Integrating static analysis tooling (sast) into ci/cd pipelines has honestly never been easier. So let’s set up something really quick using Github Actions and CodeQL. Here we’ve setup a “super secure” application, but before we deploy or check in code, we should probably setup automated sast scanning. Navigating to the security tab, you should be […]
I wanted to share some free online resources for anyone looking to do some quick and dirty “spot checks” on suspicious files or URLs without having to setup a full blown sandbox environment and getting into malware analysis. The first resource is a super powerful online sandbox called Any.run (https://any.run/) Creating a free account is […]
I just use nano. 🙂 (kidding! sort of.)
I often get asked this and my answer always shocks those who know me. I’ll be blunt, cybersecurity certifications and degrees are NOT needed to be successful in this industry or to attain a job in information security. While anecdotal, some of the most successful cybersecurity professionals I know either don’t have degrees or have […]
Recon is such a critical part of penetration testing and is so important it’s been incorporated into frameworks such as OSSTMM, PTES, NIST SP800-115. But why does it need to be strictly for penetration testing? One of the main reasons I love red team training and CTFs is so I can leverage the knowledge as […]
defensehorizon.com 