Seclog - #75

📚 SecMisc

  • DNSBomb - Exploit various DNS server vulnerabilities for network penetration testing. Read More

📰 SecLinks

  • LangChain JS Arbitrary File Read Vulnerability - Discusses a critical vulnerability in LangChain JS allowing arbitrary file reads. Read More

  • Old new email attacks - Slonser Notes - Analysis of old and new techniques in email attacks. Read More

  • Abusing URL handling in iTerm2 and Hyper for code execution - Exploiting URL handlers in terminal emulators for arbitrary code execution. Read More

  • Exploit Archeology - Exploiting an old unknown Server Side Browser | Alex Chapman’s Blog - Techniques for exploiting an old server-side browser. Read More

  • CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js — Codean Labs - Details on a vulnerability in PDF.js allowing arbitrary JavaScript execution. Read More

  • Exploiting CVE-2024-32002: RCE via git clone | Amal Murali - A deep dive into a remote code execution vulnerability through git clone. Read More

  • Cyber Security: A Pre-War Reality Check - Bert Hubert's writings - Reflections on cybersecurity in the context of geopolitical tensions. Read More

  • Password cracking: past, present, future (OffensiveCon 2024) - Comprehensive insights into the evolution of password cracking techniques. Read More

  • CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive – Horizon3.ai - Analyzing a command injection vulnerability in Fortinet FortiSIEM. Read More

  • Holes in Your Bitbucket: Why Your CI/CD Pipeline Is Leaking Secrets | Google Cloud Blog - Investigating secret leakage issues in Bitbucket CI/CD pipelines. Read More

  • ChatGPT: Hacking Memories with Prompt Injection · Embrace The Red - Exploring vulnerabilities in ChatGPT's memory through prompt injection. Read More

  • Random thoughts on physical security measures – DiabloHorn - Discussing various physical security measures and their effectiveness. Read More

🐦 SecTweet

  • Cybertruck Design Flaw Alert - Highlighting a significant design flaw in Cybertruck that causes unintended acceleration due to the accelerator pedal issue. Watch Here

🎥 SecVideo

  • Backdooring Keras Models and How to Detect It (Machine Learning Attack Series) - Insights into backdooring Keras models and detection techniques. Watch Here

💻 SecGit

  • scalar/scalar - Beautiful API references from OpenAPI/Swagger files ✨ Explore on GitHub

  • hmgle/graftcp - A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy. Explore on GitHub

  • FoxIO-LLC/ja4 - JA4+ is a suite of network fingerprinting standards. Explore on GitHub

  • idealeer/xmap - XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning. Explore on GitHub

  • mozillazg/ptcpdump - Process-aware, eBPF-based tcpdump. Explore on GitHub


For suggestions and any feedback, please contact: securify@rosecurify.com