hugo-syn
hugo-syn
I found a new gadget in Wildfly, it's in the wildfly-connector component. The gadget is really simple, it performs a JNDI connection: ``` File: WildFlyDataSource.java 113: private void readObject(java.io.ObjectInputStream in)...
Here is a pull request to retrieve the AppRoleAssigments. I've added the new *kind* *AZAppRoleAssignment*, it contains the AppRoleAssignment. Nothing else is needed since the AppRole definition can be found...
Hello, It would be great to retrieve the different app role assignments to find new attack paths like the ones described in this article: https://posts.specterops.io/azure-privilege-escalation-via-azure-api-permissions-abuse-74aee1006f48. Is this something that is...
Hi, I made a pull request on *AzureHound* (https://github.com/BloodHoundAD/AzureHound/pull/5) to retrieve the *AppRoleAssignment*. Here is the implementation in BloodHound. I've created 1 new node (*AZAppRole*) and 2 new edges (*AZHasAppRole*,...
New heuristics to detect SHA1 hashes when we provide credz to decrypt the masterkey.
I've added a new entry in _BuiltinUntrustedInputs_ because I already saw something like this where It's possible to inject code in the runner from an opened issue: ```yaml name: Test...
Hi, Using the syntax `${{ env.FOO }}` for accessing environment variable can cause severe security issues, it's recommended to use the regular shell syntax `$FOO` or `$Env:FOO` for PowerShell. Here...
_actionlint_ fails to display the position of the error when using multiline scripts in the _rule_expression.go_ like this one: ```yaml name: Test on: push jobs: dummyjob: runs-on: ubuntu-latest steps: -...
Translation of some sentences into French
Hi, here is the French translation of the README.md :)