Cyber Research #68Mert Coskuner·Follow2 min read·Jan 28, 2023--ListenSharePhoto by Sahil Pandita on UnsplashArticlesDragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code InterpretationSentinelLabs tracks a cluster of recent opportunistic attacks against organizations in East Asia as DragonSpark…www.sentinelone.comZero days in common identity manager system (And the complexities of exploiting them via a WAF)CyberCX discovered three distinct vulnerabilities in Symantec Identity Manager 14.3 during a routine penetration test…blog.cybercx.com.auUnauthenticated SSRF Vulnerability on Azure FunctionsIn this blog we describe how we uncovered an SSRF Vulnerability in Azure Functions allowing any unauthenticated user to…orca.securitySSH key injection in Google Cloud Compute Engine [Google VRP]This write-up is the first in a series of write-ups about bugs that I, and Sreeram, found in Google Cloud during 2022…blog.stazot.comNew Hires, Lost Keys & Lessons Learned (Passwordless Authentication Series, #3)Lessons learned implementing FIDO2 authentication, from registering new hires to managing lost keys.blog.palantir.comA step-by-step introduction to the use of ROP gadgets to bypass DEPSummary DEP (Data Execution Prevention) is a memory protection feature that allows the system to mark memory pages as…cybergeeks.techSetting up a secure CI/CD pipeline in a private Amazon Virtual Private Cloud with no public…With the rise of the cloud and increased security awareness, the use of private Amazon VPCs with no public internet…aws.amazon.comToolsGitHub - preludeorg/build: Author, test and deploy security testsPrelude Build is an easy-to-use IDE - purpose built for authoring, testing and verifying security tests for use in real…github.comGitHub - Exein-io/pulsar: A modular and blazing fast runtime security framework for the IoT…Pulsar is an event-driven framework for monitoring the activity of Linux devices at runtime, powered by eBPF. The…github.com