Seclog - #56

ยท

3 min read

You always succeed in producing a result. โ€” Tony Robbins


SecMisc

  • Privacy is sexy ๐Ÿ‘๐Ÿ† - Enforce privacy & security on Windows, macOS and Linux: A comprehensive guide to enhancing privacy and security across major operating systems. Read More

  • Certificate Transparency: Delve into the world of certificate transparency and its pivotal role in internet security. Read More

๐Ÿ“ฐ SecLinks

  • Quishing Simulator - Keepnet Labs: An interactive simulator to understand and defend against quishing attacks. Read More

  • Exploiting XSS using Polyglot JPEGs+Javascript to bypass CSP: A novel approach to exploiting XSS vulnerabilities using polyglot JPEGs and JavaScript. Read More

  • MobSF Remote Code Execution (CVE-2024-21633) by 0x33c0unt: In-depth analysis of a critical remote code execution vulnerability in MobSF. Read More

  • Privilege Escalation in Cloudflare Pages : Exploration of privilege escalation and page tampering issues in Cloudflare Pages. Read More

  • Adtech Catalyzing Fraud: Unverified Vanity URLs & Interest Tracking by Eli Grey: An analysis of how adtech, including unverified vanity URLs, is catalyzing online fraud. Read More

  • 2023 CVE Data Review: A comprehensive review of CVE data from the year 2023. Read More

  • Control-M Web Security Advisory: Important security update and advisory for Control-M Web users. Read More

  • Unauthenticated RCE in Adobe Coldfusion (CVE-2023-26360): A detailed analysis of a remote code execution vulnerability in Adobe Coldfusion. Read More

  • GitLab Critical Security Release (Versions 16.7.2, 16.6.4, 16.5.6): Details on GitLab's critical security update addressing significant vulnerabilities. Read More

  • Defending Websites with ZIP Bombs: Strategies on using ZIP bombs to protect websites. Read More

  • Analysis of HTTP2 Request Smuggling: In-depth exploration of utilizing HTTP2 request smuggling. Read More

  • Best Security Movies (and some yet to be made) by Phil Venables: A curated list of the best security movies and some ideas for future films. Read More

  • 5 Katana Tricks for OSINT: Advanced techniques for open-source intelligence gathering. Read More

  • Sink Tracing in Modern Web Applications: Techniques for tracing and securing web application sinks. Read More

  • Chrome V8 Engine Exploit (CVE 2023-4069) - GitHub Security Lab: Technical details of exploiting vulnerabilities in Chrome's V8 engine. Read More

  • PaperCut WebDAV Vulnerability (CVE-2023-39143) - Horizon3.ai: Comprehensive writeup on the PaperCut WebDAV vulnerability. Read More

  • Opsec for Security Investigators by Cosive: Essential operational security tips for professionals in the security field. Read More

  • Introducing ShellSweep: Web Shell Detection Tool by Splunk: Discover ShellSweep, a new tool for detecting web shells. Read More

  • MSRC Security Report Analysis: A detailed examination of a security report from the Microsoft Security Response Center. Read More

๐Ÿ”— SecGit

  • Paper-based Secret Sharing Technique - Sjlver/psst: Explore this innovative approach to secret sharing using paper-based techniques. Explore on GitHub

  • SSH-Snake by MegaManSec: A self-propagating, self-replicating, file-less script for automating SSH private key and host discovery. Explore on GitHub

  • Swarmsecurity/swarm: The next generation of distributed cloud scanning and attack surface monitoring, evolved from Axiom. Explore on GitHub

  • Automating AWS Resource Import into Terraform - aws-samples/aws2tf: Automate the importing of existing AWS resources into Terraform and outputs Terraform HCL code. Explore on GitHub

  • Secator by freelabz: Discover Secator, a unique tool in the realm of cybersecurity. Explore on GitHub

  • BypassFuzzer by intrudir: A specialized tool for fuzzing 401/403/404 pages to discover bypass vulnerabilities. Explore on GitHub

  • LL-RASP: Protecting High-level Programming Languages - h2-stack: Learn about low-level RASP techniques for protecting applications implemented in high-level programming languages. Explore on GitHub

  • PostMessage Logger - opnsec: A simple Chrome extension for logging "postMessage" data, useful in security analysis. Explore on GitHub

  • Eval Villain: Discovering DOM XSS - swoops: A Firefox Web Extension aimed at improving the discovery of DOM XSS vulnerabilities. Explore on GitHub

  • Damn Vulnerable LLM Agent - WithSecureLabs: A repository dedicated to studying and understanding vulnerabilities in LLM agents. Explore on GitHub

ย