<h3 id="heading-seclinks">seclinks</h3>
<ul>
<li><p><a target="_blank" href="https://salt.security/blog/traveling-with-oauth-account-takeover-on-booking-com">Salt Labs | Traveling with OAuth - Account Takeover on</a> <a target="_blank" href="http://Booking.com">Booking.com</a></p>
</li>
<li><p><a target="_blank" href="https://www.vicarius.io/vsociety/blog/unauthenticated-rce-in-goanywhere">Unauthenticated RCE in Goanywhere - vsociety</a></p>
</li>
<li><p><a target="_blank" href="https://skylightcyber.com/2023/02/09/a-salt-attacking-saltstack/">Skylight Cyber | A-Salt: attacking SaltStack</a></p>
</li>
<li><p><a target="_blank" href="https://blog.cloudflare.com/introducing-oxy/">Oxy is Cloudflare's Rust-based next generation proxy framework</a></p>
</li>
<li><p><a target="_blank" href="https://security.humanativaspa.it/abusing-mavens-pom-xml/">Abusing Maven's pom.xml - hn security</a></p>
</li>
<li><p><a target="_blank" href="https://officercia.mirror.xyz/SLIMhuDjYABHosch-3PWZ3t3ffigCdV4Ky__wyxiu3w">DNS Hijacking: In-Depth — Officer's Blog</a></p>
<ul>
<li>Also : <a target="_blank" href="https://www.first.org/blog/20230228-DNS_Abuse_Techniques_Matrix">DNS Abuse Techniques Matrix</a></li>
</ul>
</li>
<li><p><a target="_blank" href="https://www.trickster.dev/post/dont-jsfuck-with-me-part-1/">Don't JSFuck with me: Part 1 – Trickster Dev</a></p>
</li>
<li><p><a target="_blank" href="https://www.form3.tech/engineering/content/exploiting-distroless-images">Exploiting Distroless Images</a></p>
</li>
<li><p><a target="_blank" href="https://hackerone.com/reports/1700734">#1700734 Shop App - Attacker is able to intercept authorization code during authentication (OAuth) and is able to get access to Microsoft Outlook email account</a></p>
</li>
</ul>
<h3 id="heading-secvideo">secvideo</h3>
<ul>
<li><p><a target="_blank" href="https://www.youtube.com/watch?v=fwJga_Swk1o">Bug Patterns in Solidity and Smart Contract Auditing</a></p>
</li>
<li><p><a target="_blank" href="https://www.youtube.com/watch?v=TuiDJ5Ii6MU">#NahamCon2022EU: Hunting for Amazon Cognito Security Misconfigurations</a></p>
</li>
</ul>
<h3 id="heading-secgit">secgit</h3>
<ul>
<li><p><a target="_blank" href="https://github.com/rizemon/exploit-writing-for-oswe">rizemon/exploit-writing-for-oswe</a></p>
</li>
<li><p>[ossu/computer-science)</p>
</li>
<li><p><a target="_blank" href="https://github.com/greshake/llm-security">greshake/llm-security: New ways of breaking app-integrated LLMs</a></p>
</li>
<li><p><a target="_blank" href="https://github.com/greshake/llm-security">New ways of breaking app-integrated LLMs</a></p>
</li>
<li><p><a target="_blank" href="https://github.com/authomize/okta_scim_attack_tool">authomize/okta_scim_attack_tool</a></p>
</li>
<li><p><a target="_blank" href="https://github.com/fbkcs/ThunderDNS">fbkcs/ThunderDNS</a></p>
</li>
<li><p><a target="_blank" href="https://github.com/gojue/ecapture">gojue/ecapture</a></p>
</li>
<li><p><a target="_blank" href="https://github.com/Limmen/awesome-rl-for-cybersecurity">Limmen/awesome-rl-for-cybersecurity</a></p>
</li>
</ul>
<h3 id="heading-secservice">secservice</h3>
<ul>
<li><a target="_blank" href="https://rosenpass.eu/#start">Rosenpass</a></li>
</ul>


### seclinks

* [Salt Labs | Traveling with OAuth - Account Takeover on](https://salt.security/blog/traveling-with-oauth-account-takeover-on-booking-com) [Booking.com](http://Booking.com)
    
* [Unauthenticated RCE in Goanywhere - vsociety](https://www.vicarius.io/vsociety/blog/unauthenticated-rce-in-goanywhere)
    
* [Skylight Cyber | A-Salt: attacking SaltStack](https://skylightcyber.com/2023/02/09/a-salt-attacking-saltstack/)
    
* [Oxy is Cloudflare's Rust-based next generation proxy framework](https://blog.cloudflare.com/introducing-oxy/)
    
* [Abusing Maven's pom.xml - hn security](https://security.humanativaspa.it/abusing-mavens-pom-xml/)
    
* [DNS Hijacking: In-Depth — Officer's Blog](https://officercia.mirror.xyz/SLIMhuDjYABHosch-3PWZ3t3ffigCdV4Ky__wyxiu3w)
    
    * Also : [DNS Abuse Techniques Matrix](https://www.first.org/blog/20230228-DNS_Abuse_Techniques_Matrix)
        
* [Don't JSFuck with me: Part 1 – Trickster Dev](https://www.trickster.dev/post/dont-jsfuck-with-me-part-1/)
    
* [Exploiting Distroless Images](https://www.form3.tech/engineering/content/exploiting-distroless-images)
    
* [#1700734 Shop App - Attacker is able to intercept authorization code during authentication (OAuth) and is able to get access to Microsoft Outlook email account](https://hackerone.com/reports/1700734)
    

### secvideo

* [Bug Patterns in Solidity and Smart Contract Auditing](https://www.youtube.com/watch?v=fwJga_Swk1o)
    
* [#NahamCon2022EU: Hunting for Amazon Cognito Security Misconfigurations](https://www.youtube.com/watch?v=TuiDJ5Ii6MU)
    

### secgit

* [rizemon/exploit-writing-for-oswe](https://github.com/rizemon/exploit-writing-for-oswe)
    
* \[ossu/computer-science)
    
* [greshake/llm-security: New ways of breaking app-integrated LLMs](https://github.com/greshake/llm-security)
    
* [New ways of breaking app-integrated LLMs](https://github.com/greshake/llm-security)
    
* [authomize/okta\_scim\_attack\_tool](https://github.com/authomize/okta_scim_attack_tool)
    
* [fbkcs/ThunderDNS](https://github.com/fbkcs/ThunderDNS)
    
* [gojue/ecapture](https://github.com/gojue/ecapture)
    
* [Limmen/awesome-rl-for-cybersecurity](https://github.com/Limmen/awesome-rl-for-cybersecurity)
    

### secservice

* [Rosenpass](https://rosenpass.eu/#start)

Rosecurify

Rosecurify

Seclog - #16

Spotlight: Abusing Maven, DNS Hijacking, OAuth vuln in Booking.com, CF's Oxy Proxy etc.

seclinks

secvideo

secgit

secservice