Security News
LSA Whisperer consists of open-source tools designed to interact with authentication packages through their unique messaging protocols. "Many authentication packages generally support their internal APIs, known as package calls, and relatively few are documented or used outside of Microsoft. I wanted to document as many of these calls as possible and implement a tool for interacting with them so we could identify which would provide value for red team assessments," Evan McBroom, Senior Software Engineer at SpecterOps, told Help Net Security.
Cloud Console Cartographer is an open-source tool that maps noisy log activity into highly consolidated, succinct events to help security practitioners cut through the noise and understand console behavior in their environment. "Infrastructure as code has replaced a lot of the need for console access for many organizations, but there are still plenty of instances where the console is still being used, and in some cases, you need to use the AWS console to perform certain actions. Cloud Console Cartographer cuts through the noise generated in logs by those console sessions," Daniel Bohannon, Permiso's Principal Threat Researcher, told Help Net Security.
Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communities, to read and generate Software Bill of Materials, file data, and translate this data across standard industry SBOM formats. The key to strengthening software security and software supply chain risk management is an SBOM, which is a nested, formatted inventory that lists the software's components, including the supply chain relationships of various open-source and commercial components used in building software.
Winter April 18, 2024 7:59 AM. OpenJS could to be the wrong target as there seem to be several developers with visibility involved. I am more concerned about 1/2 overworked developer projects that are mainly in maintenance mode.
Damn Vulnerable RESTaurant is an open-source project that allows developers to learn to identify and fix security vulnerabilities in their code through an interactive game. "I wanted to create a generic playground for ethical hackers, developers, and security engineers where they could identify, exploit, or fix vulnerabilities. Furthermore, security engineers could implement new vulns and test their detection tools because the Python FastAPI framework allows quick development," Krzysztof Pranczk, the creator of Damn Vulnerable RESTaurant, told Help Net Security.
"The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails," OpenJS Foundation and Open Source Security Foundation leaders shared on Monday. "These emails implored OpenJS to take action to update one of its popular JavaScript projects to 'address any critical vulnerabilities,' yet cited no specifics. The email author(s) wanted OpenJS to designate them as a new maintainer of the project despite having little prior involvement."
Zarf is a free, open-source tool that enables continuous software delivery on disconnected networks. Unlike proprietary software, Zarf avoids vendor lock-in, allowing easy removal and manual deployment.
Open source password managers make their code accessible to the public, allowing users to customize the software to suit their needs. With that, I've created a list of the best open source password managers for teams and businesses.
Please turn on your JavaScript for this page to function normally. Graylog is an open-source solution with centralized log management capabilities.
While proprietary password managers offer convenience, open source alternatives provide transparency by allowing public scrutiny of their code, ensuring trustworthiness and strong security measures. Open source password managers grant users complete control over their data, reducing potential privacy concerns associated with closed-source software.