Photo by Mike Hindle on Unsplash
Seclog - 3
Spotlight : Mastodon Hacked and Is Mastodon Private and Secure?, Hacking Salesforce, Passkeys.directory, Azure Backdoor, vulnerable-code-snippets.
seclinks
Vulnerability Management at Lyft: Enforcing the Cascade - Part 1 | by Alex Chantavy
Vulnerability Management at Lyft
Stealing passwords from infosec Mastodon - without bypassing CSP | PortSwigger Research
The story of how I could steal credentials on Infosec Mastodon with a HTML injection vulnerability, without needing to bypass CSP.
TechInfoSecMastodon Security list
I'm joining at @security@infosec.exchange
GCP Penetration Testing Notes 2
GCP Penetration Testing notes
Google Roulette :)
Is Mastodon Private and Secure? Let’s Take a Look | Electronic Frontier Foundation
This post is part of a series on Mastodon and the fediverse.
On Bypassing eBPF Security Monitoring
There are many security solutions available today that rely on the Extended Berkeley Packet Filter (eBPF) features of the Linux kernel to monitor kernel functions.
As a security researcher, as a beginner, you may see the fact of having your own CVE as the Graal.
Don't store TOTP in Bitwarden for your online accounts! - Patryk's blog
Bitwarden has this great feature: built-in TOTP Authenticator.
Hacking Salesforce-backed WebApps
This post will cover some things I'be come across in custom applications using Salesforce's API as a backend - this post does not deal with "hacking Salesforce" itself.
Tracing HTTP Requests with tcpflow
He connected to the production VPN and entered one of the k8s pods using kubectl exec.
Varonis Threat Labs Discovers SQLi and Access Flaws in Zendesk
Varonis Threat Labs found a SQL injection vulnerability and a logical access flaw in Zendesk
iOS/iPadOS backups where an attacker could trigger a backup without a user’s consent to steal their data
That's perfect timing to talk about how to make your GraphQL APIs secure and ready for production.
Techniques In Email Forensic Analysis
Techniques In Email Forensic Analysis
Websites, apps and services using passkeys for authentication
macOS Sandbox Escape vulnerability via Terminal
macOS Sandbox Escape vulnerability
Azure Backdoors presentation by Andy Robbins