Is a CTF pointless? Learning through games.

What is CTF? Capture the flag or CTF is kind of gamified activity to learn computer science, cybersecurity, information security and programming in general. This is a awesome way to get into computer science, networking basics, cryptography, reverse engineering, web forensics technologies and many more. Learn with fun. So, there are different styles or types … Read more

Detecting credentials leak with GitLeaks

GitLeaks is an open source tool used to detect and prevent secrets like passwords, api-keys, tokens be checked in to git repository. The main advantage of GitLeaks is that it not only scans your latest source code but also the entire git history identifying any secrets committed to your source code in the past as … Read more

Learning Poisoned Pipeline Execution (PPE) with CI/CD goat

Poisoned Pipeline Execution (PPE) is a pentesting methodology and attack vector abuses permissions against an SCM repository, in a way that causes a CI pipeline to execute malicious commands. Users that have permissions to manipulate the CI configuration files, or other files which the CI pipeline job relies on, can modify them to contain malicious … Read more