History will be kind to me for I intend to write it. โ Winston Churchill
๐ SecMisc
TrailDiscover - Explore the world of trails with TrailDiscover. Read More
GoFetch - Discover the GoFetch vulnerability that affects Apple Silicon processors. Read More
Year 2038 Problem - Learn about the Year 2038 problem that could affect Unix-based systems. Read More
๐ฐ SecLinks
The Guides to (mostly) Harmless Hacking - A classic resource for understanding hacking from a beginner's perspective. Read More
Vulnerability Reward Program: 2023 Year in Review - Google's review of its Vulnerability Reward Program for 2023. Read More
Real-time, privacy-preserving URL protection - Google's approach to real-time, privacy-preserving URL protection. Read More
New chip flaw hits Apple Silicon - A vulnerability named 'GoFetch' attacks Apple M1, M2, M3 processors. Read More
SQL Injection in Prepared Statement - CVE-2024โ1597 - A security vulnerability involving SQL injection in prepared statements. Read More
Incident report on March 13, 2024 - Mintlify - A report on an incident that occurred on March 13, 2024. Read More
JPEG DCT text lossifizer - A tool for lossy text compression using JPEG DCT. Read More
Javascript deobfuscation the easy way - A guide to easy JavaScript deobfuscation. Read More
DOM Purify - untrusted Node bypass - A discussion on a vulnerability in DOM Purify. Read More
Read code like a pro with our weAudit VSCode extension - Introducing the weAudit VSCode extension for code analysis. Read More
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762 - An analysis of a remote code execution vulnerability in FortiGate. Read More
SVG Files Abused in Emerging Campaigns - A discussion on the abuse of SVG files in emerging cyber campaigns. Read More
Fuzzing Ladybird with tools from Google Project Zero - An exploration of fuzzing the Ladybird browser with tools from Google Project Zero. Read More
CVE-2024-1800 (CVSS 9.9): Critical RCE Flaw Found in Popular Reporting Platform - A critical remote code execution flaw found in a popular reporting platform. Read More
Google's Advanced Protection Program is great, it's a shame the company rarely mentions it - A discussion on Google's Advanced Protection Program. Read More
๐ฃ SecTweet
- Marc Stevens on X - "Here is a 72-byte alphanum MD5 collision with 1-byte difference for fun." Read More
๐ฅ SecVideo
Intro to Lockpicking! - A beginner's guide to lockpicking. Watch Here
GitHub Advanced Security: Code scanning autofix - An overview of GitHub's code scanning and autofix features. Watch Here
๐ป SecGit
jsmug: A PoC code for JSON Smuggling - A proof of concept for smuggling arbitrary files through JSON. Explore on GitHub
DNS-Tunnel-Keylogger - A keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes. Explore on GitHub
uBlockOrigin-HUGE-AI-Blocklist - A huge blocklist of sites containing AI-generated content for uBlock Origin & uBlacklist. Explore on GitHub
grok-1: Grok open release - The open release of Grok. Explore on GitHub
TinyCheck - A tool for capturing and analyzing network communications from smartphones and other devices. Explore on GitHub
SpyGuard - A forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device. Explore on GitHub
For suggestions and any feedback, please contact: securify@rosecurify.com