GitHub - modelcontextprotocol/servers: Model Context Protocol Servers
Official integrations are maintained by companies building production ready MCP servers for their platforms. 21st.dev Magic - Create crafted UI components inspired by the best 21st.dev design engineers. 2slides - An MCP server that provides tools to convert content into slides/PPT/presentation or generate slides/PPT/presentation with user intention. ActionKit by Paragon - Connect to 130+ SaaS inte
GitHub - mjl-/mox: modern full-featured open source secure mail server for low-maintenance self-hosted email
Quick and easy to start/maintain mail server, for your own domain(s). SMTP (with extensions) for receiving, submitting and delivering email. IMAP4 (with extensions) for giving email clients access to email. Webmail for reading/sending email from the browser. SPF/DKIM/DMARC for authenticating messages/delivery, also DMARC aggregate reports. Reputation tracking, learning (per user) host-, domain- an
ALPACA Attack
Paper Q&A How to ALPN/SNI Updates! News A big reevaluation of TLS libraries, TLS application servers, and a new internet scan by Jannik Hölling is now available in the Updates section! ALPACA will be presented at Black Hat USA 2021, USENIX Security Symposium 2021, and Real Word Crypto Symposium 2022! Recommended articles: Ars Technica (Dan Goodin), Golem (Hanno Böck; German) Introduction TLS is an
Demystifying Azure OpenAI Networking for Secure Chatbot Deployment
Demystifying Azure OpenAI Networking for Secure Chatbot Deployment Introduction Azure AI Landing Zones provide a solid foundation for deploying advanced AI technologies like OpenAI's GPT-4 models. These environments are designed to support AI enthusiasts, but it's essential to grasp their networking aspects, especially concerning Platform as a Service (PaaS) offerings. In this article, we'll dive
この記事は、 GAOGAO Advent Calendar 2021 ことしもGAOGAOまつりです の 1日目の記事として公開されています。 こんにちは。 GAOGAO にてスタートアップスタジオのエンジニアをしております @mass-min と申します。 GAOGAO では秀吉と呼ばれています。どうぞよろしくお願いいたします。 結論 リバースプロキシ環境の構築は nginx-proxy というとても便利な Docker image によりカンタンに行うことができます。 また Docker 自体の設定をうまく使うことにより、別環境間での API 通信や CORS が絡む AJAX コールなんかも再現できます。圧倒的感謝 🙏 まえがき 例えば、アプリケーション A とアプリケーション B が以下のような設定で動いているとします。 AWS を本番環境で使用している場合、上記のような振り分け
2023年3月29日(現地時間)、米国の複数のセキュリティ企業は、ビジネスコミュニケーションのソフトウエア開発を行う3CXが提供するソフトウエアに不正な挙動が検出されたとして脅威情報を公開しました。その後、3CXも指摘されたソフトウエアにセキュリティ上の問題が含まれていたことを認めパートナーや顧客に対して謝罪しました。ここでは関連する情報をまとめます。 1.何が起きたの? 3CXのVoIPソフトウエア「The 3CX Client」(Windows版、MacOS版)正規版のインストーラーファイルが第三者に改ざんされていたことが判明した。遅くとも2023年3月29日まで改ざんされたインストーラーが配布された状態が継続しており、万一不正なインストーラーによってインストールに成功していた場合、Chromeなどブラウザ上で保管された情報など窃取するマルウエアに感染する恐れがある。 今回の攻撃の影響
Join a VS Code Dev Days event near you to learn about AI-assisted development in VS Code. Update 1.70.1: The update addresses these issues. Update 1.70.2: The update addresses these issues. Update 1.70.3: This update is only available for Windows 7 users and is the last release supporting Windows 7. Downloads: Windows: x64 Arm64 | Mac: Universal Intel silicon | Linux: deb rpm tarball Arm snap Welc
Resecurity | EvilProxy Phishing-as-a-Service with MFA Bypass Emerged in Dark Web
Back EvilProxy Phishing-as-a-Service with MFA Bypass Emerged in Dark Web Cybercrime Intelligence 5 Sep 2022 MFA, Dark Web, Phishing, PhaaS, ATO, BEC, PyPi, supply chain Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate advanced phishing campaigns targeting users worldwide. Resecurity has recently ident
Tech Solvency: The Story So Far: CVE-2021-44228 (Log4Shell log4j vulnerability).
