Seclog - #14
Spotlight: Hacking airline, Phishing w/ Github, Jira, VMware , RCE in {binwalk,vBulletin,Aspera Faspex,Yellowfin}, SSO : XSS to ATO etc.
Photo by Juliet Furst on Unsplash
seclinks
DOM-XSS in Instant Games due to improper verification of supplied URLs – Youssef Sammouda
How I Hacked my Car Part 3: Making Software :: Programming With Style
Security Advisory: Remote Command Execution in binwalk - ONEKEY
Unserializable, but unreachable: Remote code execution on vBulletin
Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI – Assetnote
Google Online Security Blog: Taking the next step: OSS-Fuzz in 2023
What happened to CVE-2022-23529? And what can we learn from it?
Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails – Assetnote
The Good, Bad and Compromisable Aspects of Linux eBPF - Pentera
(Web-)Insecurity Blog | SSO Gadgets: Escalate (Self-)XSS to ATO
secvuln
VMware Workstation update addresses an arbitrary file deletion vulnerability (CVE-2023-20854)
Jira Service Management Server and Data Center Advisory (CVE-2023-22501)
sectool
secvideo
- DEF CON 29 - Guillaume Fournier, Sylvain Afchain, Sylvain Baubeau - eBPF, I thought we were friends!
secgit
A-poc/RedTeam-Tools: Tools and Techniques for Red Team / Penetration Testing
GhostManager/Ghostwriter: The SpecterOps project management and reporting engine
ThePorgs/Exegol: Fully featured and community-driven hacking environment
adityatelange/bhhb: Tool to view HTTP history exported from Burp Suite Community Edition
Esonhugh/sshd_backdoor: /root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook.