!Latest: Qubes OS
BashBreach is a personal blog and resource center focused on cybersecurity. It features written entries on various cybersecurity topics and trends, with detailed explanations and regular updates. Created by a cybersecurity student, BashBreach serves as both a learning tool and a reference for others interested in the field.
Daily Note: This website is featured in shellsharks.com's "Discovered IndieSec Blogs"
Blog Entries
04/01/2025 Qubes OS
03/19/2025 WEBSITE UPDATE
03/19/2025 ARCHITECTURE.md
03/18/2025 CompTIA Security+ Exam Practice Questions
03/14/2025 Code Obfuscation
03/05/2025 Some More GitHub Security Repos
02/27/2025 Some GitHub Security Repos
02/24/2025 WEBSITE UPDATE
02/19/2025 The CIA Triad
02/14/2025 Exploring Network Ports
02/04/2025 Know Your OSI Model
02/01/2025 Security Mechanisms: Firewalls, IDS, and IPS
01/30/2025 Understanding Network Sandboxes
01/28/2025 ABOUT THIS WEBSITE
For over 20 years, websites could exploit the “:visited” CSS selector (purple links) to check which
links a user had clicked—essentially leaking parts of your browsing history.
Chrome 136 (currently in beta) fixes this privacy flaw by partitioning visited
link data by site and frame origin. Now, only the website where you clicked a link
will know it was visited. So, if you clicked a link on Website A, it turns purple only
on Website A—not on shady or unrelated sites trying to track you. This eliminates a
longstanding privacy issue used by attackers to spy on your history.
Chrome is the first browser to roll out this protection, and others are expected to follow.
If you want the fix now, enable the flag:
chrome://flags/#partition-visited-link-database-with-self-links
Today's Frequently Asked Question...
A cold boot attack exploits the residual data left in RAM (volatile memory) after a system is shut down or rebooted. Attackers with physical access can quickly reboot a device and use special tools to extract encryption keys or other sensitive data from RAM.
full list of frequently asked questionsBrain Teaser
While not a tool itself, this GitHub repository contains a thoroughly curated collection of 150+ red team tools and resources. The collection contains dedicated and general security tools that can be used for red teaming. It contains recon software like Shodan and gobuster, execution tools like Mimikatz and PowerSploit, defense evasion methods like Invoke-Obfuscation, command and control (C2) tools like Metasploit and Covenant, and data exfiltration methods through DNS tunneling and Google Drive exploits. It also provides 17 red team tips on how to evade security controls, avoid detection, and improve operational security. This repository is a one-stop-shop for security professionals conducting offensive security audits and penetration testing. This collection of security and red team tools are heavily encouraged not to be used maliciously, but purely for educational purposes.
The materials in this repository are for informational and educational purposes only. They are not intended for use in any illegal activities.
Active users this past month were from...
April 2025
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
License & Disclaimer
bash-breach
