Cyber Research #72Mert Coskuner·Follow2 min read·Feb 24, 2023--ListenSharePhoto by Philip Jahn on UnsplashThe newsletter will be on hiatus indefinitely for the time being.ArticlesAirbnb’s Approach to Access Management at ScaleHow Airbnb securely manages permissions for our large team of employees, contractors, and call center staff.medium.comThreat Hunting: Detection based on Prevalencealpine-sec.medium.comLet's build a Chrome extension that steals everythingToday's adventure: DIY whole hog data exfiltrationmattfrisbie.substack.comExploiting Parameter Pollution in Golang Web AppsAuthorization Vulnerabilities in Concourse CImedium.comCloud drift detection: How to resolve out-of-state changes - Bridgecrew BlogCloud configurations change. All the time. It's futile to imagine web app development without a constant stream of…bridgecrew.iomast1c0re: Part 3 - Escaping the emulatorIntroduction In the previous post, we developed a traditional stack buffer overflow exploit in the Okage: Shadow King…mccaulay.co.ukDisabling ClamAV as an Unprivileged UserAbout The Project ClamAV is an Open Source antivirus engine that is widely used on mail servers to scan incoming…archcloudlabs.comGuidance for Baseline Security Assessment on AWSThis Guidance helps customers assess their foundational security setup in their AWS account. Use the provided AWS…aws.amazon.comToolsIntroducing Sublime: A new, open approach to email securityYou can use MQL to block everything from HTML smuggling attacks to low-volume, high sophistication BEC attacks. MQL…sublime.securityGitHub - hashicorp-forge/grove: A Software as a Service (SaaS) log collection framework.Grove is not an official HashiCorp project. Grove is a Software as a Service (SaaS) log collection framework, designed…github.comGitHub - Cracked5pider/LsaParser: A shitty (and old) lsass parser.A small lsass parse i wrote long time ago. not gonna continue working on it since i only wanted to learn the basics on…github.com