<h3 id="heading-seclinks">seclinks</h3>
<ul>
<li><p><a target="_blank" href="https://web-in-security.blogspot.com/2021/01/insecure-features-in-pdfs.html">Insecure Features in PDFs</a></p>
</li>
<li><p><a target="_blank" href="https://blog.cm2.pw/articles/on-site-request-forgery/">On-site Request Forgery</a></p>
</li>
<li><p><a target="_blank" href="https://kuenzi.dev/toothbrush/">Hacking my “smart” toothbrush</a></p>
</li>
<li><p><a target="_blank" href="https://www.synopsys.com/blogs/software-security/a-deep-dive-on-pluck-cms-vulnerability-cve-2023-25828/">A deep-dive on Pluck CMS vulnerability CVE-2023-25828</a></p>
</li>
<li><p><a target="_blank" href="https://postmodernsecurity.com/2023/05/24/dancing-with-the-cloud/">Dancing with the Cloud</a></p>
</li>
<li><p><a target="_blank" href="https://sendpasswords.net/">Send Passwords</a></p>
</li>
<li><p><a target="_blank" href="https://research.securitum.com/xss-in-wordpress-via-open-embed-auto-discovery/">XSS in WordPress via open embed auto discovery</a></p>
</li>
<li><p><a target="_blank" href="https://code4rena.com/reports/2023-01-astaria#h-08-lack-of-strategydetailsparamvault-validation-allows-the-borrower-to-steal-all-the-funds-from-the-vault">Astaria contest</a></p>
</li>
<li><p><a target="_blank" href="https://blog.ammaraskar.com/vscode-rce/">VSCode Remote Code Execution advisory</a></p>
</li>
<li><p><a target="_blank" href="https://balwurk.com/data-exfiltration-through-dns-with-rust/">Data Exfiltration through DNS with Rust</a></p>
</li>
</ul>
<h3 id="heading-secvideo">secvideo</h3>
<ul>
<li><a target="_blank" href="https://www.youtube.com/watch?v=BarJCn4yChA">Information Security Is an Ecology of Horrors and You Are the Solution</a></li>
</ul>
<h3 id="heading-secgit">secgit</h3>
<ul>
<li><p><a target="_blank" href="https://github.com/praetorian-inc/gato">praetorian-inc/gato</a></p>
</li>
<li><p><a target="_blank" href="https://github.com/nccgroup/ccs">nccgroup/ccs</a></p>
</li>
</ul>


### seclinks

* [Insecure Features in PDFs](https://web-in-security.blogspot.com/2021/01/insecure-features-in-pdfs.html)
    
* [On-site Request Forgery](https://blog.cm2.pw/articles/on-site-request-forgery/)
    
* [Hacking my “smart” toothbrush](https://kuenzi.dev/toothbrush/)
    
* [A deep-dive on Pluck CMS vulnerability CVE-2023-25828](https://www.synopsys.com/blogs/software-security/a-deep-dive-on-pluck-cms-vulnerability-cve-2023-25828/)
    
* [Dancing with the Cloud](https://postmodernsecurity.com/2023/05/24/dancing-with-the-cloud/)
    
* [Send Passwords](https://sendpasswords.net/)
    
* [XSS in WordPress via open embed auto discovery](https://research.securitum.com/xss-in-wordpress-via-open-embed-auto-discovery/)
    
* [Astaria contest](https://code4rena.com/reports/2023-01-astaria#h-08-lack-of-strategydetailsparamvault-validation-allows-the-borrower-to-steal-all-the-funds-from-the-vault)
    
* [VSCode Remote Code Execution advisory](https://blog.ammaraskar.com/vscode-rce/)
    
* [Data Exfiltration through DNS with Rust](https://balwurk.com/data-exfiltration-through-dns-with-rust/)
    

### secvideo

* [Information Security Is an Ecology of Horrors and You Are the Solution](https://www.youtube.com/watch?v=BarJCn4yChA)
    

### secgit

* [praetorian-inc/gato](https://github.com/praetorian-inc/gato)
    
* [nccgroup/ccs](https://github.com/nccgroup/ccs)

Rosecurify

Rosecurify

Seclog - #27

seclinks

secvideo

secgit