Log4Shell log4j vulnerability (CVE-2021-44228 / CVE-2021-45046) - cheat-sheet reference guide Last updated: $Date: 2022/02/08 23:26:16 $ UTC - best effort, validate all for your environment/model before use, unofficial sources may be wrong by @TychoTithonus (Royce Williams), standing on the shoulders of many giants Send updates or suggestions (please include category / context / public (or support
GitHub - 9001/copyparty: Portable file server with accelerated resumable uploads, dedup, WebDAV, SFTP, FTP, TFTP, zeroconf, media indexer, thumbnails++ all in one file
turn almost any device into a file server with resumable uploads/downloads using any web browser server only needs Python (2 or 3), all dependencies optional 🔌 protocols: http(s) // webdav // sftp // ftp(s) // tftp // smb/cifs 📱 android app // iPhone shortcuts 👉 Get started! or visit the read-only demo server 👀 running on a nuc in my basement 📷 screenshots: browser // upload // unpost // thum
wp-k8s: WordPress on privately hosted Kubernetes cluster (Raspberry Pi 4 + Synology) - FoolControl: Phear the penguin
wp-k8s: WordPress on privately hosted Kubernetes cluster (Raspberry Pi 4 + Synology) Adnan Hodzic November 12, 2021 Blog post you’re reading right now is privately hosted on Raspberry PI 4 Kubernetes cluster with its data coming from NFS share and MariaDB on a Synology NAS. Purpose of this post is to serve as an ultimate guide on how to build a (prod ready) RPI k8s cluster and deploy WordPress CMS
No trial. No credit card required. Just your GitHub account. Today we announce the release of YARP 1.0, which can be downloaded from NuGet. YARP (Yet Another Reverse Proxy) is a highly customizable reverse proxy built using .NET. The biggest differentiator between YARP and other reverse proxies is how it is built and packaged – YARP is supplied as a library and samples showing how to create a prox
Linux Passkeys Update
With the announcements from big companies at World Password Day about passkeys, I thought I should share what I've been working on for passkey support on Linux. I've been putting off writing this down because I've been busy with other things, but perhaps if I write things out, other people will have a clearer idea of the work to do and can help where I can't right now. This will be less polished t
Guidance for investigating attacks using CVE-2023-23397 | Microsoft Security Blog
February 15, 2024 update – On January 20, 2024, the US government conducted a disruption operation against infrastructure used by a threat actor we track as Forest Blizzard (STRONTIUM), a Russian state-sponsored threat actor, as detailed here: https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian December 4, 2023 update – Microsoft has ide
YARP Documentation
YARP documentation has been moved to https://learn.microsoft.com/search/?terms=YARP%20Getting%20Started&category=Documentation.
GitHub - taishi-i/awesome-ChatGPT-repositories: A curated list of resources dedicated to open source GitHub repositories related to ChatGPT and OpenAI API
awesome-chatgpt-api - Curated list of apps and tools that not only use the new ChatGPT API, but also allow users to configure their own API keys, enabling free and on-demand usage of their own quota. awesome-chatgpt-prompts - This repo includes ChatGPT prompt curation to use ChatGPT better. awesome-chatgpt - Curated list of awesome tools, demos, docs for ChatGPT and GPT-3 awesome-totally-open-chat
GitHub - A-poc/RedTeam-Tools: Tools and Techniques for Red Team / Penetration Testing
Red Team Tips 19 tips Improved HTML smuggling with mouse move eventlistener @pr0xylife Google translate for phishing @malmoeb Hiding the local admin account @Alh4zr3d Cripple windows defender by deleting signatures @Alh4zr3d Enable multiple RDP sessions per user @Alh4zr3d Sysinternals PsExec.exe local alternative @GuhnooPlusLinux Live off the land port scanner @Alh4zr3d Proxy aware PowerShell Down
Cisco Talos discovered malicious activities conducted by an unknown attacker since as early as January 2025, predominantly targeting organizations in Japan. The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines. The attacker utilizes plugins of the publicly availabl
Why I'm leaving GitHub for Forgejo I moved my code from GitHub to a self-hosted Forgejo. Not because of the outages, but because of who owns what runs on top of them. The Dutch government just made the same call. On April 27, 2026 the Dutch Ministry of the Interior soft-launched code.overheid.nl, a self-hosted Forgejo instance for Dutch government source code. Project manager Boris Van Hoytema sai
Create an Azure OpenAI, LangChain, ChromaDB, and Chainlit chat app in AKS using Terraform | Microsoft Community Hub
Create an Azure OpenAI, LangChain, ChromaDB, and Chainlit chat app in AKS using Terraform In this sample, I demonstrate how to quickly build chat applications using Python and leveraging powerful technologies such as OpenAI ChatGPT models, Embedding models, LangChain framework, ChromaDB vector database, and Chainlit, an open-source Python package that is specifically designed to create user interf
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
リバースプロキシをDocker Compose環境で実現する
3CXのソフトウエア改ざんによるサプライチェーン攻撃についてまとめてみた - piyolog
July 2022 (version 1.70)
Announcing YARP 1.0 Release - .NET Blog
Unmasking the new persistent attacks on Japan
Why I'm leaving GitHub for Forgejo | Jorijn Schrijvershof