๐ SecMisc
The CloudSec Engineer - Resources and articles for cloud security engineers. - Read More
Entities allowed between function calls - Shazzer - Analysis of security implications of entities allowed between function calls. - Read More
๐ฐ SecLinks
Putting the C2 in C2loudflare | JUMPSEC LABS - An exploration of using Cloudflare for C2 infrastructure. - Read More
Why I attack - Insights into the motivations behind security attacks. - Read More
The security prioritization paradox - Discussing the challenges in prioritizing security tasks. - Read More
Hacking Amazon's eero 6 (part 2) | Markuta - Part two of the series on hacking Amazon's eero 6. - Read More
17 vulnerabilities in Sharp Multi-Function Printers - IT Security Research by Pierre - Detailed analysis of vulnerabilities in Sharp printers. - Read More
Exploiting GCP Cloud Build for Privilege Escalation - Techniques for escalating privileges in GCP Cloud Build. - Read More
Polyfill.ioSupply Chain Attack: How Over 100,000 Websites Were Compromised and What You Need to Know - ThreatMon Blog - Examination of a significant supply chain attack. - Read More
Reddit & HackerOne Bug Bounty Announcement : r/redditsecurity - Announcement of Reddit's bug bounty program. - Read More
Holograph exploited for more than $1.2 million - Details on the Holograph exploit incident. - Read More
Breaking caches and bypassing Istio RBAC with HTTP response header injection | Snyk - Techniques for cache breaking and RBAC bypass. - Read More
Publicly Exposed AWS SSM Command Documents โ High Signal Security โ YAIB (Yet Another Infosec blog) - Discussion on exposed AWS SSM command documents. - Read More
Project Zero: Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models - Evaluating LLMs for offensive security. - Read More
Zip Slip meets Artifactory: A Bug Bounty Story | Karma(In)Security - Bug bounty story involving Zip Slip and Artifactory. - Read More
1-click Exploit in South Korea's biggest mobile chat app | stulle123's Blog - Account takeover exploit in KakaoTalk. - Read More
Kubernetes Cluster Security - Nuclei Templates v9.9.0 ๐ - Latest templates for Kubernetes security. - Read More
Under the Hood: Exploring the Architecture and Security Risks of Large Language Models - Presentation on the security risks of LLMs. - Read More
๐ป SecGit
domain-protect/domain-protect: OWASP Domain Protect - prevent subdomain takeover - A tool to prevent subdomain takeover. - Explore on GitHub
Trigii/MacHawkEye: Engine for analyzing binaries on macOS systems to identify potential vulnerabilities - Tool for analyzing macOS binaries for vulnerabilities. - Explore on GitHub
FLOCK4H/AtomDucky: WiFi Rubber Ducky with a web interface using CircuitPython - WiFi Rubber Ducky with a web interface. - Explore on GitHub
VolkanSah/GPT-Security-Best-Practices: The purpose of this document is to outline the security risks and vulnerabilities that may arise when implementing ChatGPT in web applications and to provide best practices for mitigating these risks. - Security best practices for implementing ChatGPT in web applications. - Explore on GitHub
For suggestions and any feedback, please contact: securify@rosecurify.com