Seclog - 3

Photo by Mike Hindle on Unsplash

Seclog - 3

Spotlight : Mastodon Hacked and Is Mastodon Private and Secure?, Hacking Salesforce, Passkeys.directory, Azure Backdoor, vulnerable-code-snippets.

Vulnerability Management at Lyft: Enforcing the Cascade - Part 1 | by Alex Chantavy

Vulnerability Management at Lyft

Stealing passwords from infosec Mastodon - without bypassing CSP | PortSwigger Research

The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP.

TechInfoSecMastodon Security list

I'm joining at @security@infosec.exchange

GCP Penetration Testing Notes 2

GCP Penetration Testing notes

Chromium: Same Origin Policy bypass within a single site a.k.a. "Google Roulette" - Michał Bentkowski (@SecurityMB)

Google Roulette :)

Is Mastodon Private and Secure? Let’s Take a Look | Electronic Frontier Foundation

This post is part of a series on Mastodon and the fediverse.

On Bypassing eBPF Security Monitoring

There are many security solutions available today that rely on the Extended Berkeley Packet Filter (eBPF) features of the Linux kernel to monitor kernel functions.

CVE demystified

As a security researcher, as a beginner, you may see the fact of having your own CVE as the Graal.

Don't store TOTP in Bitwarden for your online accounts! - Patryk's blog

Bitwarden has this great feature: built-in TOTP Authenticator.

Hacking Salesforce-backed WebApps

This post will cover some things I'be come across in custom applications using Salesforce's API as a backend - this post does not deal with "hacking Salesforce" itself.

Tracing HTTP Requests with tcpflow

He connected to the production VPN and entered one of the k8s pods using kubectl exec.

Varonis Threat Labs Discovers SQLi and Access Flaws in Zendesk

Varonis Threat Labs found a SQL injection vulnerability and a logical access flaw in Zendesk

iOS Backup Passcode Prompt

iOS/iPadOS backups where an attacker could trigger a backup without a user’s consent to steal their data

The complete GraphQL Security Guide: Fixing the 13 most common GraphQL Vulnerabilities to make your API production ready

That's perfect timing to talk about how to make your GraphQL APIs secure and ready for production.

Techniques In Email Forensic Analysis

Techniques In Email Forensic Analysis

Passkeys.directory

Websites, apps and services using passkeys for authentication

macOS Sandbox Escape vulnerability via Terminal

macOS Sandbox Escape vulnerability

Azure Backdoors

Azure Backdoors presentation by Andy Robbins

secvideo

sectweet

secgit