APT install kali linux repos in Ubuntu 22.04

If you recently tried adding a new linux source repository in Ubuntu 22.04, then you might have seen this warning mesage:

Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).

Apt-key is a sub-command of apt used to manage asymmetric encryption keys in order to authenticate packages. It was found some time ago to be vulnerable to man-in-the-middle attacks (see CVE-2011-3374). Now it has finally been deprecated and will be deleted at some point in the future.

Read more →

Bug Bounty 101 (a triager’s perspective)

Bug bounties (BB) are rapidly becoming an essential part of the modern security toolkit for most companies. And for good reason, they provide a cost effective way of exposing your application to a potentially vast range of experts and catch security holes that would otherwise take time and effort to find.

From experience unless you have a dedicated team working full time on security, most bugs uncovered by internal teams are done so in a serendipitous way. Regular pentests are useful for improving security controls and provide that extra compliance check but I find that results are often limited especially when it comes to application security and business logic bugs.

Read more →