Seclog - #84

📚 SecMisc

  • Introduction | Qubes OS - An overview of Qubes OS, a security-focused operating system that uses Xen-based virtualization. - Read More

  • 2024 Stack Overflow Developer Survey - Insights and trends from the annual survey of developers on Stack Overflow. - Read More

  • Reverse Engineering For Everyone! - A beginner-friendly guide to reverse engineering by 0xInfection. - Read More

  • Studying 0days: How we hacked Anki, the world's most popular flashcard app - Exploring the discovery and exploitation of zero-day vulnerabilities in Anki. - Read More

  • How a double-free bug in WhatsApp turns to RCE - Home - Analysis of a critical double-free vulnerability in WhatsApp leading to remote code execution. - Read More

  • Looking for vulnerabilities in Strapi (CVE-2024-34065) - Quarkslab's blog - An in-depth look at identifying vulnerabilities in Strapi. - Read More

  • Give Me the Green Light Part 1: Hacking Traffic Control Systems — Red Threat - A detailed exploration of hacking traffic control systems. - Read More

  • New 0day found in Telegram : Just One click and you are Hacked - Hacking Blogs - Investigation of a new zero-day vulnerability in Telegram. - Read More

  • WhatsApp trick: Android malware can impersonate PDF file - Examination of an Android malware that impersonates a PDF file on WhatsApp. - Read More

  • WebAssembly and Security: a review - A comprehensive review of WebAssembly security issues. - Read More

  • Roger's Blog – Hacking a 2014 tablet... in 2024! - The challenges and findings of hacking a 2014 tablet in the current year. - Read More

  • Unfashionably secure: why we use isolated VMs – Thinkst Thoughts - Discussion on the security benefits of using isolated virtual machines. - Read More

  • Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services – Krebs on Security - How cybercriminals bypassed Google's email verification. - Read More

  • CVE-2024-6922: Automation 360 Server-Side Request Forgery | Rapid7 Blog - Details on a server-side request forgery vulnerability in Automation 360. - Read More

🎥 SecVideo

  • Finding criticals in mobile apps - Joel Margolis (0xteknogeek) - Insights on identifying critical vulnerabilities in mobile applications. - Watch Here

  • CVEs are dead, long live the CVE! - Discussion on the relevance and future of CVEs. - Watch Here

💻 SecGit

  • AnastasiaStill/CVE-2024-23897 - Repository containing details and proof-of-concept for CVE-2024-23897. - Explore on GitHub

  • vulncheck-oss/go-exploit: A Go-based Exploit Framework - A framework for developing and executing exploits using Go. - Explore on GitHub

  • chaifeng/ufw-docker: To fix the Docker and UFW security flaw without disabling iptables - Solution for fixing the security issue between Docker and UFW. - Explore on GitHub

  • yandex-cloud-examples/yc-webinar-pt-application-firewall-ha-operations: Материалы к вебинару «Отказоустойчивая эксплуатация PT Application Firewall на базе Yandex Cloud» - Materials from a webinar on operating PT Application Firewall on Yandex Cloud. - Explore on GitHub

  • factionsecurity/faction: Pen Test Report Generation and Assessment Collaboration - A tool for generating penetration test reports and facilitating assessment collaboration. - Explore on GitHub

For suggestions and any feedback, please contact: securify@rosecurify.com