Seclog - 2

seclog's spotlight: Client-side prototype pollution, Manual SQL injection discovery tips, I Shared My Phone Number, Hack The WP and katana released!

Seclog - 2

Exploiting Bitdefender Antivirus: RCE from any website | Almost Secure

One thing shouldn’t go unmentioned: security-wise Bitdefender Antivirus is one of the best antivirus products I’ve seen so far, at least in the areas that I looked at.

Cyber-Bookmarks | A list of bookmarks I have used since I started my journey in cyber security

A list of bookmarks

Client-side prototype pollution | Web Security Academy

Prototype pollution is a JavaScript vulnerability that enables an attacker to add arbitrary properties to global prototypes, which may then be inherited by user-defined objects.

AutoRegex: Convert from English to RegEx with Natural Language Processing

Regex is difficult to write and comprehend to the average human

Radare2 Cloud

with Radare2 play!

An Intro To DevSecOps

An introduction to DevSecOps from a fallen comrade who wishes to remain anonymous.

A dive into Iranian Hacking Groups - Cyberwarzone

The Iranian Ajax Security Team, performed cyberattacks to identify Iranian users which were using anti-censorship technology.

Manual SQL injection discovery tips

According to's AMA format one of the most popular questions is How do you test for Server Side vulnerabilities such as SQLi?.

Google Online Security Blog: Our Principles for IoT Security Labeling

IoT product labeling - the definition of labeling, what labeling needs to convey in terms of security and privacy, where the label should reside, and how to achieve consumer acceptance, are still open for debate.

Tell HN: A hacker's life is in danger, your awareness may be life saving

In Iran, he is one of the most famous people active in the field of programming and computer education.

#1245165 CSS Injection via Client Side Path Traversal + Open Redirect leads to personal data exfiltration on Acronis Cloud

Data exfiltration via CSS properties as background-image its possible as you can see in the following link

I Shared My Phone Number. I Learned I Shouldn’t Have. - The New York Times

Our personal tech columnist asked security researchers what they could find out about him from just his cellphone number.

Azure Active Directory – Security Overview | Marius Sandbu

After working with Azure AD for a looong time I always forget how complex it has gotten over the years, with all the new features and capabilities that have been introduced.

First impressions of Bluesky's AT Protocol

A few years ago Twitter's Jack Dorsey announced a project called Bluesky, which was intended to design and build such a system.

Lessons Learned from Cloning Windows Binaries and Code Signing Implants - Hack.Learn.Share

All the lessons I’m sharing here are based on what I learned/observed during my experiment.

A Cypherpunk's Manifesto

Kestrel File Encryption

service file encyrpt

Hack The WP – all-in-one security extension for wp-cli

Single-command WordPress security!

The Importance of DevSecOps in Blockchain, Decentralized Protocols, and Applications | F5 Blog

Security has always been one of the most important aspects of information technology, and today many organizations and their developers adopt a security-first mindset when building applications.

WTFPL – Do What the Fuck You Want to Public License

The WTFPL is a very permissive license for software and other scientific or artistic works that offers a great degree of freedom. In fact, it is probably the best license out there.

KICS - Keeping Infrastructure as Code Secure

keeping infrastructure as code secure is an open source solution for static code analysis of Infrastructure as Code.

2022 Conference Roundup - Google Next, Microsoft Ignite and Oracle Cloud World - Chris Farris

2022 Conference Roundup

4 books every cybersecurity startup founder needs to read (and 15 more that can be helpful)

I believe there are only a few books that everyone starting a cybersecurity startup should read; the rest will depend on their unique areas of focus and areas of weaknesses, and the company they are building.

Accidental $70k Google Pixel Lock Screen Bypass -

The issue allowed an attacker with physical access to bypass the lock screen protections (fingerprint, PIN, etc.) and gain complete access to the user’s device.