“Most APTs are not very advanced” - Sun Tzu, The Art of Cyber War
📚 SecMisc
- Paged Out! - A free magazine about programming, especially programming tricks. Read More
📰 SecLinks
Pots and Pans, AKA an SSLVPN - Analysis of Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 vulnerabilities. Read More
Android and Google Pixel Vulnerabilities - Disclosure of 7 critical security flaws in Android and Pixel devices. Read More
Prompt Injection to Shell - Investigation of OpenAI's containerized ChatGPT environment vulnerabilities. Read More
iOS 18 Inactivity Reboot Analysis - Deep dive into reverse engineering iOS 18's inactivity reboot mechanism. Read More
Okta Verify Bypass - Technical analysis of Okta verification bypass vulnerability. Read More
V8 Sandbox Bypass - Analysis of stack corruption due to parameter count mismatch. Read More
Palo Alto Global Protect Credentials - Method for extracting plaintext credentials from Palo Alto Global Protect. Read More
AI in Security - Comprehensive guide on implementing AI in security practices. Read More
Security and People - Analysis of securing people where they are. Read More
Predictable IDs & PII Leakages - Using AI to mass leak data in bug bounty hunting. Read More
Javascript Events & WAF Bypass - Exploring WAF bypasses via character normalization. Read More
Privacy-Focused Network Analysis - Investigation into privacy-focused cellular networks. Read More
Sitecore RCE Vulnerability - Analysis of achieving RCE in Sitecore 8.x - 10.x. Read More
🐦 SecX
Burp Suite Pro Tip - Feature highlight on hiding uninteresting headers in Burp Suite Pro. Read More
OpenAI Security Warning - Cautionary tale about potential scams in ChatGPT API recommendations. Read More
🎥 SecVideo
- DEF CON 32 - Splitting the Email Atom - Exploration of email parser exploitation to bypass access controls by Gareth Heyes. Watch Here
💻 SecGit
- IVRE Network Recon Framework - Self-hosted alternative to Shodan/ZoomEye/Censys with extensive network intelligence capabilities. Explore on GitHub
For suggestions and any feedback, please contact: securify@rosecurify.com