#security-engineering — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #security-engineering, aggregated by home.social.
-
Linux Security Auditing with Lynis
In this article, I cover how to use Lynis for Linux security auditing, system hardening, and practical vulnerability assessment.
🔗 https://denizhalil.com/2025/03/17/linux-security-auditing-with-lynis/
#CyberSecurity #LinuxSecurity #Lynis #SecurityAuditing #SystemHardening #BlueTeam #DevSecOps #InfoSec #Linux #ITSecurity #SecurityEngineering #DenizHalil
-
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
Linux Security Auditing with Lynis
In this article, I cover how to use Lynis for Linux security auditing, system hardening, and practical vulnerability assessment.
https://denizhalil.com/2025/03/17/linux-security-auditing-with-lynis/
#CyberSecurity #LinuxSecurity #Lynis #SecurityAuditing #SystemHardening #BlueTeam #DevSecOps #InfoSec #Linux #ITSecurity #SecurityEngineering #DenizHalil
-
Linux Privilege Escalation Cheat Sheet: Techniques and Prevention.
In this cheat sheet, I break down essential enumeration commands, common escalation paths, and practical techniques every security professional should know.
https://denizhalil.com/2025/06/30/linux-privilege-escalation-cheat-sheet/#CyberSecurity #LinuxSecurity #PrivilegeEscalation #Pentesting #RedTeam #BlueTeam #InfoSec #ethicalhacking #SecurityEngineering #itsecurity
-
UDP Network Monitoring with C++: A Comprehensive Guide
In this guide, I demonstrate how to build a UDP packet sniffer in C++ using raw sockets, parse packet headers, and extract key data like source/destination IPs and ports.
https://denizhalil.com/2025/07/14/udp-network-monitoring-cpp-packet-sniffer/#CyberSecurity #NetworkMonitoring #PacketSniffer #UDP #Cpp #NetworkSecurity #InfoSec #BlueTeam #RedTeam #InfoSec #securityengineering #denizhalil
-
Spoofing Packets with Scapy: A Comprehensive Guide
In this article, I cover how packet spoofing works with Scapy, practical use cases, and key security implications.
https://denizhalil.com/2025/07/22/spoofing-packets-with-scapy-a-comprehensive-guide/#CyberSecurity #Scapy #PacketSpoofing #NetworkSecurity #Python #EthicalHacking #RedTeam #BlueTeam #Pentesting #InfoSec #SecurityEngineering #denizhalil
-
Cybersecurity Interview Questions and Answer Tips
In this article, I cover the most common cybersecurity interview questions and how to approach them effectively.
https://denizhalil.com/2025/12/08/cybersecurity-interview-questions-2025/
#CyberSecurity #InfoSec #CyberSecurityCareer #InterviewPrep #SOC #RedTeam #BlueTeam #ITSecurity #CareerDevelopment #EthicalHacking #SecurityEngineering #denizhalil
-
Python C2 Server for Red Teaming: A Comprehensive Hands-On Guide
In this guide, I walk through building a Python-based C2 server, covering its architecture, encrypted communication, and real-world operational workflow.
https://denizhalil.com/2025/12/15/python-c2-server-red-teaming-guide/#CyberSecurity #RedTeam #C2 #commandandcontrol #Python #offensivesecurity #Pentesting #infosec #threatdetection #blueteam #securityengineering #ethicalhacking
-
Mastering Linux Firewalls: A Deep Dive into Netfilter and iptables
In this article, I cover how iptables works, its architecture, and practical firewall configuration techniques.
https://denizhalil.com/2025/12/31/netfilter-iptables-firewall-configuration-guide/#CyberSecurity #LinuxSecurity #iptables #Netfilter #NetworkSecurity #Firewall #InfoSec #BlueTeam #DevSecOps #securityengineering #ITSecurity #denizhalil
-
What is SNMP Security and Exploitation: A Comprehensive Guide
In this article, I cover how SNMP exploitation works, common vulnerabilities, and how to properly secure it.
https://denizhalil.com/2026/01/21/snmp-security-exploitation-guide#CyberSecurity #SNMP #NetworkSecurity #InfoSec #InfrastructureSecurity #BlueTeam #RedTeam #Pentesting #ITSecurity #SecurityEngineering #DenizHalil
-
SSH Tunneling and Port Forwarding Techniques: A Comprehensive Guide
In this article, I cover:
* How SSH tunneling works under the hood
* Local, remote, and dynamic port forwarding techniques
* Real-world use cases (databases, internal services, pivoting)
* Security risks and hardening recommendationshttps://denizhalil.com/2026/02/02/ssh-tunneling-port-forwarding-guide/
#CyberSecurity #sshtunneling #portforwarding #NetworkSecurity #Linux #RedTeam #BlueTeam #Pentesting #InfoSec #securityengineering #EthicalHacking #ITSecurity
-
Most AWS IAM knowledge isn’t learned in tutorials — it’s learned at 3AM during outages.
