Seclog - #100

ยท

3 min read

Seclog - #100

Photo by Luis Morera on Unsplash

"The enemy does not check your risk register prior to attacking." - Sun Tzu, The Art of Cyber War

๐Ÿ“š SecMisc

  • PoisonTap - Exploiting locked computers through USB peripherals, demonstrating techniques to bypass security measures on locked machines. Read More

  • Securing 4 C's of a Software Product - Comprehensive guide focusing on implementing AWS security measures across different product components. Read More

  • GitHub Enterprise SAML Bypass - Analysis of critical authentication bypass vulnerabilities affecting GitHub Enterprise Server. Read More

  • Sharing Secrets - Comprehensive guide exploring various methodologies and best practices for secure secret sharing in organizations. Read More

  • IBM Security Verify Access - Detailed analysis of 32 security vulnerabilities discovered in IBM's security platform. Read More

  • Fortune 500 Supply Chain - Investigation into hidden supply chain vulnerabilities affecting Fortune 500 companies. Read More

  • Ubuntu Privilege Escalation - Technical analysis of root privilege escalation techniques in Ubuntu 24.04. Read More

  • Application Security Assessment - Methodological approach to effectively evaluate application security posture. Read More

  • Citrix Remote Access - Research on critical vulnerabilities in Citrix Virtual Apps and Desktops. Read More

  • Arc Browser Security - Discovery of UXSS, local file read, and RCE vulnerabilities in Arc Browser. Read More

  • Firefox Animation Bug - Technical analysis of CVE-2024-9680 affecting Firefox's animation system. Read More

  • SoftBank Mesh Analysis - In-depth vulnerability research on SoftBank Mesh RP562B devices. Read More

  • CVE-2024-47575 - Detailed analysis and impact assessment of critical vulnerability. Read More

  • Incident Response Evolution - Case study on the development of incident response processes at Podia. Read More

  • VPN Trust Analysis - Critical examination of trust issues in modern VPN services. Read More

  • GuardDuty Bypass - Techniques for bypassing AWS GuardDuty pentest detection mechanisms. Read More

  • AI Red Team Services - Introduction to CrowdStrike's new AI security testing capabilities. Read More

  • AWS Ransomware - Comprehensive guide on effective AWS ransomware techniques and prevention. Read More

  • Technical Team Leadership - Insights into effectively leading technical security teams. Read More

  • JWT Attack Methods - Analysis of attack vectors using self-signed JWT claims. Read More

๐Ÿฆ SecX

  • Apple Security Feature - Discussion on newly implemented security features in Apple systems. Watch Here

  • Ethernet History - Historical perspective on the creation and implementation of Ethernet. Watch Here

  • Malware Museum - Announcement of the upcoming Museum of Malware Art in Helsinki. Watch Here

  • Password Comic - Historical Foxtrot comic highlighting password management challenges. Watch Here

  • Gnark Vulnerability - Technical thread on memory vulnerability discovery in Gnark. Watch Here

๐ŸŽฅ SecVideo

  • BlueHat 2024 - Complete collection of presentations from BlueHat 2024 security conference. Watch Here

  • CURL Analysis - Deep dive into CURL HTTPS verbose output analysis. Watch Here

  • Cities Skylines Malware - Comprehensive reverse engineering analysis of Cities Skylines II malware. Watch Here

๐Ÿ’ป SecGit

  • CVE-2024-50340-eos-exploit - Exploit implementation for Symfony vulnerability. Explore on GitHub

  • C2TeamServer - Framework for Command and Control server implementation. Explore on GitHub

  • web-chains - Java payload generation and exploitation toolkit. Explore on GitHub

For suggestions and any feedback, please contact: securify@rosecurify.com

ย