Cybersecurity cert prep: Lab 14 (Path Traversal) — null byte attacks, console→Python (sys), and traversal protection

https://peertube.eqver.se/w/kHmZkggCrQ8oLSTeKKgf6F

Cybersecurity cert prep: Lab 22 (JWT) — elevate privileges to admin using CSRF, Python, and Burp Suite

https://peertube.eqver.se/w/wBG3eMFearpz9ffD1NJ69o

Getting ready for the cybersecurity certification exam — Lab 4 (SSRF) — Delete a user. Python, Burp Suite

https://peertube.eqver.se/w/2ZtruSwcdQHW2zYj52AMbN

Thanks to @eelcoa I learned today, that the Python Software Foundation ( @ThePSF ) rejected a $1.5 Million USD fund, because they demonstrated integrity by not bowing down to #Trump and instead stand by their mission statement "(...) to support and facilitate the growth of a diverse and international community (...)", something that the US Government is blackmailing companies and organisations around the world(!) to stop doing!

This is worth supporting, and with approximately over 8 Million estimated Python programmers around the globe[1], that $1.5 Million USD could be reached by all of us with ease by giving back.

Support them here: https://psfmember.org/civicrm/contribute/transact/?reset=1&id=2

Read the full statement here: https://pyfound.blogspot.com/2025/10/NSF-funding-statement.html?m=1

Donate, spread the message, follow them on mastodon, and be part of showing big tech companies of how it is done right!

Original toot by eelcoa (in Dutch): https://mastodon.nl/@eelcoa/115456773063510298

--

[1] Number of Python programmers taken from here, which is also worth a read: https://leftronic.com/blog/python-statistics

#python #psf #thepsf #supportpsf #funding #pythonsecurity #pipy #pipysecurity #dei #NoTrump

So it goes. Part I

🧩 Been poking at eval() and exec() in Python — they're deceptively powerful. One stray input and you're one __import__ away from a shell.
Remote Code Execution (RCE) isn’t just old news — it’s still real, still nasty in the wrong hands.

🌲 Python’s ASTs let you trace what a script really does without running it — but just one layer of obfuscation, and they fall apart.

Small tools, deep cuts. Keep digging.

#PythonSecurity #ReverseEngineering #Cybersecurity

Hello everyone.

In today's article, we are examining one of the popular cyber attacks, the arp poisoning attack, with coding.

I wish everyone a good reading

https://denizhalil.com/2024/11/22/arp-spoofing-attack-and-with-python-project/

#cybersecurity #networksecurity #arpspoofing #pythonhacking #pythonsecurity

🔒 Learn how to write secure Python code with our comprehensive step-by-step guide! 🐍

🔑 Key tips:
- Use virtual environments for dependency isolation 🌐
- Limit variable and function scope 🔍
- Modularize code for better security 🧩
- Protect against code injection 🛡️
- Follow the principle of least privilege 🔒
- Implement strong authentication and authorization 🔑
- Practice proper session management ⏰
- Be cautious with eval() and exec() functions ⚠️

Read the full guide here: https://cybersecurefox.com/en/secure-python-code-step-by-step-guide/

Remember, security is an ongoing process. Regularly review and update your code, and stay informed about the latest security recommendations. 📈
Share your favorite Python security tip in the comments below! 💬

#PythonSecurity #SecureCoding #Cybersecurity #ProgrammingTips
https://cybersecurefox.com/en/secure-python-code-step-by-step-guide/

Python's urllib3 has fixed a low severity vulnerability in version 2.2.2, which was released yesterday.
This vulnerability has been assigned CVE-2024-37891.
For those not familiar with urllib3, it describes it's self as

a powerful, user-friendly HTTP client for Python

It is used by many projects and libraries, including the popular requests library.

https://github.com/urllib3/urllib3/security/advisories/GHSA-34jh-p97f-mpxf

#CVE_2024_37891 #urllib3 #pythonSecurity