π SecMisc
LOTP - Living Off the Pipeline: Explore innovative strategies for software development without a traditional CI/CD pipeline. Read More
pico.sh: Discover a minimalistic, server-side scripting environment for streamlined web development. Read More
AI's Best Friend eBook by Robert Hansen: Dive into the evolving relationship between AI and humans in this insightful eBook. Read More
De-google-ify Internet: Learn about initiatives to reduce reliance on Google's ecosystem for a more diversified internet. Read More
Learn and Test DMARC: Enhance email security and prevent phishing with DMARC testing tools. Read More
π° SecLinks
We Hacked Google A.I. for $50,000 - Lupin & Holmes: An account of how Lupin & Holmes successfully hacked Google's AI, claiming a $50,000 reward. Read More
Kali Linux 2024.1 Release (Micro Mirror): Announcement and details about the latest release of Kali Linux, version 2024.1. Read More
Federal Government Cybersecurity Incident and Vulnerability Response Playbooks: Official playbooks from CISA for responding to cybersecurity incidents and vulnerabilities. Read More
Exploiting CSP Wildcards for Google Domains: A technical exploration of exploiting CSP (Content Security Policy) wildcards in Google domains. Read More
Security: Arbitrary JavaScript Code Execution in "devtools://devtools" - Chromium: A security report detailing how attackers can execute arbitrary JavaScript code in a privileged Chromium origin. Read More
Unauthenticated Email Enumeration via API Fuzzing - Jineesh AK: An exploration of how API fuzzing can be used to enumerate email addresses without authentication. Read More
Using Open Source Tools to Monitor a Sanctioned Russian Bank - bellingcat: A case study on monitoring a Russian bank using open-source internet routing tools. Read More
Preventing AWS Subdomain Takeover - Sena Yakut: Strategies and case studies for enhancing security and preventing AWS subdomain takeover. Read More
Session Timeout Vulnerabilities & Extension - Burp Suite: Discussion of vulnerabilities related to session timeouts and how to extend sessions using Burp Suite. Read More
V8 Sandbox - External Pointer Sandboxing - Google Docs: A document detailing the sandboxing of external pointers in the V8 JavaScript engine. Read More
The State of ABAC on AWS (2024) - High Signal Security: An analysis of Attribute-Based Access Control (ABAC) on AWS as of 2024. Read More
Joomla: Multiple XSS Vulnerabilities - Sonar: A report on multiple XSS vulnerabilities introduced by a PHP bug in Joomla. Read More
Server-Side Prototype Pollution Gadgets Scanner - Doyensec's Blog: Introduction of a scanner for detecting server-side prototype pollution gadgets. Read More
Monitor Certificate Expiry via RSS - Raphting: A guide on monitoring SSL/TLS certificate expiry using RSS feeds. Read More
Type Confusion in V8 WebAssembly Leading to RCE - Chromium: A security issue in V8 WebAssembly that could lead to remote code execution. Read More
Advanced Fuzzing Techniques Applied to cURL - Trail of Bits Blog: An overview of how advanced fuzzing techniques were applied to the cURL tool. Read More
MeshCentral Cross-Site Websocket Hijacking Vulnerability: Examine the cross-site WebSocket hijacking vulnerability in MeshCentral. Read More
π¦ SecTweet
- π―πππππ πΎπππππππππ on X: Discussing "#LockBit releases a long read of what happened." Read More
π₯ SecVideo
The 5 Week Program: IDOR Q&A + Labs: A comprehensive guide and Q&A on IDOR vulnerabilities, accompanied by practical labs. Watch Here
The Integration Cyber Security and Insurance: The Journey of Cysurance: Exploring the integration of cybersecurity and insurance through the journey of Cysurance. Watch Here
π» SecGit
beigeworm/BadUSB-Files-For-FlipperZero: A collection of over 60 scripts tailored for the BadUSB function on FlipperZero. Explore on GitHub
moom825/xeno-rat: Xeno-RAT, a comprehensive open-source remote access tool developed in C#, featuring HVNC, live microphone, reverse proxy, and more. Explore on GitHub
sea-erkin/log-snare: LogSnare, a versatile tool for testing, preventing, and logging IDOR vulnerabilities. Explore on GitHub
latiotech/LAST: Utilize AI to scan your code for security issues and code smells from the command line. Explore on GitHub