-
### 🎛 Description
feature request
Would like to monitor and detect S3 VPC Endpoint policies for changes or certain configuration settings.
For example, from a security context, being able to …
-
We would like global support for an exfiltration proof sandbox for running custom apps in Peergos in the browser, including on localhost. Our design uses iframes on random subdomains which are sand-bo…
-
PDF Blind XSS payloads
https://portswigger.net/research/portable-data-exfiltration
-
**Describe the bug**
Data can be exfiltrated by DNS tunneling.
There's a full discussion on the [MS repo, issue 4036](https://github.com/microsoft/AzureTRE/issues/4036). The resolution is to attac…
-
Can someone provide me any examples about https://w3c.github.io/webappsec-csp/#exfiltration?
I am still not clear about how exfiltration would occur which contents of the request, such as the URL, co…
-
**What is the bug?**
When i create a new detection rule using a yaml template, the `id` does not get transferred and saved. This is a deal-breaker for automation approaches where i want to collect my…
-
Leverage the DNS data source from the dns provider (https://registry.terraform.io/providers/hashicorp/dns/latest/docs/data-sources/dns_a_record_set) so that customers don't have to resolve their URIs …
-
[As documented](https://github.com/rtic-scope#why-am-i-getting-an-erroneous-trace) we'll need to investigate the use of the ETB in order to robustly read the trace stream from the target from device s…
tmplt updated
2 years ago
-
We need a threat model to determine whether row-level security like following makes sense
https://github.com/scidsg/hushline/blob/2c89aa633d6ee2eaeb4eeb1e76e349e65a648e2d/app.py#L223-L229
My gen…
-
As per https://github.com/krmaxwell/dns-exfiltration we should synthesize Base64 encoding and exfiltration of data to hostnames under `base64.alphasoc.xyz`, as below:
1. Generate a long random bina…