Seclog - #34Spotlight: How CodeQL works, Bundle Your Own Stealer, ShareFile RCE, RCE in Google Cloud Build, ORMs and Prepared Statements, etc.Rosecurify·Jul 23, 2023·1 min readPhoto by Nils on Unsplashseclinks Why ORMs and Prepared Statements Can't (Always) Win DDoS threat report for 2023 Q2 How to get rid of AWS access keys – Part 3: Replacing the authentication Mongoose Prototype Pollution Vulnerability vulnerability found in mongoose Advisory: ShareFile Pre-Auth RCE (CVE-2023-24489) Introducing: Security’s Social Problem How CodeQL works: Summary THE LAWS OF IDENTITY Firstyear's blog-a-log AWS Access Key ID formats BYOS - Bundle Your Own Stealer The Death of Infosec Twitter Practice Your Security Prompting Skills Bad.Build: PE & RCE Vulnerabilities in Google Cloud Build CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent Hunting for Nginx Alias Traversals in the wild secgit irsl/curlshell: reverse shell using curl jasperan/whatsapp-osint: WhatsApp spy rosenpass/rosenpass owasp-amass/open-asset-model secvideo Vulnerabilities and Misconfigurations in GitHub Actions Security's Social Problem: Introduction seclogSecurity Share this