📚 SecMisc
OpenSecurityTraining2 - A platform offering free security training courses.
pwn.college - An educational platform for learning cybersecurity through hands-on challenges.
📰 SecLinks
CVE-2024-3094: Critical RCE Vulnerability Found in XZ Utils - A critical remote code execution vulnerability discovered in XZ Utils.
xz-utils backdoor situation - A detailed analysis of a backdoor situation in xz-utils.
Rekt - PrismaFi - REKT - An examination of a security breach in PrismaFi.
A review of zero-day in-the-wild exploits in 2023 - Google's review of zero-day exploits found in the wild in 2023.
Tokens ERC20 et ERC721 - An overview of the ERC20 and ERC721 token standards.
Discovering CVE-2024-28741: Remote code execution on NorthStar C2 agents via pre-auth stored XSS - A report on discovering a remote code execution vulnerability in NorthStar C2 agents.
Attacker Techniques: Gesture Jacking - An exploration of the attacker technique known as gesture jacking.
Meet Cliff Stoll, the Mad Scientist Who Invented the Art of Hunting Hackers - A profile of Cliff Stoll, a pioneer in the field of hunting hackers.
“CVE-2024-21388”- Microsoft Edge’s Marketing API Exploited for Covert Extension Installation - An analysis of a vulnerability in Microsoft Edge's Marketing API.
Linux Crisis Tools - Brendan Gregg's overview of tools for handling crises in Linux systems.
Semgrep: AutoFixes using LLMs - A discussion on using large language models for automatic fixes with Semgrep.
Frida on Java applications and applets in 2024 - A guide on using Frida with Java applications and applets in 2024.
Efficient Security Principle (ESP) - Daniel Miessler's principle for efficient security.
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques - An analysis of a Linux vulnerability in nf_tables.
curl - TLS certificate check bypass with mbedTLS - CVE-2024-2466 - A security advisory for a TLS certificate check bypass in curl using mbedTLS.
Uncovering Malicious Infrastructure with DNS Pivoting - A guide to uncovering malicious infrastructure using DNS pivoting.
The 2FA app that tells you when you get
012345- A discussion on building a 2FA app that detects patterns.HTTP/2 and HTTP/3 explained - AlexandreHTRB blog - An explanation of the HTTP/2 and HTTP/3 protocols.
11 years old linux security bug - A discussion on an 11-year-old Linux security bug.
How SMS Fraud Works and How to Guard Against It - A guide on understanding and guarding against SMS fraud.
📢 SecTweet
Kali Linux on X - "The xz package, starting from version 5.6.0 to 5.6.1, was found to contain a backdoor. The impact of this vulnerability affected Kali between March 26th to March 29th. If you updated your Kali installation on or after March 26th, it is crucial to apply the latest updates today."
thaddeus e. grugq thegrugq@infosec.exchange on X - "On the .xz backdoor. It is hard to see how the developer Jia Tan is innocent. The backdoor was added in 5.6.0 by his account. He contacted Fedora to push them to move to 5.6.0. There was a problem with valgrind, they worked with hi to resolve it. He commits the fix in 5.6.1."
Kei0x on X - "this was my world sim. i miss u friend https://t.co/U9zBFnA0aV"
🎥 SecVideo
- Rust Security - Foundations - YouTube - A YouTube video on the foundations of Rust security.
💻 SecGit
c6fc/npk - A GitHub repository for npk, a tool for security testing.
evkl1d/CVE-2023-46604 - A GitHub repository detailing CVE-2023-46604.
jhaddix/CSPReconGO - A GitHub repository for CSPReconGO, a tool for CSP reconnaissance.
nettitude/pwnlyoffice - A GitHub repository for exploiting ONLYOFFICE implementations.
Notselwyn/CVE-2024-1086 - A GitHub repository for a universal local privilege escalation PoC exploit for CVE-2024-1086.
- >For suggestions and any feedback, please contact: securify@rosecurify.com