Rubén Santos García7h ago
GitHub Actions is a secrets vault with a pipeline attached. pull_request_target + fork checkout = attacker gets your secrets. ${{ github.event.issue.title }} in a run step is command injection. Mutable action tags let one compromised maintainer hit thousands of repos (see tj-actions 2025). Self-hosted runners are persistent footholds. https://www.kayssel.com/newsletter/issue-46/
#InfoSec #CyberSecurity #Pentesting #BugBounty #OffSec #SupplyChain
GitHub Actions: Pipelines as Attack Surface

pull_request_target pwn requests, script injection via expressions, secrets exfiltration, poisoned pipeline execution, self-hosted runner persistence, and Gato-X

Kayssel
Habr3d ago

Системной подход к сдаче OSWE в 2025

Offensive Security Web Expert ( OSWE ) – продвинутая сертификация offsec по безопасности WEB приложений. Причем ключевым отличием от менее известного Offensive Security Web Assessor ( OSWA ) является упор на анализ исходного кода приложения, то есть поиск уязвимостей в формате «белого» ящика. Окончательное решение сдавать этот экз я принял на бизнес съезде в Турции, когда познакомился с предпринимателем, который проходил ironman (ссылка) дважды. Мой поздний достигатель сразу загорелся идеей о стремительной подготовке. Однако товарищ председатель кооператива задал мне закономерный вопрос: «А OSWE сдать ты не хочешь?». 9 апреля 2025 года, в своём телеграм-канале PathSecure я опубликовал новость о приобретении курса :)

https://habr.com/ru/articles/1024100/

#pentest #offsec #oswe #web #security #education

Системной подход к сдаче OSWE в 2025

Введение Offensive Security Web Expert ( OSWE ) – продвинутая сертификация offsec по безопасности WEB приложений. Причем ключевым отличием от менее известного Offensive Security Web Assessor ( OSWA )...

Хабр
Negative PID SL6d ago

Open security and OffSec projects
https://negativepid.blog/open-security-and-offsec-projects/

#openSource #cyberSecurity #offSec #openSourceProjects #openCode #applications #cyberattacks #cyberThreats #onlineSecurity #negativepid

Open security and OffSec projects - Negative PID

Security research is one of the areas where open source has had the deepest and most complex impact. Tools built openly are used to defend critical

Negative PID
Carlos Mogas da SilvaApr 9

🎯 Passed the OSCP+!  

After a lot of late nights, practice labs, and more failed shells than I'd like to admit — I finally have the cert in hand.

Some words for the family: Thank you — the late nights would have been much harder without your patience and understanding.

On to the next one. 🔐 🤐 🙈

#OSCP #OffSec

Negative PID SLApr 8

Inside the tools of Anonymous

https://negativepid.blog/inside-the-tools-of-anonymous/

#anonymous #hackingTools #hackers #offSec #offensiveKits #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #negativepid

Inside the tools of Anonymous - Negative PID

In the mythology of Anonymous, operations often looked spontaneous — a flash-mob of code striking from nowhere, vanishing just as quickly. But behind that

Negative PID
Negative PID SLApr 5

Open security and OffSec projects
https://negativepid.blog/open-security-and-offsec-projects/

#openSource #cyberSecurity #offSec #openSourceProjects #openCode #applications #cyberattacks #cyberThreats #onlineSecurity #negativepid

Open security and OffSec projects - Negative PID

Security research is one of the areas where open source has had the deepest and most complex impact. Tools built openly are used to defend critical

Negative PID
Negative PID SLApr 2

How to become a bug bounty hunter

https://negativepid.blog/how-to-become-a-bug-bounty-hunter/

#bugBounty #securityResearch #cybersecurityCareers #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #negativepid #offSec

How to become a bug bounty hunter - Negative PID

Many people entering the cybersecurity field believe that the only way to demonstrate their skills to a prospective employer is to hack into their systems.

Negative PID
Negative PID SLApr 1

Inside the tools of Anonymous

https://negativepid.blog/inside-the-tools-of-anonymous/

#anonymous #hackingTools #hackers #offSec #offensiveKits #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #negativepid

Inside the tools of Anonymous - Negative PID

In the mythology of Anonymous, operations often looked spontaneous — a flash-mob of code striking from nowhere, vanishing just as quickly. But behind that

Negative PID
Negative PID SLMar 29

Breaking into offensive security

https://negativepid.blog/breaking-into-offensive-security/

#OffSec #offensiveSecurity #ethicalHacking #redTeam #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #negativepid

Breaking into offensive security - Negative PID

Offensive security roles attract people who enjoy thinking creatively, solving puzzles, and understanding systems from the inside out. Whether you want to

Negative PID
Rubén Santos GarcíaMar 29
OAuth account takeover doesn't need leaked tokens. No state param = CSRF to forced account linking. Loose redirect_uri matching = code theft via open redirect chains. Implicit flow puts tokens in browser history and Referer headers. PKCE bypass when not enforced server-side. SSRF via OpenID dynamic client registration. Six patterns, all with labs. https://www.kayssel.com/newsletter/issue-43/ #OAuth #BugBounty #Pentesting #websecurity #Offsec #InfoSec
OAuth 2.0: Six Ways the Authorization Flow Breaks

Missing state CSRF, redirect_uri hijacking, open redirect code theft, implicit flow token leakage, PKCE bypass, and SSRF via OpenID dynamic client registration

Kayssel