Seclog - #68


2 min read

  • Backdooring AMIs for Fun and Profit - Ratnakar Singh explores the potential and pitfalls of backdooring Amazon Machine Images. Read More

  • WIFI Credential Dumping - Techniques to retrieve the Pre-Shared Key (PSK) from a compromised workstation. Read More

  • HTTP/2 CONTINUATION Flood - Technical details of the HTTP/2 CONTINUATION flood attack. Read More

  • The XZ Utils Backdoor (CVE-2024-3094) - Everything you need to know about the XZ Utils backdoor. Read More

  • DJI Mavic 3 Drone Firmware Analysis - A deep dive into the firmware of the DJI Mavic 3 drone. Read More

  • Exploiting Empire C2 Framework - Insights into vulnerabilities within the Empire Command and Control framework. Read More

  • The V8 Sandbox - A look into the sandboxing mechanism of the V8 JavaScript engine. Read More

  • Panning For Gold: Sifting Through Network Logs - Techniques for analyzing network logs for security insights. Read More

  • Azure Redirect URI Takeover Vulnerability - Exploring a vulnerability in Azure's redirect URI handling. Read More

  • Securing Flutter Applications - Best practices for enhancing the security of Flutter applications. Read More

  • 10,000 Bugfixes in 10,000 Days - Reflecting on the milestone of fixing 10,000 bugs. Read More

  • 10 > 64, in QR Codes - Exploring encoding efficiency in QR codes. Read More

  • Fault Injection and the Supply Chain - Analyzing the impact of fault injection attacks on supply chain security. Read More

  • Fine-tuning Semgrep for Ruby Security - Customizing Semgrep rules for Ruby security. Read More

  • Security Research Without Ever Leaving GitHub - Leveraging GitHub for end-to-end security research. Read More

  • The Dangers of AI Agents Unfurling Hyperlinks - Discussing the security risks of AI agents automatically unfurling hyperlinks. Read More

๐Ÿ’ป SecGit

  • xzbot - Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094). Explore on GitHub

  • endlessh-go - A Golang implementation of endlessh exporting Prometheus metrics, visualized by a Grafana dashboard. Explore on GitHub

  • burp2caido - A tool to migrate Burpsuite HTTP history to Caido. Explore on GitHub

  • apkd - APK downloader from a few sources. Explore on GitHub

  • biotime-rce-8.5.5 - Exploit covering several vulnerabilities in BioTime leading to Remote Code Execution or directory traversal. Explore on GitHub

For suggestions and any feedback, please contact: