Seclog - #63


3 min read

Seclog - #63

Photo by Marco Krenn on Unsplash

πŸ“š SecMisc

  • LOTP - Living Off the Pipeline: Explore innovative strategies for software development without a traditional CI/CD pipeline. Read More

  • Discover a minimalistic, server-side scripting environment for streamlined web development. Read More

  • AI's Best Friend eBook by Robert Hansen: Dive into the evolving relationship between AI and humans in this insightful eBook. Read More

  • De-google-ify Internet: Learn about initiatives to reduce reliance on Google's ecosystem for a more diversified internet. Read More

  • Learn and Test DMARC: Enhance email security and prevent phishing with DMARC testing tools. Read More

  1. We Hacked Google A.I. for $50,000 - Lupin & Holmes: An account of how Lupin & Holmes successfully hacked Google's AI, claiming a $50,000 reward. Read More

  2. Kali Linux 2024.1 Release (Micro Mirror): Announcement and details about the latest release of Kali Linux, version 2024.1. Read More

  3. Federal Government Cybersecurity Incident and Vulnerability Response Playbooks: Official playbooks from CISA for responding to cybersecurity incidents and vulnerabilities. Read More

  4. Exploiting CSP Wildcards for Google Domains: A technical exploration of exploiting CSP (Content Security Policy) wildcards in Google domains. Read More

  5. Security: Arbitrary JavaScript Code Execution in "devtools://devtools" - Chromium: A security report detailing how attackers can execute arbitrary JavaScript code in a privileged Chromium origin. Read More

  6. Unauthenticated Email Enumeration via API Fuzzing - Jineesh AK: An exploration of how API fuzzing can be used to enumerate email addresses without authentication. Read More

  7. Using Open Source Tools to Monitor a Sanctioned Russian Bank - bellingcat: A case study on monitoring a Russian bank using open-source internet routing tools. Read More

  8. Preventing AWS Subdomain Takeover - Sena Yakut: Strategies and case studies for enhancing security and preventing AWS subdomain takeover. Read More

  9. Session Timeout Vulnerabilities & Extension - Burp Suite: Discussion of vulnerabilities related to session timeouts and how to extend sessions using Burp Suite. Read More

  10. V8 Sandbox - External Pointer Sandboxing - Google Docs: A document detailing the sandboxing of external pointers in the V8 JavaScript engine. Read More

  11. The State of ABAC on AWS (2024) - High Signal Security: An analysis of Attribute-Based Access Control (ABAC) on AWS as of 2024. Read More

  12. Joomla: Multiple XSS Vulnerabilities - Sonar: A report on multiple XSS vulnerabilities introduced by a PHP bug in Joomla. Read More

  13. Server-Side Prototype Pollution Gadgets Scanner - Doyensec's Blog: Introduction of a scanner for detecting server-side prototype pollution gadgets. Read More

  14. Monitor Certificate Expiry via RSS - Raphting: A guide on monitoring SSL/TLS certificate expiry using RSS feeds. Read More

  15. Type Confusion in V8 WebAssembly Leading to RCE - Chromium: A security issue in V8 WebAssembly that could lead to remote code execution. Read More

  16. Advanced Fuzzing Techniques Applied to cURL - Trail of Bits Blog: An overview of how advanced fuzzing techniques were applied to the cURL tool. Read More

  17. MeshCentral Cross-Site Websocket Hijacking Vulnerability: Examine the cross-site WebSocket hijacking vulnerability in MeshCentral. Read More

🐦 SecTweet

  • π•―π–’π–Žπ–™π–—π–ž π•Ύπ–’π–Žπ–‘π–žπ–†π–“π–Šπ–™π–˜ on X: Discussing "#LockBit releases a long read of what happened." Read More

πŸŽ₯ SecVideo

  • The 5 Week Program: IDOR Q&A + Labs: A comprehensive guide and Q&A on IDOR vulnerabilities, accompanied by practical labs. Watch Here

  • The Integration Cyber Security and Insurance: The Journey of Cysurance: Exploring the integration of cybersecurity and insurance through the journey of Cysurance. Watch Here

πŸ’» SecGit

  • beigeworm/BadUSB-Files-For-FlipperZero: A collection of over 60 scripts tailored for the BadUSB function on FlipperZero. Explore on GitHub

  • moom825/xeno-rat: Xeno-RAT, a comprehensive open-source remote access tool developed in C#, featuring HVNC, live microphone, reverse proxy, and more. Explore on GitHub

  • sea-erkin/log-snare: LogSnare, a versatile tool for testing, preventing, and logging IDOR vulnerabilities. Explore on GitHub

  • latiotech/LAST: Utilize AI to scan your code for security issues and code smells from the command line. Explore on GitHub