Seclog - #58

It is not enough to have a good mind; the main thing is to use it well. — René Descartes

📰 SecLinks

  • Owning a Bitcoin ATM - Security analysis of Bitcoin ATMs, discussing vulnerabilities and implications. Read More

  • Rook to XSS: How I hacked with a rookie exploit - A detailed case study of exploiting a cross-site scripting vulnerability on a popular website. Read More

  • Attack of the week: Airdrop tracing - Exploration of security flaws in airdrop technology and their potential impacts. Read More

  • Gambio - Insecure Deserialization - Technical breakdown of a specific security vulnerability. Read More

  • Cloud Threat Landscape: A Cloud Threat Intelligence Database | Wiz - An overview of the current threats in cloud computing. Read More

  • Top 10 web hacking techniques of 2023 - PortSwigger - Review of the most influential web hacking methods of the past year. Read More

  • “MyFlaw” — Cross Platform 0-Day RCE Vulnerability Discovered in Opera’s Browser - Analysis of a critical vulnerability found in Opera's browser. Read More

  • Ivanti vulnerabilities - recap - Koen Van Impe - A recap of recent vulnerabilities discovered in Ivanti products. Read More

  • Yin Yang Metaphor of DNS Privacy - Discussion on the balance between DNS functionality and privacy. Read More

  • CVE-2023-5480: Chrome new XSS Vector - Slonser Notes - Examination of a new XSS vector found in Chrome. Read More

  • Bypassing browser tracking protection for CORS misconfiguration abuse - Insights into how CORS misconfigurations can be exploited. Read More

  • GitLab Critical Security Release: 16.8.1, 16.7.4, 16.6.6, 16.5.8 - Information on critical security updates for GitLab. Read More

🐦 SecTweet

  • Massimo on X - Tweet about a tool for replicating keys without the original. View Tweet

🎥 SecVideo

  • Securing CI/CD Runners Through eBPF Agent - A video discussing the security of CI/CD runners using eBPF Agent. Watch Here

💻 SecGit

  • kondukto-io/kntrl - An eBPF based CI/CD security tool. Explore on GitHub

  • horizon3ai/CVE-2024-0204 - Authentication Bypass in GoAnywhere MFT. Explore on GitHub

  • RedTeamPentesting/pretender - A tool for relaying attacks featuring multiple spoofing techniques. Explore on GitHub

  • kunai-project/kunai - A threat-hunting tool for Linux. Explore on GitHub

  • ACK-J/postMessage-tracker-firefox - A Firefox Extension for tracking postMessage usage. Explore on GitHub

  • nicocha30/ligolo-ng - An advanced tunneling/pivoting tool using a TUN interface. Explore on GitHub