From AccessDenied errors to SCP traps and policy misconfigurations, this deep dive reveals real-world IAM troubleshooting strategies used by experienced engineers.
Read now: https://shorturl.at/6PmBR
#AWS #IAM #CloudSecurity #DevOps #SRE #CloudEngineering #AWSTips #SecurityEngineering #tech
-
Beyond the surface of a steel door lies a world of precision engineering. From internal reinforcements to blast-resistant cores. Ever wondered what makes a security door virtually impenetrable?
We’re peeling back the steel layers to show you.
https://vocal.media/stories/the-hidden-engineering-behind-high-security-steel-doors
#SecurityEngineering #SteelDoors #PhysicalSecurity #Architecture #BuildingDefense -
OpenAI confirmed that limited API-user data was exposed through a breach at its previous analytics provider, Mixpanel. The dataset included names, emails, coarse location, user/organization IDs, and technical metadata — but no chats, passwords, API keys, or payment data.
Researchers noted that sending identifiable data to analytics tools isn’t aligned with typical security best practices.
What’s your view on data minimization in analytics pipelines?
Source: https://cybernews.com/security/openai-mixpanel-cybersecurity-incident-breach/
Share your thoughts - and follow us for more updates.
#InfoSec #CyberSecurity #DataPrivacy #OpenAI #Mixpanel #APISecurity #DataBreach #VendorSecurity #ThreatIntel #SecurityEngineering #TechNews
-
New blog post live for my Sentinel Saturday series! :1000: :apartyblobcat:
Read the blog 👉 https://marshsecurity.org/sentinel-saturday-using-tasks-with-automation/In this post, I explore the power of using Microsoft Sentinel Tasks as part of your automation workflows.
Most teams aren’t getting the full #value out of Tasks in Microsoft Sentinel. Are you? When you combine Sentinel Tasks with automation, they become a game-changer.
- Auto-create tasks when automation fails (so nothing slips through the cracks)
- Auto-complete tasks when automation succeeds
- Use tasks to verify automation outcomes
- Build engineering feedback loops and automation #QARead the blog 👉 https://marshsecurity.org/sentinel-saturday-using-tasks-with-automation/
#MicrosoftSentinel #SentinelAutomation #CyberSecurity #SOCAutomation
#CloudSecurity #AzureSecurity #SIEM #SecOps #Automation #InfoSec
#CyberSecurityCommunity #BlueTeam #ThreatDetection #SecurityEngineering #SecurityOperations -
A Canon Hall of Fame classic by Dr. Ross Anderson continues to prove its significance in modern security practices.
Our most recent #Newsletter covers an Infosecurity Magazine article that aligns with many points from two recent canon-reviewed books, as well as an old favorite, 𝘚𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘌𝘯𝘨𝘪𝘯𝘦𝘦𝘳𝘪𝘯𝘨.
While Ron Woerner’s Canon review was of the 2008 2nd edition, Dr. Anderson has since released a 3rd edition just a few years ago.
📰 https://cybercanon.substack.com/p/november-newsletter-spotlight-on
🛍️ If interested in purchasing the latest edition and supporting the Canon, please consider using this affiliate link: https://amzn.to/47NiFa4
-
Hello #InfoSec community!
I'm James (JMo), a Institute of Data x Michigan Tech Cybersecurity Bootcamp grad who built an open-source security scanner as part of my capstone project.
**JMo Security** orchestrates 11 tools (Trivy, Semgrep, TruffleHog, ZAP, Falco) with:
✅ Multi-target scanning (repos, containers, IaC, web apps, GitLab, K8s)
✅ Auto-compliance mapping (OWASP, CWE, NIST, PCI DSS, CIS, ATT&CK)
✅ Unified reporting (dashboard, SARIF, JSON)**Quick start:**
pip install jmo-security jmotools wizard📖 Docs: https://docs.jmotools.com
🐙 GitHub: https://github.com/jimmy058910/jmo-security-repo**Actively seeking #DevSecOps / #AppSec roles!** DMs open for opportunities or technical feedback.
