Hasherezade just unveiled another process injection method. There are probably 20 or 30 different process injection methods now, and nerds are still using CreateRemoteThread like it's 2005
April 14, 2025 at 9:57 PM
Hasherezade just unveiled another process injection method. There are probably 20 or 30 different process injection methods now, and nerds are still using CreateRemoteThread like it's 2005
Reposted by Rajkumar
SVG Phishing Surge: How Image Files Are Being Weaponized to Steal Credentials
SVG Phishing Surge: How Image Files Are Being Weaponized to Steal Credentials
Phishing attacks using SVG files surged 1800%, exploiting JavaScript and PhaaS kits to bypass MFA and steal credentials, Trustwave warns.
securityonline.info
April 13, 2025 at 4:16 AM
SVG Phishing Surge: How Image Files Are Being Weaponized to Steal Credentials
Reposted by Rajkumar
Malware Persistence: How Hackers Stay Alive on Your System (And How to Stop Them)
Malware Persistence: How Hackers Stay Alive on Your System (And How to Stop Them)
Hey there! Ever felt like your computer just won’t behave? Maybe you’ve got a weird slowdown, strange pop-ups, or suspicious activity…
infosecwriteups.com
April 12, 2025 at 11:26 AM
Malware Persistence: How Hackers Stay Alive on Your System (And How to Stop Them)
Reposted by Rajkumar
I often get asked: How did I start writing? Why do I write? Who do I write for? What's my process?
I procrastinated on this because, honestly, who cares about my writing process? But after repeatedly answering the same qns, I finally wrote this.
eugeneyan.com/writing/writ...
I procrastinated on this because, honestly, who cares about my writing process? But after repeatedly answering the same qns, I finally wrote this.
eugeneyan.com/writing/writ...
Frequently Asked Questions about My Writing Process
How I started, why I write, who I write for, how I write, and more.
eugeneyan.com
April 2, 2025 at 2:06 AM
I often get asked: How did I start writing? Why do I write? Who do I write for? What's my process?
I procrastinated on this because, honestly, who cares about my writing process? But after repeatedly answering the same qns, I finally wrote this.
eugeneyan.com/writing/writ...
I procrastinated on this because, honestly, who cares about my writing process? But after repeatedly answering the same qns, I finally wrote this.
eugeneyan.com/writing/writ...
Reposted by Rajkumar
Conventional wisdom says standing on the shoulders of giants—leveraging battle-tested technologies. However, it's worth re-evaluating that decision when prior art becomes a substantial blocker. Sometimes, you need a clean-slate approach. This paper shows a good example: why/how Ceph built BlueStore.
March 30, 2025 at 7:20 PM
Conventional wisdom says standing on the shoulders of giants—leveraging battle-tested technologies. However, it's worth re-evaluating that decision when prior art becomes a substantial blocker. Sometimes, you need a clean-slate approach. This paper shows a good example: why/how Ceph built BlueStore.
Reposted by Rajkumar
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 39
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 39
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.
securityaffairs.com
March 30, 2025 at 2:20 PM
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 39
Reposted by Rajkumar
Python-Powered Triton RAT Exfiltrates Data via Telegram and Evades Analysis
Python-Powered Triton RAT Exfiltrates Data via Telegram and Evades Analysis
Explore the Triton RAT, a Python-based remote access tool with powerful malicious capabilities and control via Telegram.
securityonline.info
March 31, 2025 at 2:20 AM
Python-Powered Triton RAT Exfiltrates Data via Telegram and Evades Analysis
Reposted by Rajkumar
Rostelecom discovered new malware operated by Shedding Zmiy, a pro-Ukrainian espionage group made up of former members of the Cobalt cybercrime group.
The new malware includes four new Linux rootkits (Puma, Pumatsune, Kitsune, and Megatsune) and the Bulldog backdoor.
rt-solar.ru/solar-4rays/...
The new malware includes four new Linux rootkits (Puma, Pumatsune, Kitsune, and Megatsune) and the Bulldog backdoor.
rt-solar.ru/solar-4rays/...
March 30, 2025 at 5:54 PM
Rostelecom discovered new malware operated by Shedding Zmiy, a pro-Ukrainian espionage group made up of former members of the Cobalt cybercrime group.
The new malware includes four new Linux rootkits (Puma, Pumatsune, Kitsune, and Megatsune) and the Bulldog backdoor.
rt-solar.ru/solar-4rays/...
The new malware includes four new Linux rootkits (Puma, Pumatsune, Kitsune, and Megatsune) and the Bulldog backdoor.
rt-solar.ru/solar-4rays/...
Reposted by Rajkumar
Zscaler has spotted a new malware loader named CoffeeLoader, used in the wild since September of last year. The malware was used together and appears to bear similarities with SmokeLoader.
www.zscaler.com/blogs/securi...
www.zscaler.com/blogs/securi...
CoffeeLoader: A Brew of Stealthy Techniques | ThreatLabz
CoffeeLoader is a new malware loader that employs stealthy techniques including call stack spoofing, sleep obfuscation, and Windows fibers to evade detection.
www.zscaler.com
March 29, 2025 at 10:13 PM
Zscaler has spotted a new malware loader named CoffeeLoader, used in the wild since September of last year. The malware was used together and appears to bear similarities with SmokeLoader.
www.zscaler.com/blogs/securi...
www.zscaler.com/blogs/securi...
Reposted by Rajkumar
Metacurity is pleased to offer our free and premium subscribers a weekly digest of the best long-form (and longish) infosec-related pieces we couldn't properly fit into our daily news crush.
www.metacurity.com/best-infosec...
www.metacurity.com/best-infosec...
Best infosec-related long reads for the week of 3/22/25
The Signal leak makes NSA's job harder, How to launder $27B from online scams, Be afraid of Q-Day, RISC architecture *is* changing everything, How to tell your online accounts have been hacked
www.metacurity.com
March 29, 2025 at 2:46 PM
Metacurity is pleased to offer our free and premium subscribers a weekly digest of the best long-form (and longish) infosec-related pieces we couldn't properly fit into our daily news crush.
www.metacurity.com/best-infosec...
www.metacurity.com/best-infosec...
Reposted by Rajkumar
The Firewall Project is now open-source: www.thefirewall.org
Read the announcement here: old.reddit.com/r/cybersecur...
The code is on GitHub: github.com/TheFirewall-...
Read the announcement here: old.reddit.com/r/cybersecur...
The code is on GitHub: github.com/TheFirewall-...
March 27, 2025 at 11:09 AM
The Firewall Project is now open-source: www.thefirewall.org
Read the announcement here: old.reddit.com/r/cybersecur...
The code is on GitHub: github.com/TheFirewall-...
Read the announcement here: old.reddit.com/r/cybersecur...
The code is on GitHub: github.com/TheFirewall-...