It is not enough to have a good mind; the main thing is to use it well. — René Descartes
📰 SecLinks
Owning a Bitcoin ATM - Security analysis of Bitcoin ATMs, discussing vulnerabilities and implications. Read More
Rook to XSS: How I hacked chess.com with a rookie exploit - A detailed case study of exploiting a cross-site scripting vulnerability on a popular website. Read More
Attack of the week: Airdrop tracing - Exploration of security flaws in airdrop technology and their potential impacts. Read More
Gambio 4.9.2.0 - Insecure Deserialization - Technical breakdown of a specific security vulnerability. Read More
Cloud Threat Landscape: A Cloud Threat Intelligence Database | Wiz - An overview of the current threats in cloud computing. Read More
Top 10 web hacking techniques of 2023 - PortSwigger - Review of the most influential web hacking methods of the past year. Read More
“MyFlaw” — Cross Platform 0-Day RCE Vulnerability Discovered in Opera’s Browser - Analysis of a critical vulnerability found in Opera's browser. Read More
Ivanti vulnerabilities - recap - Koen Van Impe - A recap of recent vulnerabilities discovered in Ivanti products. Read More
Yin Yang Metaphor of DNS Privacy - Discussion on the balance between DNS functionality and privacy. Read More
CVE-2023-5480: Chrome new XSS Vector - Slonser Notes - Examination of a new XSS vector found in Chrome. Read More
Bypassing browser tracking protection for CORS misconfiguration abuse - Insights into how CORS misconfigurations can be exploited. Read More
GitLab Critical Security Release: 16.8.1, 16.7.4, 16.6.6, 16.5.8 - Information on critical security updates for GitLab. Read More
🐦 SecTweet
- Massimo on X - Tweet about a tool for replicating keys without the original. View Tweet
🎥 SecVideo
- Securing CI/CD Runners Through eBPF Agent - A video discussing the security of CI/CD runners using eBPF Agent. Watch Here
💻 SecGit
kondukto-io/kntrl - An eBPF based CI/CD security tool. Explore on GitHub
horizon3ai/CVE-2024-0204 - Authentication Bypass in GoAnywhere MFT. Explore on GitHub
RedTeamPentesting/pretender - A tool for relaying attacks featuring multiple spoofing techniques. Explore on GitHub
kunai-project/kunai - A threat-hunting tool for Linux. Explore on GitHub
ACK-J/postMessage-tracker-firefox - A Firefox Extension for tracking postMessage usage. Explore on GitHub
nicocha30/ligolo-ng - An advanced tunneling/pivoting tool using a TUN interface. Explore on GitHub