๐ฐ SecLinks
Backdooring AMIs for Fun and Profit - Ratnakar Singh explores the potential and pitfalls of backdooring Amazon Machine Images. Read More
WIFI Credential Dumping - Techniques to retrieve the Pre-Shared Key (PSK) from a compromised workstation. Read More
HTTP/2 CONTINUATION Flood - Technical details of the HTTP/2 CONTINUATION flood attack. Read More
The XZ Utils Backdoor (CVE-2024-3094) - Everything you need to know about the XZ Utils backdoor. Read More
DJI Mavic 3 Drone Firmware Analysis - A deep dive into the firmware of the DJI Mavic 3 drone. Read More
Exploiting Empire C2 Framework - Insights into vulnerabilities within the Empire Command and Control framework. Read More
The V8 Sandbox - A look into the sandboxing mechanism of the V8 JavaScript engine. Read More
Panning For Gold: Sifting Through Network Logs - Techniques for analyzing network logs for security insights. Read More
Azure Redirect URI Takeover Vulnerability - Exploring a vulnerability in Azure's redirect URI handling. Read More
Securing Flutter Applications - Best practices for enhancing the security of Flutter applications. Read More
10,000 Bugfixes in 10,000 Days - Reflecting on the milestone of fixing 10,000 bugs. Read More
10 > 64, in QR Codes - Exploring encoding efficiency in QR codes. Read More
Fault Injection and the Supply Chain - Analyzing the impact of fault injection attacks on supply chain security. Read More
Fine-tuning Semgrep for Ruby Security - Customizing Semgrep rules for Ruby security. Read More
Security Research Without Ever Leaving GitHub - Leveraging GitHub for end-to-end security research. Read More
The Dangers of AI Agents Unfurling Hyperlinks - Discussing the security risks of AI agents automatically unfurling hyperlinks. Read More
๐ป SecGit
xzbot - Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094). Explore on GitHub
endlessh-go - A Golang implementation of endlessh exporting Prometheus metrics, visualized by a Grafana dashboard. Explore on GitHub
burp2caido - A tool to migrate Burpsuite HTTP history to Caido. Explore on GitHub
apkd - APK downloader from a few sources. Explore on GitHub
biotime-rce-8.5.5 - Exploit covering several vulnerabilities in BioTime leading to Remote Code Execution or directory traversal. Explore on GitHub
For suggestions and any feedback, please contact: securify@rosecurify.com