Seclog - #62

Seclog - #62

Photo by Jack R on Unsplash

  • Go Go XSS Gadgets: Chaining a DOM Clobbering Exploit in the Wild | Brett Buerhaus - Detailed analysis of a DOM clobbering-based XSS exploit. Read More

  • Understanding Task Injection Vulnerabilities: A Bug Bounty Perspective - Insights into task injection vulnerabilities from a bug bounty viewpoint. Read More

  • The "KeyTrap" DNS Vulnerability [LWN.net] - Exploration of a critical DNS flaw. Read More

  • CSP Bypass on PortSwigger.net using Google Script Resources - Analysis of a CSP bypass using Google script resources. Read More

  • Attacking APIs - Strategies and methods for effective API attacks. Read More

  • GreyNoise Labs - Code Injection or Backdoor: A New Look at Ivanti’s CVE-2021-44529 - Investigating the Ivanti exploit. Read More

  • “To Live is to Fight, to Fight is to Live! - IBM ODM Remote Code Execution - Analysis of a remote code execution vulnerability in IBM ODM. Read More

  • Critical RCE Patched in Bricks Builder Theme - Patchstack - Discussion of a critical RCE vulnerability in the Bricks Builder theme. Read More

  • curl HTTP/3 Security Audit | daniel.haxx.se - A security audit of curl's HTTP/3 implementation. Read More

  • Bypassing Origin Policies to Exploit Local Network Devices | CYTRES - Techniques for exploiting local network devices by bypassing origin policies. Read More

  • AI for Security: Eight Areas of Opportunity - Menlo Ventures - Exploring the potential of AI in cybersecurity. Read More

  • Exploiting Cacheable Responses - Attack Ships on Fire - Techniques for exploiting cacheable HTTP responses. Read More

  • Nom for Security: A Proactive Security Review of Nomulus - Google Bug Hunters - A proactive security review of Google's Nomulus. Read More

  • Azure DevOps Zero-Click CI/CD Vulnerability - Uncovering a zero-click vulnerability in Azure DevOps. Read More

  • Strengthening Cyber Defenses: Best Practices for Email Security Headers - Best practices for implementing email security headers. Read More

  • TruffleHog Now Detects AWS Canaries without Setting Them Off ◆ Truffle Security Co. - TruffleHog's new capability to detect AWS canaries. Read More

  • Herr Bischoff's Blocklists - Comprehensive blocklists for improved online security and privacy. Read

🐦 SecTweet

  • Ron Masas on X - Discussion of stored XSS vulnerabilities in ChatGPT. View Tweet

  • Thomas Roccia 🤘 on X - Insights into analyzing data leaks in foreign languages. View Tweet

  • CertiK Alert on X - Alert about the DeezNutz_404 project exploit. View Tweet

🎥 SecVideo

  • Vision Pro Teardown: Behind the Complex and Creepy Tech - A teardown analysis of the Vision Pro technology. Watch Here

💻 SecGit

  • xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability - Information on a Microsoft Outlook remote code execution vulnerability. Explore on GitHub

  • cloudflare/cfssl: CFSSL: Cloudflare's PKI and TLS toolkit - Cloudflare's toolkit for PKI and TLS. Explore on GitHubI hope this format meets your expectations!