Seclog - #66


3 min read

History will be kind to me for I intend to write it. โ€” Winston Churchill

๐Ÿ“š SecMisc

  • TrailDiscover - Explore the world of trails with TrailDiscover. Read More

  • GoFetch - Discover the GoFetch vulnerability that affects Apple Silicon processors. Read More

  • Year 2038 Problem - Learn about the Year 2038 problem that could affect Unix-based systems. Read More

  • The Guides to (mostly) Harmless Hacking - A classic resource for understanding hacking from a beginner's perspective. Read More

  • Vulnerability Reward Program: 2023 Year in Review - Google's review of its Vulnerability Reward Program for 2023. Read More

  • Real-time, privacy-preserving URL protection - Google's approach to real-time, privacy-preserving URL protection. Read More

  • New chip flaw hits Apple Silicon - A vulnerability named 'GoFetch' attacks Apple M1, M2, M3 processors. Read More

  • SQL Injection in Prepared Statement - CVE-2024โ€“1597 - A security vulnerability involving SQL injection in prepared statements. Read More

  • Incident report on March 13, 2024 - Mintlify - A report on an incident that occurred on March 13, 2024. Read More

  • JPEG DCT text lossifizer - A tool for lossy text compression using JPEG DCT. Read More

  • Javascript deobfuscation the easy way - A guide to easy JavaScript deobfuscation. Read More

  • DOM Purify - untrusted Node bypass - A discussion on a vulnerability in DOM Purify. Read More

  • Read code like a pro with our weAudit VSCode extension - Introducing the weAudit VSCode extension for code analysis. Read More

  • Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762 - An analysis of a remote code execution vulnerability in FortiGate. Read More

  • SVG Files Abused in Emerging Campaigns - A discussion on the abuse of SVG files in emerging cyber campaigns. Read More

  • Fuzzing Ladybird with tools from Google Project Zero - An exploration of fuzzing the Ladybird browser with tools from Google Project Zero. Read More

  • CVE-2024-1800 (CVSS 9.9): Critical RCE Flaw Found in Popular Reporting Platform - A critical remote code execution flaw found in a popular reporting platform. Read More

  • Google's Advanced Protection Program is great, it's a shame the company rarely mentions it - A discussion on Google's Advanced Protection Program. Read More

๐Ÿ“ฃ SecTweet

  • Marc Stevens on X - "Here is a 72-byte alphanum MD5 collision with 1-byte difference for fun." Read More

๐ŸŽฅ SecVideo

  • Intro to Lockpicking! - A beginner's guide to lockpicking. Watch Here

  • GitHub Advanced Security: Code scanning autofix - An overview of GitHub's code scanning and autofix features. Watch Here

๐Ÿ’ป SecGit

  • jsmug: A PoC code for JSON Smuggling - A proof of concept for smuggling arbitrary files through JSON. Explore on GitHub

  • DNS-Tunnel-Keylogger - A keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes. Explore on GitHub

  • uBlockOrigin-HUGE-AI-Blocklist - A huge blocklist of sites containing AI-generated content for uBlock Origin & uBlacklist. Explore on GitHub

  • grok-1: Grok open release - The open release of Grok. Explore on GitHub

  • TinyCheck - A tool for capturing and analyzing network communications from smartphones and other devices. Explore on GitHub

  • SpyGuard - A forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device. Explore on GitHub

For suggestions and any feedback, please contact: