Seclog - #71

Good luck is another name for tenacity of purpose. — Ralph Waldo Emerson

📚 SecMisc

  • Search for leaked passwords inside the largest dataset of all time (Combination Of Many Breaches) - This platform allows you to search for leaked passwords in a combined dataset of major breaches. Read More

  • SadServers - Linux & DevOps Troubleshooting Interviews - Linux and DevOps troubleshooting interviews. Read More

  • ESPHome - ESPHome is a system for controlling your ESP8266/ESP32-based devices in Home Assistant. Read More

  • Start Your Own ISP - A comprehensive guide to help you start your own Internet Service Provider. Read More

📰 SecLinks

  • 10 Things Your First Security Hire Shouldn’t Do - Exploring ten things your first security hire shouldn't do. Read More

  • (The) Postman Carries Lots of Secrets - Insights into secrets carried by the Postman. Read More

  • Baldur - Exploration of embedded Mitel exploitation. Read More

  • LLM Agents can Autonomously Exploit One-day Vulnerabilities - Details on LLM Agents autonomously exploiting one-day vulnerabilities. Read More

  • Multiple Vulnerabilities in Open Devin (Autonomous AI Software Engineer) - Discussion on multiple vulnerabilities in Open Devin. Read More

  • How we escalated a DOM XSS to a sophisticated 1-click Account Takeover for $8000 - Part 1 - A detailed account of escalating a DOM XSS to a sophisticated account takeover. Read More

  • What’s new in security for Ubuntu 24.04 LTS? - Updates on security features in Ubuntu 24.04 LTS. Read More

  • 18 vulnerabilities in Brocade SANnav - IT Security Research by Pierre - Analysis of 18 vulnerabilities in Brocade SANnav. Read More

  • GitLab affected by GitHub-style CDN flaw allowing malware hosting - Details on GitLab being affected by a GitHub-style CDN flaw. Read More

  • IPv6 for the remotely interested - Introduction to IPv6 for the remotely interested. Read More

  • Unauthenticated CrushFTP Zero-Day Enables Complete Server Compromise - Insights into an unauthenticated CrushFTP zero-day vulnerability. Read More

  • Comparison and Evaluation on Static Application Security Testing (SAST) Tools for Java - Analysis of SAST tools for Java. Read More

  • DevSecOps Best Practices- Secure Everything You Have - Best practices for securing everything in DevSecOps. Read More

  • GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining - Insights into GuptiMiner hijacking antivirus updates. Read More

💻 SecGit

  • Microsoft/MS-DOS - The original sources of MS-DOS 1.25, 2.0, and 4.0 for reference purposes. Explore on GitHub

  • CVE-2024-21111: Oracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability - Vulnerability details regarding Oracle VirtualBox. Explore on GitHub

For suggestions and any feedback, please contact: securify@rosecurify.com