

Ax Sharma
Contributor
Ax Sharma is an experienced security researcher, engineer, and cybersecurity reporter. His expertise lies in malware analysis, vulnerability research, and web app security. Through responsible disclosure, Ax has previously exposed serious bugs and security vulnerabilities impacting major national and global organizations.

Sigma rules explained: When and how to use them to log events
Sigma rules allow you to detect anomalies in log events and identify suspicious activity.

Who's who in the cybercriminal underground
Cybercriminal groups are specializing as malware developers, initial access brokers, ransomware-as-a-service providers, data brokers, and other roles.

Prioritizing and remediating vulnerabilities in the wake of Log4J and Microsoft's Patch Tuesday blunder
Vulnerability disclosures often come in bunches, and unvetted patch updates can create their own problems. Here's how to assess and prioritize both.

6 ways hackers hide their tracks
From trusted pentesting tools to LOLBINs, attackers abuse trusted platforms and protocols to evade security controls.

Software composition analysis explained, and how it identifies open-source software risks
SCA tools give insight into open-source software components and the vulnerabilities they have.

SSRF attacks explained and how to defend against them
Server-side request forgery (SSRF) attacks consist of an attacker tricking the server into making an unauthorized request. Defending against them can be relatively easy.

Java deserialization vulnerabilities explained and how to defend against them
Java provides a means to conveniently serialize data to maintain its integrity as it's sent over a network. Attackers can exploit vulnerabilities in the deserialization process if there aren't safeguards in place.

Securing CI/CD pipelines: 6 best practices
Criminals are exploiting vulnerabilities in continuous integration/continuous delivery pipelines to steal sensitive information, mine cryptocurrencies, and deliver malicious code.

15 top open-source intelligence tools
OSINT (open-source intelligence) is the practice of collecting information from published or otherwise publicly available sources. These tools will help you find sensitive public info before bad guys do.

6 most common types of software supply chain attacks explained
Not all software supply chain attacks are the same. Here are the methods attackers currently use to corrupt legitimate software through third parties.

15 open source GitHub projects for security pros
GitHub has a ton of open-source options for security professionals, with new entries every day. Add these tools to your collection and work smarter.