This week's articles
Open Cybersecurity Schema Framework
#announcement, #defend
A number of organizations (like AWS) announced the release of the Open Cybersecurity Schema Framework (OCSF) project, which includes an open specification for the normalization of security telemetry across a wide range of security products and services, as well as open-source tools that support and accelerate the use of the OCSF schema.
Controlling the Source: Abusing Source Code Management Systems
#attack, #ci/cd
Post detailing a few ways to abuse some of the most popular source code management systems to perform various attack scenarios, like: reconnaissance, manipulation of user roles, repository takeover, pivoting to other DevOps systems, user impersonation, and maintaining persistent access.
|