Twittor is a stealthy Python based backdoor using Twitter (Direct Messages) as a command and control server. This project has been inspired by Gcat which does the same but using a Gmail account. Setup For this to work you need: A Twitter account (Use a dedicated account! Do not use your personal one!) Register an […]
The Latest Secure Coding
Secure coding is very important in software development to ensure code security is high using techniques such as static analysis, code auditing and dynamic analysis to ensure safe coding practices are followed.
What Tools can be used for Secure Coding?
There are a variety of tools to ensure code safety, mostly based on source code auditing and static analysis.
The options available really depend on the language being used with some tools focusing on many languages such as Yasca – Multi-Language Static Analysis Toolset or specialist tools focusing on a single language like Brakeman – Static Analysis Rails Security Scanner.
Find the Best Secure Coding from 2018 here:
The peinjector is a MITM PE file injector, the tool provides different ways to infect Windows platform executable files (PE COFF) with custom payloads without changing the original functionality. It creates patches, which are then applied seamlessly during file transfer. It is very performant, lightweight, modular and can be operated on embedded hardware. Features Full […]
Gcat is a stealthy Python backdoor that uses Gmail as a command and control server. It’s fairly basic right now, but it’s an interesting proof of concept and if the community got behind it and contributed some new features it could be a pretty powerful piece of kit. Feature wise it doesn’t have that much, […]
Dharma is a tool used to create test cases for fuzzing of structured text inputs, such as markup and script. It takes a custom high-level grammar format as input, and produces random well-formed test cases as output – it can be used as a grammar fuzzing tool. API programming is complex and subtle programming mistakes […]
AddressSanitizer (aka ASan) is a very fast memory error detector for C/C++, Tthe average slowdown of the instrumented program is ~2x. The tool works on x86 Linux and Mac, and ARM Android. AddressSanitizer is based on compiler instrumentation and directly-mapped shadow memory. The tool consists of a compiler instrumentation module (currently, an LLVM pass) and […]
So, Agile Security? How does it fit into the new age of rapid iteration, continuous integration and continuous development? It’s an interesting discussion and personally very on point for me as I operate in an agile organisation and just today took (and passed yay me) my Scrum Master certification. The traditional silo approach of security […]