This tool generates Windows PE executables that trigger YARA rule matches, helping users validate their malware detection signatures. It automates the creation of test files based on specific patterns, ensuring effective scanning and rule accuracy. Safe to use, the executables exit immediately without executing harmful code.

Augustus is a new security testing tool designed to identify vulnerabilities in large language models (LLMs), focusing on prompt injection and other attack vectors. Built in Go, it offers faster execution and lower memory usage compared to its Python-based predecessors. With over 210 vulnerability probes, it helps operators assess the security of various LLM providers efficiently.

This article outlines how to effectively test Network Detection and Response (NDR) solutions through realistic simulations. It emphasizes using relevant metrics for evaluation and offers practical advice to avoid common testing mistakes.

Aura Inspector is a tool for testing Salesforce Experience Cloud applications. It helps identify misconfigurations, automate testing, and discover accessible records in both guest and authenticated contexts. You can run it in various modes, including unauthenticated and authenticated scenarios.

NEBULA is a PowerShell tool designed for testing Windows execution and persistence methods, including LOLBAS techniques. It provides a menu-driven interface for security researchers and teams to execute tests and log results. Example payloads sourced from Atomic Red Team are included for safe experimentation.

This article explains how AI is changing the code review process, emphasizing the need for evidence of code functionality rather than just relying on AI-generated outputs. It contrasts solo developers’ fast-paced workflows with team dynamics, where human judgment remains essential for quality and security. The piece outlines best practices for integrating AI into development and review processes.

This article discusses how AI is changing the code review process for both solo developers and teams. It emphasizes the need for evidence of working code, highlights the risks of relying too heavily on AI, and outlines best practices for integrating AI into code reviews while maintaining human oversight.

Codacy introduces a hybrid code review engine that enhances Pull Request feedback by identifying logic gaps, security issues, and code complexity. It automates the review process, letting developers ship code faster and with more confidence.

Claude is being tested as a Chrome extension to enhance browser-based AI capabilities while addressing security risks like prompt injection. The pilot aims to gather feedback on safety and usability before a broader release, with participants having control over what Claude can do and access.

Vijil provides a framework for building reliable, secure, and compliant AI agents. It addresses enterprise concerns about trust through hardened models, continuous testing, and adaptive defenses, helping organizations deploy AI solutions faster and with greater confidence.

The WAF Detector is an advanced tool designed for detecting and testing the effectiveness of Web Application Firewalls (WAFs) and Content Delivery Networks (CDNs). It offers features like single and batch URL detection, live payload testing, and comprehensive security validation using various attack patterns and evasion techniques. Users must ensure they have explicit authorization before testing any web services.

The article highlights 10 lesser-known Burp extensions that provide valuable features for security testing, despite not being among the most popular in the BApp Store. Each extension offers unique functionalities, such as session token management, SAML message manipulation, and vulnerability detection, aimed at enhancing the user's testing capabilities. Readers are encouraged to share their own favorite Burp extensions in the comments.

An AI-powered tool, sqlmap-ai, enhances SQL injection testing by automating processes such as result analysis and providing step-by-step suggestions tailored to specific database management systems. It supports various AI providers and features adaptive testing, making it user-friendly for both experts and newcomers in cybersecurity.

FrogPost is a Chrome extension designed for security testing of postMessage communications within iframes, utilizing static analysis, dynamic testing, and optional AI assistance to uncover vulnerabilities. It offers features such as live monitoring, automated scanning, and bulk endpoint testing, ensuring ethical use on applications that users own or have permission to assess. The extension supports various AI models for deeper analysis and provides detailed vulnerability insights and risk recommendations.

BamboozlEDR is an Event Tracing for Windows (ETW) tool designed for generating realistic security events to test EDR detection capabilities and security monitoring solutions. It features a TUI interface, supports multiple Windows ETW providers, and includes advanced features such as event obfuscation to protect against static analysis. The tool is intended for research and testing purposes and requires user interaction to minimize misuse.