Seclog - #64


3 min read

Seclog - #64

Photo by Linas Bam on Unsplash

The spirit, the will to win, and the will to excel, are the things that endure. These qualities are so much more important than the events that occur. โ€” Vince Lombardi

๐Ÿ“š SecMisc

  • Not by AI - A resource for understanding the nuances and advances in artificial intelligence. Read More

๐Ÿ“ฐ SecLinks

  • Relishing new Fickling features for securing ML systems - Trail of Bits Blog discusses the latest enhancements in Fickling for better security of ML systems. Read More

  • NIST 800-207A: Implementing Zero Trust Architecture - InfoQ presents a comprehensive guide on implementing Zero Trust Architecture as per NIST 800-207A. Read More

  • pgAdmin Path Traversal in Session Handling - Shielder reveals a critical path traversal vulnerability in pgAdmin. Read More

  • LLM Prompt Injection Worm - Schneier on Security examines the emergence of the LLM Prompt Injection Worm. Read More

  • Securing Cloudflare with Cloudflare: A Zero Trust Journey - Cloudflare's own journey implementing Zero Trust within its systems. Read More

  • Cloudflare Announces Firewall for AI - Introduction of a new Firewall specifically designed for AI by Cloudflare. Read More

  • Conditional Prompt Injection Attacks with Microsoft Copilot - Embrace The Red explores the vulnerabilities in Microsoft Copilot through conditional prompt injection attacks. Read More

  • Leaking NTLM Credentials Through Windows Themes - Akamai's research on how Windows themes can be exploited to leak NTLM credentials. Read More

  • Kaspersky Spam and Phishing Report for 2023 - An analysis of the spam and phishing trends in 2023 by Kaspersky. Read More

  • New Malicious PyPI Packages used by Lazarus - JPCERT/CC discusses Lazarus's use of malicious PyPI packages. Read More

  • Source Code Disclosure in ASP.NET apps - PT SWARM highlights the risks of source code disclosure in ASP.NET applications. Read More

  • Detecting Phishing Sites Using ChatGPT - A study on leveraging ChatGPT for identifying phishing websites. Read More

  • SolarWinds Security Event Manager AMF deserialization RCE - Analysis of a remote code execution vulnerability in SolarWinds Security Event Manager. Read More

๐ŸŽฅ SecVideo

  • I Made Malware In Under 20 Minutes - A YouTube tutorial demonstrating the creation of malware in a short span of time. Watch Here

๐Ÿ’ป SecGit

  • Knox: Secret Management Service by Pinterest - Knox, developed by Pinterest, offers a secure way to manage secrets. Explore on GitHub

  • SploitScan: Cybersecurity Utility - SploitScan, a comprehensive tool for vulnerability assessment and PoC exploits. Explore on GitHub

  • AI-Exploits: Real World AI/ML Exploits Collection - A collection of real-world AI and ML exploits for responsibly disclosed vulnerabilities. Explore on GitHub

  • DOT: The Deepfake Offensive Toolkit - Sensity AI's toolkit for creating and understanding deepfakes. Explore on GitHub

  • GSocket: Firewall Bypass Tool - A tool designed to securely connect through firewalls. Explore on GitHub

  • OpenGFW: Open Source GFW Implementation - OpenGFW provides a flexible and easy-to-use implementation of the Great Firewall of China on Linux. Explore on GitHub