Seclog - 1
Spotlight : The OpenSSL punycode vulnerability (CVE-2022-3602), GitHub at Black Hat Europe, WordPress Vulnerabilities & Patch etc.
seclinks
CSP-bypass XSS in project settings page (#364164)
XSS with CSP bypass allows attacks to perform arbitrary malicious requests on behalf of victims on HTTP client side, such as, do an API request to access to private resources, etc.
What I learnt from reading 217* Subdomain Takeover bug reports.
A comprehensive analysis of Subdomain Takeovers (SDTO), DNS Hijacking, Dangling DNS, CNAME misconfigurations…
GitHub at Black Hat Europe - GitHub Resources
The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation
Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion – Krebs on Security
A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon, a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims.
Vulnerable Client-Server Application (VuCSA)
Vulnerable client‑server application (VuCSA) is made for learning/presenting how to perform penetration tests of non‑http thick clients. It is written in Java (with JavaFX graphical user interface).
AWS Organizations Defaults - Hacking The Cloud
To help organize and manage those accounts, AWS offers a service called AWS Organizations.
Project Zero: Gregor Samsa: Exploiting Java's XML Signature Verification
This post discusses CVE-2022-34169, an integer truncation bug in this JIT compiler resulting in arbitrary code execution in many Java-based web applications and identity providers that support the SAML single-sign-on standard.
Security Releases: Ember 4.8.1, 4.4.4, 3.28.10, 3.24.7
Ember.js 3.24.7, 3.28.10, 4.4.4, 4.8.1, and 4.9.0-beta.3 to patch a security vulnerability.
Top 5 Amazon S3 Bucket Misconfigurations and How to Monitor Them
Amazon S3 bucket misconfigurations
A tale of a simple Apple kernel bug :: pwning.systems
I discovered a flaw in XNU, which is the kernel that Apple uses on both macOS and iOS.
#1685822 RepositoryPipeline allows importing of local git repos
Allows an attacked to clone any repo on gitlab with just the project id
Hanko – Open source authentication beyond passwords
Hanko provides a beautiful login that meets your users where they are, and carefully guides them into a world beyond passwords.
Open Source Authentication and Authorization
About of Authentication and Authorization
WordPress Vulnerabilities & Patch
for wordpress, a good lists.
British govt is scanning all Internet devices hosted in UK
The United Kingdom's National Cyber Security Centre (NCSC), the government agency that leads the country's cyber security mission, is now scanning all Internet-exposed devices hosted in the UK for vulnerabilities.
Microsoft's Digital Defense Report 2022
During the past year, cyberattacks targeting critical infrastructure jumped from comprising 20% of all nation-state attacks Microsoft detected to 40%.
Hacking The Cloud - Hacking The Cloud
Hacking the cloud is an encyclopedia of the attacks/tactics/techniques that offensive security professionals can use on their next cloud exploitation adventure.
Tactical Lock Picking 101 | Uncensored Tactical
Lock picking and bypasses to get you into locked areas and out of locked restraints during emergencies.
Zero trust Kubernetes with zero friction
sectweet