A short saying often contains much wisdom. โ Sophocles
๐ป SecMisc
2600 News: The Hacker Quarterly Updates Stay updated with the latest in hacker culture and cybersecurity trends with 2600 News. This platform provides insightful articles, news, and discussions, crucial for anyone interested in the evolving landscape of information security. Explore 2600 News
Security Creators: Video Content for Cybersecurity Enthusiasts Security Creators offers a curated selection of video content focused on cybersecurity. It's an excellent resource for visual learners seeking to understand complex security concepts, stay informed about industry trends, or simply explore fascinating cybersecurity topics. Visit Security Creators
๐ฐ SecLinks
30 New Semgrep Rules: Enhancing Code Security Trail of Bits releases new rules for Ansible, Java, Kotlin, and shell scripts, advancing security in software development. Read More
Insurance Company Hack: Toyota/Eicher Motors Exploited Eaton Works exposes vulnerabilities in an insurance company's premium calculator, highlighting security loopholes. Read More
LeftoverLocals: Eavesdropping on LLM via GPU Memory Leaks Trail of Bits unveils a method to intercept LLM responses through GPU memory leaks, underscoring hardware security issues. Read More
Google Account Compromise through OAuth2 Flaws CloudSEK discusses malware exploiting undocumented OAuth2 functionality, leading to session hijacking in Google accounts. Read More
Bypassing AWS Cognito User Enumeration Controls Techniques to circumvent user enumeration controls in Amazon Cognito, shedding light on cloud security vulnerabilities. Read More
Ivanti Pulse Connect Secure: Auth Bypass & RCE Exploitation Assetnote's investigation into Ivanti's Pulse Connect Secure reveals critical authentication and remote code execution vulnerabilities. Read More
Strategies for Fuzzing and Bypassing AWS WAF Sysdig explores methods to test and bypass Amazon Web Services' Web Application Firewall, emphasizing the need for robust security measures. Read More
libX11 Vulnerabilities: CVE-2023-43786 & CVE-2023-43787 JFrog's in-depth analysis of critical vulnerabilities in libX11, essential for X Window System application developers. Read More
Remote Callback Techniques in Cybersecurity Lance B. Cain from SpecterOps Team presents innovative methods for remote callbacks in cybersecurity operations. Read More
Analyzing Obfuscated JavaScript in Signed Requests Buer Haus provides insights into reversing and analyzing signed request hashes in obfuscated JavaScript. Read More
Exploiting Report Visibility in HackerOne An in-depth analysis of a vulnerability allowing the viewing of private reports with pending email invitations on HackerOne. Read More
SQL Injection in GLPI Dynamic Reports Hakaioffsec Labs details an SQL injection vulnerability in GLPI's dynamic reports, emphasizing database security concerns. Read More
Obsidian's Security Enhancements Post Audit Obsidian announces new security measures and an independent audit report by Cure53, ensuring enhanced data protection. Read More
Exploiting QUIC's Path Validation for Security Breaches Seemann.io's research on exploiting path validation in QUIC protocol, highlighting potential network security risks. Read More
Adversarial Machine Learning: A Comprehensive Guide NIST publishes AI 100-2 E2023, offering a taxonomy and terminology guide for understanding attacks and mitigations in machine learning. Read More
๐ฅ SecVideo
- ShmooCon 2024: A Must-Watch Cybersecurity Conference Dive into the world of cybersecurity with ShmooCon 2024's comprehensive conference video. This event covers the latest trends, challenges, and innovations in cybersecurity, featuring talks from industry experts. An essential watch for professionals and enthusiasts alike in the field of information security. Watch on YouTube
๐ SecGit
EvilSlackbot: A New Twist in Workspace Automation Drew Sec introduces EvilSlackbot, a tool that leverages Slack for cybersecurity testing and operations, showcasing the dual-use nature of workplace automation tools. Read More
danluu's Post-Mortems: Lessons from Failures A valuable GitHub repository by Dan Luu, featuring an extensive collection of post-mortem reports across various tech industries, providing crucial insights into system failures and operational learnings. Explore More
BishopFox's BIG-IP Scanner: Network Security Tool BishopFox releases bigip-scanner, a specialized tool designed for scanning and identifying vulnerabilities in F5 BIG-IP devices, highlighting the importance of network security in an increasingly connected world. Check It Out
CyberRoute's ScanMe: Open-Source Vulnerability Scanner CyberRoute introduces ScanMe, an open-source tool aimed at simplifying vulnerability scanning for security professionals and enthusiasts, demonstrating the growing accessibility of cybersecurity tools. Discover More