Integrating static analysis tooling (sast) into ci/cd pipelines has honestly never been easier. So let’s set up something really quick using Github Actions and CodeQL. Here we’ve setup a “super secure” application, but before we deploy or check in code, we should probably setup automated sast scanning. Navigating to the security tab, you should be […]
I wanted to share some free online resources for anyone looking to do some quick and dirty “spot checks” on suspicious files or URLs without having to setup a full blown sandbox environment and getting into malware analysis. The first resource is a super powerful online sandbox called Any.run (https://any.run/) Creating a free account is […]
I love finding out about tools and messing around with them. Today let’s talk about Sherlock. Sherlock is a powerful OSINT tool for searching usernames on social media (https://github.com/sherlock-project/sherlock). It’s super quick to install and even easier to use. Let ‘s check it out. First we start with installing it: Now that we have the […]
I just use nano. 🙂 (kidding! sort of.)
I often get asked this and my answer always shocks those who know me. I’ll be blunt, cybersecurity certifications and degrees are NOT needed to be successful in this industry or to attain a job in information security. While anecdotal, some of the most successful cybersecurity professionals I know either don’t have degrees or have […]
defensehorizon.com 