GitHub said it detected and contained a compromise of an employee device on May 18 involving a poisoned third-party Visual Studio Code extension. The activity involved exfiltration of GitHub-internal repositories only, and the attacker's claim of approximately 3,800 repositories was directionally consistent with the company's investigation.

The company also reported no evidence of impact to customer information stored outside its internal repositories. The entry point is what makes the incident unusual. GitHub's public account did not describe a direct compromise of its own platform or production systems. It centered on software running on a developer workstation: an editor extension installed through the same kind of channel developers use every day.

>> continue reading

Nmap, short for Network Mapper, is a network scanning tool used to discover hosts, identify open ports, enumerate services, detect operating systems, and check for known vulnerabilities.

From a penetration testing perspective, Nmap helps answer a few important questions:

>> continue reading

Today I started learning about the basics of John the Ripper. It is a popular and well-known hash-cracking tool. I will dive into some pre-requisites and basic knowledge of cryptography terms before I cover the basics of the tool.

Most modern systems do not store user passwords in plain text. Instead, they store a hashed version of the password.

>> continue reading

Hello World.

It is a beginners first step into programming. On its own, it does almost nothing, but it represents the foundation that everything else is built on.

>> continue reading