Preflight
Preflight helps you verify scripts and executables to mitigate chain of supply attacks such as the recent Codecov hack. First of all, it's the chicken and the egg. How do you pull a legit preflight binary from us without verifying it with preflight? The best way is to grab the source, compile it yourself, and use your own binary which you put in a place that you trust. People usually have several options of how to do that safely: Put it on your own S3 bucket, Drop it on your own Artifactory or similar, Push it directly into your repos (it should be as small as 4mb and almost never change so Git should work nicely with it), Build from source into your containers directly: FROM golang:1.16-alpine AS preflight_builder RUN apk add --no-cache git WORKDIR /builds RUN GOBIN=`pwd` go get -u github.com/spectralops/preflight # Build from a bare image, copy built binary FROM alpine:3.9 RUN apk add ca-certificates COPY --from=preflight_builder /builds/preflight /usr/local/bin # use preflight as you wish RUN curl https://.. |
FEATURES
ALTERNATIVES
DroidBox is a tool for dynamic analysis of Android applications, providing insights into package behavior and security.
A spam prevention technique using hidden fields to detect and deter spam bots in Laravel applications.
A Python tool for patching Dalvik bytecode in DEX files and assisting in Android application analysis
A tool for extracting static and dynamic features from Android APKs.
CHIPSEC is a framework for analyzing the security of PC platforms and components, with tools for low-level interfaces and forensic capabilities.
NotRuler is a tool for Exchange Admins to detect client-side Outlook rules and VBScript enabled forms, aiding in the detection of attacks created through Ruler.
Inspeckage is a dynamic analysis tool for Android applications offering insights into app behavior and real-time monitoring capabilities.
An Outlook add-in for reporting suspicious emails to security teams and tracking user behavior during awareness campaigns.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.