What security tools are you using in your workflows?
#CyberSecurity #OpenSource #Python #SecurityEngineering #JobSearch
-
Prompt injections are still a problem – August 2025 edition
Independent AI researcher Johann Rehberger (previously) has had an absurdly busy August. Under the heading The Month of AI Bugs he has been publishing one report per day across an array of different tools, all of which are vulnerable to various classic prompt injection problems. This is a fantastic and horrifying demonstration of how widespread and dangerous these vulnerabilities still are, almost three years after we first started talking about them.
Johann’s published research in August so far covers ChatGPT, Codex, Anthropic MCPs, Cursor, Amp, Devin, OpenHands, Claude Code, GitHub Copilot and Google Jules. There’s still half the month left!
The Summer of Johann: prompt injections as far as the eye can see
Previously:
https://gurupanguji.com/2025/04/23/notes-on-llms/
https://gurupanguji.com/2025/08/06/trust-in-the-world-of-ai/
#ai #engineering #llms #model #promptInjection #security #securityEngineering #software
-
🔐SSH and shell-free
🧱Immutable by default
🔁Trusted Boot out of the boxBecause we believe security starts at the foundation. Here's what makes Talos Linux different.
🔗 https://www.siderolabs.com/blog/mastering-security-in-your-kubernetes-infrastructure/
#Kubernetes #TalosLinux #DevSecOps #CloudNative #SecurityEngineering
-
This hands-on guide shows how to build secure, scalable data pipelines using open source tools like Filebeat, Logstash, Kafka, and Ansible.
Learn to collect, transform, enrich, and centralize security telemetry from Windows, Linux, and network sources. A practical resource for anyone supporting detection, forensics, or incident response.
-
📣 We’re expanding.
To reach more of the #Fediverse and engage with #AI, #Privacy, and #Security voices outside the infosec world, you can now also find us at:
👉 @confsecSame mission. Same stance:
🔐 Provable privacy
🚫 No visibility, no retention
✅ Built for compliance, AI, and trust#CyberSecurity #AIPrivacy #PrivateAI #LLM #SecurityEngineering #DataPrivacy
-
Thoughts on the Impact of Generative AI on Security Engineering Careers: https://scottponte.substack.com/p/thoughts-on-the-impact-of-generative
-
Automation made us fast.
AI agents might make us fearless—or reckless.
In this deep-dive opinion piece, we explore how DevSecOps evolves when autonomous AI joins the team.
What gets better? What gets worse? Let’s talk.#DevSecOps #AI #Automation #SecurityEngineering #TechLeadership #AIInSecurity
https://webdad.eu/2025/06/18/devsecops-in-the-age-of-autonomous-ai-what-gets-better-what-gets-worse/
-
From scanning ports to structuring security programs that meet real-world demands, this book helps practitioners level up from technical know-how to strategic capability.
It bridges foundational knowledge with practical security leadership. Designed for those who build, defend, and explain security every day
https://nostarch.com/foundationsinfosec
#infosec #cybersecurity #securityengineering #nmap #SOC2 #compliance #devops #securityculture
-
Day 1 of posting to social media until I get an offensive security research job
First, I’m going to start with what I know – Windows. I need to recreate what I had access to at Microsoft, so that starts by setting up a dev environment and finding a copy of Windows System Internals, perhaps the greatest resource for learning Windows out there. My expertise is in Windows and virtualization, so I’m going to make sure I master those areas.
Next, I don’t think I want to grind coding exercises, but I do need to shake the rust off my coding skills. I think I’m going to start with some HackTheBox challenges and find some CTFs to participate in.
Finally, my long overdue goal: learn Rust. I’m not sure if this will help immediately, as I could choose to improve my knowledge of Python. But Rust was getting more and more popular in the areas of Windows I was tasked with protecting, so I need to learn what all the fuss is about with regards to memory safety.
If anyone is on a similar journey, let’s hold each other accountable in the comments! I will be sure to document any write-ups at blog.maxrenke.com (work in progress).#OffensiveSecurity #CyberSecurity #WindowsInternals #HackTheBox #CTF #EthicalHacking #RedTeam #BlueTeam #RustLang #PythonProgramming #DevEnvironment #InfoSec #CyberCareer #SecurityResearch #MemorySafety #CyberCommunity #JobSearch #TechJourney #SecurityEngineering #Pentesting #LearningEveryDay