Preflight
Preflight helps you verify scripts and executables to mitigate chain of supply attacks such as the recent Codecov hack. First of all, it's the chicken and the egg. How do you pull a legit preflight binary from us without verifying it with preflight? The best way is to grab the source, compile it yourself, and use your own binary which you put in a place that you trust. People usually have several options of how to do that safely: Put it on your own S3 bucket, Drop it on your own Artifactory or similar, Push it directly into your repos (it should be as small as 4mb and almost never change so Git should work nicely with it), Build from source into your containers directly: FROM golang:1.16-alpine AS preflight_builder RUN apk add --no-cache git WORKDIR /builds RUN GOBIN=`pwd` go get -u github.com/spectralops/preflight # Build from a bare image, copy built binary FROM alpine:3.9 RUN apk add ca-certificates COPY --from=preflight_builder /builds/preflight /usr/local/bin # use preflight as you wish RUN curl https://.. |
FEATURES
ALTERNATIVES
iOS Reverse Engineering Toolkit for automating common tasks in iOS penetration testing.
Runtime Mobile Security (RMS) is a powerful web interface powered by FRIDA for manipulating Android and iOS Apps at Runtime.
A platform for creating and managing fake phishing campaigns to raise awareness and train users to identify suspicious emails.
The Upstream Security Platform is a cloud-based solution for monitoring and securing connected vehicles and mobility IoT devices, offering features such as cybersecurity detection, API protection, and fraud detection.
Android vulnerability analysis system with efficient scanning and high accuracy.
DroidBox is a tool for dynamic analysis of Android applications, providing insights into package behavior and security.
Detect and warn about potential malicious behaviors in Android applications through static analysis.
MARA is a Mobile Application Reverse engineering and Analysis Framework with various features for testing mobile applications against OWASP mobile security threats.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
RoboShadow
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.