📚 SecMisc
Introduction | Qubes OS - An overview of Qubes OS, a security-focused operating system that uses Xen-based virtualization. - Read More
2024 Stack Overflow Developer Survey - Insights and trends from the annual survey of developers on Stack Overflow. - Read More
Reverse Engineering For Everyone! - A beginner-friendly guide to reverse engineering by 0xInfection. - Read More
📰 SecLinks
Studying 0days: How we hacked Anki, the world's most popular flashcard app - Exploring the discovery and exploitation of zero-day vulnerabilities in Anki. - Read More
How a double-free bug in WhatsApp turns to RCE - Home - Analysis of a critical double-free vulnerability in WhatsApp leading to remote code execution. - Read More
Looking for vulnerabilities in Strapi (CVE-2024-34065) - Quarkslab's blog - An in-depth look at identifying vulnerabilities in Strapi. - Read More
Give Me the Green Light Part 1: Hacking Traffic Control Systems — Red Threat - A detailed exploration of hacking traffic control systems. - Read More
New 0day found in Telegram : Just One click and you are Hacked - Hacking Blogs - Investigation of a new zero-day vulnerability in Telegram. - Read More
WhatsApp trick: Android malware can impersonate PDF file - Examination of an Android malware that impersonates a PDF file on WhatsApp. - Read More
WebAssembly and Security: a review - A comprehensive review of WebAssembly security issues. - Read More
Roger's Blog – Hacking a 2014 tablet... in 2024! - The challenges and findings of hacking a 2014 tablet in the current year. - Read More
Unfashionably secure: why we use isolated VMs – Thinkst Thoughts - Discussion on the security benefits of using isolated virtual machines. - Read More
Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services – Krebs on Security - How cybercriminals bypassed Google's email verification. - Read More
CVE-2024-6922: Automation 360 Server-Side Request Forgery | Rapid7 Blog - Details on a server-side request forgery vulnerability in Automation 360. - Read More
🎥 SecVideo
Finding criticals in mobile apps - Joel Margolis (0xteknogeek) - Insights on identifying critical vulnerabilities in mobile applications. - Watch Here
CVEs are dead, long live the CVE! - Discussion on the relevance and future of CVEs. - Watch Here
💻 SecGit
AnastasiaStill/CVE-2024-23897 - Repository containing details and proof-of-concept for CVE-2024-23897. - Explore on GitHub
vulncheck-oss/go-exploit: A Go-based Exploit Framework - A framework for developing and executing exploits using Go. - Explore on GitHub
chaifeng/ufw-docker: To fix the Docker and UFW security flaw without disabling iptables - Solution for fixing the security issue between Docker and UFW. - Explore on GitHub
yandex-cloud-examples/yc-webinar-pt-application-firewall-ha-operations: Материалы к вебинару «Отказоустойчивая эксплуатация PT Application Firewall на базе Yandex Cloud» - Materials from a webinar on operating PT Application Firewall on Yandex Cloud. - Explore on GitHub
factionsecurity/faction: Pen Test Report Generation and Assessment Collaboration - A tool for generating penetration test reports and facilitating assessment collaboration. - Explore on GitHub
For suggestions and any feedback, please contact: securify@rosecurify.com