software
SquarePhish: Advanced phishing tool combines QR codes and OAuth 2.0 device code flow
In this Help Net Security video, Security Consultant Kam Talebzadeh and Senior Security Researcher Nevada Romsdahl from Secureworks, showcase SquarePhish, a tool that combines …
AWSGoat: Easy to deploy vulnerable AWS infrastructure for pentesters
Compromising an organization’s cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or a vulnerability in web …
Kali Linux 2022.3 released: Packages for test labs, new tools, and a community Discord server
Offensive Security has released Kali Linux 2022.3, the latest version of its popular penetration testing and digital forensics platform. Packaged apps to set up test labs The …
MI-X: Open source project helps you understand whether you are exploitable
In this Help Net Security video, Ofri Ouzan, Security Researcher at Rezilion, talks about MI-X (Am I Exploitable?), an open source tool aimed at effectively determining …
SimpleRisk: Enterprise risk management simplified
In this Help Net Security video, CEO/CISO Josh Sokol, showcases SimpleRisk, a fully integrated GRC platform that can be used for all of your governance, risk management, and …
Detectree: Open-source tool simplifies data analysis for blue teams, reduces alert fatigue
Many companies struggle to understand malicious activity and its effects while a security incident is in progress. It eats up time and resources that defenders need to contain …
The past, present and future of Metasploit
Metasploit is the most used penetration testing framework. In this Help Net Security video, Spencer McIntyre, Lead Security Researcher at Rapid7, talks about how Metasploit …
Why SBOMs aren’t the silver bullet they’re portrayed as
A Software Bill of Materials, often shortened to the acronym SBOM, is a formal, machine-readable inventory of software components and dependencies, information about those …
Product showcase: Passwork – the best solution for work with corporate passwords
Passwork aims to enable efficient and secure working processes through the automated management of passwords and corporate accounts. Quickly access all employee credentials. …
Product showcase: ImmuniWeb Neuron, DAST with a zero false positives SLA
Few organizations can afford regular penetration testing of their numerous web applications, APIs and microservices. Instead, they usually leverage a fully automated web …
Threat actors exchange beacons for badgers to evade endpoint security
Unidentified cyber threat actors have started using Brute Ratel C4 (BRc4), an adversary simulation tool similar to Cobalt Strike, to try to avoid detection by endpoint …
Review: Enzoic for Active Directory
Data breaches now happen so often that we don’t even pause when reading yet another headline notifying us of the latest one. We react only if the breach happened to a service …
Featured news
Sponsored
Don't miss
- 2024 Data Breach Investigations Report: Most breaches involve a non-malicious human element
- Securing your organization’s supply chain: Reducing the risks of third parties
- Understanding emerging AI and data privacy regulations
- reNgine: Open-source automated reconnaissance framework for web applications
- Women rising in cybersecurity roles, but roadblocks remain