Absolutely! Another reason why it's recommended to use frameworks over rolling out custom code. Of course users can still make mistakes when implementing, and/or frameworks can still have vulnerabilities, but it helps a lot!

@@Cybrcom yeah but everyone in 2024 uses a frameworks... i personally use Laravel <3

What? Some scans are read only, others can perform write operations. That’s fairly common with automated tooling. Why is that stupid

What did it not include that you would have like to see?

@@Cybrcom If it is full tutorial. I want to see you go to detail on each part of the process. and example on those. Not just mention. What you used are just using prebuilt or existing rule. you didn't go through the custom rule. you haven't show the CLI version of this service. So in my oppinion, it not worth to be called "Full Tutorial"

Thanks for your feedback

Are you encountering issues? It should work the same, just using Azure credentials instead of AWS. More details here: docs.prowler.com/projects/prowler-open-source/en/latest/#azure

@@Cybrcom I keep trying to apply the service principal instructions and there's nothing that tells me how to enter it in it keeps giving me an error

Glad you liked it! We just released a free cheat sheet you can download here: cybr.com/terraform-cheat-sheet And we released a Terraform course last week: cybr.com/courses/terraform-on-aws-from-zero-to-cloud-infrastructure/

Interesting to see what it does

Are you running on Apple silicon? If so, this is a known issue. VirtualBox and Apple silicon don’t mix well together

That’s awesome! Glad the video helped. Please let us know how your exam goes 😁

Sorry not sure what you are referring to :)

💀💀

@@Cybrcom help me kali is not working

Yes and no. What you've described is basically a form of Self-XSS. Some apps may only be vulnerable to that degree and nothing more, in which case the impact is minimal (but not non-existent -- look up Self-XSS examples), but a lot of times it's just the starting point. If an attacker finds a vulnerability like that, they will have to take extra steps (sometimes many extra steps) to find a way to exploit it at a larger/more impactful scale. But, some XSS can be submitted via URLs (think phishing), while other XSS (like stored XSS) would be permanently added to a web page (think comments like this one or other permanent user-submitted inputs) where my XSS gets loaded for every user viewing this comment, as an example.

See you there!

Appreciate it!

🤔

👍

Thanks for the comment! I’m glad it’s helpful and we’ll keep putting out!

I would try restarted the VM/computer. Seems like something in apt is locking up for some reason

You don't need to re-download the docker images, you can just re-launch a new container with the same image(s). But if you take actions in the container, those actions will get wiped every time you shut down the system or destroy the container. You can get around this if you need to by setting up persistent storage though: docs.docker.com/guides/docker-concepts/running-containers/persisting-container-data/

Awesome! Glad it helped

Some parts of Security Hub rely on AWS Config to be enabled and running with resource recording to work, which is why you're getting that error

@@Cybrcom thank you

Not created yet :) It has been getting more and more requested recently though so I might bump it up in priority!

Thanks for the feedback. At what point did you get lost?

I will review the video over and over to catch up. Thank You

Sounds good, let me know if I can help clear something up

??

i see

What do you mean by full time access? If you purchase a membership, you’ll have access to all of our training materials. If you purchase single courses, you’ll only have access to that course’s materials but access will never expire

I’m glad the video helped!!