Seclog - #101

“Most APTs are not very advanced” - Sun Tzu, The Art of Cyber War

📚 SecMisc

  • Paged Out! - A free magazine about programming, especially programming tricks. Read More
  • Pots and Pans, AKA an SSLVPN - Analysis of Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474 vulnerabilities. Read More

  • Android and Google Pixel Vulnerabilities - Disclosure of 7 critical security flaws in Android and Pixel devices. Read More

  • Prompt Injection to Shell - Investigation of OpenAI's containerized ChatGPT environment vulnerabilities. Read More

  • iOS 18 Inactivity Reboot Analysis - Deep dive into reverse engineering iOS 18's inactivity reboot mechanism. Read More

  • Okta Verify Bypass - Technical analysis of Okta verification bypass vulnerability. Read More

  • V8 Sandbox Bypass - Analysis of stack corruption due to parameter count mismatch. Read More

  • Palo Alto Global Protect Credentials - Method for extracting plaintext credentials from Palo Alto Global Protect. Read More

  • AI in Security - Comprehensive guide on implementing AI in security practices. Read More

  • Security and People - Analysis of securing people where they are. Read More

  • Predictable IDs & PII Leakages - Using AI to mass leak data in bug bounty hunting. Read More

  • Javascript Events & WAF Bypass - Exploring WAF bypasses via character normalization. Read More

  • Privacy-Focused Network Analysis - Investigation into privacy-focused cellular networks. Read More

  • Sitecore RCE Vulnerability - Analysis of achieving RCE in Sitecore 8.x - 10.x. Read More

🐦 SecX

  • Burp Suite Pro Tip - Feature highlight on hiding uninteresting headers in Burp Suite Pro. Read More

  • OpenAI Security Warning - Cautionary tale about potential scams in ChatGPT API recommendations. Read More

🎥 SecVideo

  • DEF CON 32 - Splitting the Email Atom - Exploration of email parser exploitation to bypass access controls by Gareth Heyes. Watch Here

💻 SecGit

  • IVRE Network Recon Framework - Self-hosted alternative to Shodan/ZoomEye/Censys with extensive network intelligence capabilities. Explore on GitHub

For suggestions and any feedback, please contact: securify@rosecurify.com