AcquireX’s Post

Part 3 - 1st Section: Common Method for Extracting and Analyzing.asar Files https://bit.ly/3UTnhVE Part 4 - 2nd Section: Information Disclosure of Hardcoded Keys and Encryption Algorithm(in AesFormula.js File)Resulting in Compromised the Real Credentials https://bit.ly/3UOM7Gk

API leaks is becomming top-3 API security threats for this year. Here is why Summary: I was able to find Jira Admin API Keys disclosed within Mozilla’s #███ Slack channel which was posted by a staff member of Mozilla. Steps To Reproduce: 1.Navigate to the following file -█████ 2.Observe the exposed credentials on line 310-312 of the Python Script. 3. Verify Groups with the following CURL request - curl -u "██████:ATATT3xFfGF0V99l_█████████551CCC5D" -H "Content-Type: application/json" https://lnkd.in/em8CFe6Z Observe the following output which shows that the user is a Jira Administrator, Administrator and Jira Service Desk user etc. [{“name”:“jira-servicedesk-users”,“groupId”:“███”,“self”:“███████:“jira-administrators”,“groupId”:“████████”,“self”:██████:“jira-software-users”,“groupId”:“███”,“self”:██████████:“jira-servicemanagement-customers-mozilla-hub”,“groupId”:“██████████”,“self”:███:“site-admins”,“groupId”:“████████”,“self”:██████:“administrators”,“groupId”:“██████████”,“self”:██████:“Managers”,“groupId”:“█████”,“self”:██████”}] Impact Summary: Admin API credentials provide elevated privileges that can grant access to all projects, user accounts, configurations, and other sensitive data stored in Jira. https://lnkd.in/eCHs_cqR

Tech does not end at learning programming languages, you need decent knowledge of networking, web infrastructures (web servers, load balancer, Firewalls, etcetera), version control systems, software or product design and Architecture, and project management. Because all this printf(), scanf), print), console.log() that majority of us are doing is not enough. Buckle your shoes, you just only hit the road and I wish you all the best in this Tech thing. git add. git commit -m "RESILIENCE" git push

10 qualities of modern application security teams modern appsec teams - know and keep learning coding basics - help (not ask) devs to fix vulnerabilities - use LLMs in their daily work - identify security champions - focus heavily on automation - know when to build vs. buy - ask right questions to devs - quickly adapt to new threats - focus on finding vulnerabilities early in SDLC - continuously learn from peers in other companies ------

Security needs to be an enabler, not a blocker. We have to work with our various development teams, whether they be software devs or systems devs(DevOps/SRE), at their pace. It’s not about telling them which technologies are allowed and which aren’t. It’s about working with them on incorporating security controls in whatever technology they want to use. We have to get our hands dirty with them, not dictate to them. Guardrails and guidelines not roadblocks. #appsec #cloudsec #cybersecurity #infosec #technology #softwaredevs

Atlassian Confluence Administrator Code Macro Remote Code Execution #shreateh #exploit #hacker #computer #cybersecurity #blackleaders #technology #vulnerability #vulnerabilityisstrength #vulnerable #infosec #security #tech #hacking #programming #hackers #coding #safety #cybersec

Friends don't let friends to build an application inside a container build context (aka `docker|podman build -f ./Dockerfile .`) . Why? Because the `container build context` - runs with privileges, it takes all the cpu and memory it can grab. - efficient build caching is problematic, volume mounting let's say it is impossible when your CI is not in cowboy mode, The build context is designed to assemble the image, not to create the artefacts. What to do instead? Run the build and copy the final artefacts into your image: `podman run --mount ... && podman build ...` . (Yes, there are more sofisticated ways, but this is better by a long mile than doing multi-staged builds and crank everything into a Dockerfile.) Thoughts?

A successful release is just the beginning.... Releasing your software into production is a huge milestone, but it’s not the end of the journey. Post-release monitoring is essential to keep your software healthy and your users happy. Here’s why: ✅ Why Monitor After Release? 🚀 Early Detection of Issues: Identify and resolve problems before they escalate. 🚀 Performance Tracking: Ensure your software continues to run efficiently. 🚀 User Experience: Maintain a seamless and reliable experience for users. ✅  Key Points: 🚀 Continuous Monitoring: Regularly check software performance and health. 🚀 Error Detection: Catch bugs and errors early to minimize impact. 🚀 Resource Utilization: Monitor and optimize resource usage. 🚀 Security: Keep an eye on security vulnerabilities and threats. 🚀 User Feedback: Gather and act on user feedback for improvements. Remember, a successful release is just the beginning. Keep monitoring to ensure ongoing success and user satisfaction. #softwareEngineering #coding #programming #software

Automatic, Like My Jumpshot 😉 Part 1 Alright guys, here is where we make our money. Automation with scripting. Companies love an employee who knows time management and task prioritization. We can achieve both of these by creating bash shell scripts, placing them in a text editor, and running the file as a program. This cuts down on time spent entering repetitive and tedious commands and allows us to focus on projects that may be more time-consuming. Efficiency is gold in the tech field; if you can do something quicker than the next person with the same accuracy, then you are a valuable asset.   Text editors are available for almost every Linux distribution. Let's take Vi, for example. Vi has a bit of a learning curve but can be very powerful once you learn how to use it. To create a Vi file, use the vi command followed by the name you want to call the file. Before inputing any commands, write #!/bin/bash in the first line. This is called a shebang (yeah, I know, I know); this basically makes it clear that this is a bash shell script and it needs to be treated as such. The path gives direction to the bash shell executable, activating the file when it's triggered to run. You can put any commands that you want to run automatically in this file. To run your vi file, enter the command bash, then the name of the file.    You can execute a file without using the bash command by changing the permissions of the file to be run by any user. To do this, we can use the chmod command. Chmod a+x grants access to any user to be able to run the file as long as ./ is put before the file name.

🔒 Understanding the Software Development Life Cycle with Rex The Code Crafters 🔒 At Rex The Code Crafters, we believe that a well-structured Software Development Life Cycle (SDLC) is crucial to delivering robust, secure, and efficient software solutions. Here's a closer look at the key stages of our SDLC that ensure top-notch cybersecurity and seamless performance: Planning: Identifying project requirements, defining scope, and setting achievable goals. Analysis: Analyzing user needs and system requirements to create a solid foundation. Design: Crafting detailed blueprints and prototypes to guide development. Development: Writing clean, efficient code while integrating security best practices. Testing: Rigorous testing to identify and fix vulnerabilities, ensuring reliability and security. Deployment: Seamless implementation of the software into the production environment. Maintenance: Continuous monitoring and updating to adapt to evolving cybersecurity threats and user needs. 🔍 Why Choose Rex The Code Crafters? ✅ Expertise: Our team is composed of seasoned professionals with deep cybersecurity knowledge. ✅ Quality Assurance: We prioritize security at every stage, ensuring your software is resilient against threats. ✅ Customer Focus: We work closely with our clients to tailor solutions that meet their unique needs. Stay ahead in the digital landscape with a partner that understands the importance of security and efficiency. Let's build something great together.