<h3 id="heading-seclinks">seclinks</h3>
<ul>
<li><p><a target="_blank" href="https://dirkjanm.io/obtaining-domain-admin-from-azure-ad-via-cloud-kerberos-trust/">Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust</a></p>
</li>
<li><p><a target="_blank" href="https://hackerone.com/reports/1861487">inDrive | Report #1861487 - inDriver Job - Admin Approval Bypass</a></p>
</li>
<li><p><a target="_blank" href="https://hackerone.com/reports/2032778">HackerOne | Report #2032778 - Internal machine learning API endpoint for CWE classification is vulnerable to path traversal</a></p>
</li>
<li><p><a target="_blank" href="https://mizu.re/post/linux-local-electron-application-script-src-self-bypass">Linux local electron application script-src: self bypass</a></p>
</li>
<li><p><a target="_blank" href="https://medium.com/@matteo.pisani.91/how-i-hacked-casio-f-91w-digital-watch-892bd519bd15">How I Hacked CASIO F-91W digital watch</a></p>
</li>
<li><p><a target="_blank" href="https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce/">Patch Diffing CVE-2023-28121 to Compromise a WooCommerce</a></p>
</li>
<li><p><a target="_blank" href="https://kuldeep.io/posts/fulldisclosure-dom-based-xss/">Full Disclosure - DOM-based XSS And Failures In Bug Bounty Hunting</a></p>
</li>
<li><p><a target="_blank" href="https://blog.takemyhand.xyz/2023/07/remote-code-execution-in-gitlabs-cli.html?spref=tw">RCE in GitLab's CLI tool</a></p>
</li>
<li><p><a target="_blank" href="https://devco.re/blog/2023/07/07/a-journey-into-hacking-google-search-appliance-en/">A Journey Into Hacking Google Search Appliance</a></p>
</li>
<li><p><a target="_blank" href="https://utkusen.medium.com/prompt-injection-how-to-prevent-it-or-should-we-prevent-it-ef62d9355191">Prompt Injection: How to Prevent It or Should We Prevent It?</a></p>
</li>
</ul>
<h3 id="heading-secgit">secgit</h3>
<ul>
<li><p><a target="_blank" href="https://github.com/SirBugs/CVE-2023-24488-PoC">SirBugs/CVE-2023-24488-PoC</a></p>
</li>
<li><p><a target="_blank" href="https://github.com/RandomRobbieBF/CVE-2023-2982">RandomRobbieBF/CVE-2023-2982</a></p>
</li>
<li><p><a target="_blank" href="https://github.com/zzzteph/probable_subdomains">zzzteph/probable_subdomains</a></p>
</li>
<li><p><a target="_blank" href="https://github.com/hakluke/hakstore">hakluke/hakstore</a></p>
</li>
<li><p><a target="_blank" href="https://github.com/lauritzh/auth-request-analyser">lauritzh/auth-request-analyser</a></p>
</li>
<li><p><a target="_blank" href="https://github.com/orf/gping">orf/gping: Ping, but with a graph</a></p>
</li>
<li><p><a target="_blank" href="https://github.com/sensepost/steampipe-plugin-projectdiscovery">sensepost/steampipe-plugin-projectdiscovery</a></p>
</li>
<li><p><a target="_blank" href="https://github.com/gerobug/gerobug#requirements">gerobug/gerobug</a></p>
</li>
</ul>
<h3 id="heading-secvideo">secvideo</h3>
<ul>
<li><a target="_blank" href="https://www.youtube.com/watch?v=Sx-WU137F_A">Hacking a Satellite News-Link CNN System.</a></li>
</ul>
<h3 id="heading-secmics">secmics</h3>
<ul>
<li><a target="_blank" href="https://www.thc.org/segfault/">Segfault | The Hacker’s Choice</a></li>
</ul>


### seclinks

* [Obtaining Domain Admin from Azure AD by abusing Cloud Kerberos Trust](https://dirkjanm.io/obtaining-domain-admin-from-azure-ad-via-cloud-kerberos-trust/)
    
* [inDrive | Report #1861487 - inDriver Job - Admin Approval Bypass](https://hackerone.com/reports/1861487)
    
* [HackerOne | Report #2032778 - Internal machine learning API endpoint for CWE classification is vulnerable to path traversal](https://hackerone.com/reports/2032778)
    
* [Linux local electron application script-src: self bypass](https://mizu.re/post/linux-local-electron-application-script-src-self-bypass)
    
* [How I Hacked CASIO F-91W digital watch](https://medium.com/@matteo.pisani.91/how-i-hacked-casio-f-91w-digital-watch-892bd519bd15)
    
* [Patch Diffing CVE-2023-28121 to Compromise a WooCommerce](https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce/)
    
* [Full Disclosure - DOM-based XSS And Failures In Bug Bounty Hunting](https://kuldeep.io/posts/fulldisclosure-dom-based-xss/)
    
* [RCE in GitLab's CLI tool](https://blog.takemyhand.xyz/2023/07/remote-code-execution-in-gitlabs-cli.html?spref=tw)
    
* [A Journey Into Hacking Google Search Appliance](https://devco.re/blog/2023/07/07/a-journey-into-hacking-google-search-appliance-en/)
    
* [Prompt Injection: How to Prevent It or Should We Prevent It?](https://utkusen.medium.com/prompt-injection-how-to-prevent-it-or-should-we-prevent-it-ef62d9355191)
    

### secgit

* [SirBugs/CVE-2023-24488-PoC](https://github.com/SirBugs/CVE-2023-24488-PoC)
    
* [RandomRobbieBF/CVE-2023-2982](https://github.com/RandomRobbieBF/CVE-2023-2982)
    
* [zzzteph/probable\_subdomains](https://github.com/zzzteph/probable_subdomains)
    
* [hakluke/hakstore](https://github.com/hakluke/hakstore)
    
* [lauritzh/auth-request-analyser](https://github.com/lauritzh/auth-request-analyser)
    
* [orf/gping: Ping, but with a graph](https://github.com/orf/gping)
    
* [sensepost/steampipe-plugin-projectdiscovery](https://github.com/sensepost/steampipe-plugin-projectdiscovery)
    
* [gerobug/gerobug](https://github.com/gerobug/gerobug#requirements)
    

### secvideo

* [Hacking a Satellite News-Link CNN System.](https://www.youtube.com/watch?v=Sx-WU137F_A)
    

### secmics

* [Segfault | The Hacker’s Choice](https://www.thc.org/segfault/)

Rosecurify

Rosecurify

Seclog - #32

Spotlight: How I Hacked CASIO F-91W digital watch, RCE in GitLab's CLI tool, Hacking Google Search Appliance, Prompt Injection (Prevent), etc.

seclinks

secgit

secvideo

secmics