Seclog - #96

ยท

3 min read

"A network without shadows is a fortress in daylight; its enemies are hidden in plain sight." - The Art of Cyber War

๐Ÿ“š SecMisc

  • End-to-End Encrypted Cloud Storage in the Wild: A Broken Ecosystem - An analysis of the current state of encrypted cloud storage solutions. Read More
  • Class Pollution in Ruby: A Deep Dive into Exploiting Recursive Merges - Exploring security vulnerabilities in Ruby's recursive merge operations. Read More

  • Exploiting trust: Weaponizing permissive CORS configurations - Examining the security risks associated with overly permissive CORS settings. Read More

  • Google Cloud launches new Vulnerability Rewards Program - Details on Google Cloud's initiative to enhance security through bug bounties. Read More

  • Exploiting Microsoft Teams on macOS during a Purple Team engagement - A case study on uncovering vulnerabilities in Microsoft Teams for macOS. Read More

  • Should We Chat, Too? Security Analysis of WeChat's MMTLS Encryption Protocol - An in-depth look at the security measures in WeChat's encryption protocol. Read More

  • Sandbox escape from extensions due to insufficient checks in Chrome - Details on a security vulnerability in Chrome's extension system. Read More

  • Node.js fuzzing audit - Comprehensive security audit report for Node.js. Read More

  • Cloud native incident response in AWS - Part II - Strategies for handling security incidents in AWS environments. Read More

  • 3 ways to get Remote Code Execution in Kafka UI - Exploring vulnerabilities in Kafka UI that could lead to RCE. Read More

  • Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA - Analysis of a sophisticated attack on Ivanti Connect Secure Appliance. Read More

  • CloudGoat: New Scenario and Walkthrough (sns_secrets) - A new AWS security scenario for training purposes. Read More

  • Turning AWS Documentation into Gold: AI-Assisted Security Research - Leveraging AI for more effective AWS security research. Read More

  • Finding Vulnerability Variants at Scale - Techniques for identifying similar vulnerabilities across large codebases. Read More

  • Cobalt Strike - CDN / Reverse Proxy Setup - Guide on setting up Cobalt Strike with CDN and reverse proxy. Read More

๐Ÿฆ SecX

  • Baptiste Robert on the arrest of "USDoD" - OSINT breakdown of how a famous hacker's identity was uncovered. Read More

  • Denis Shilov on GPT-4 jailbreak - Sharing a simple method to bypass GPT-4 content restrictions. Read More

  • Erlend Oftedal on WiFi Pineapple XSS - Recounting an XSS vulnerability discovery in WiFi Pineapple's admin GUI. Read More

๐ŸŽฅ SecVideo

  • Interview with Aytek -HolyOne- รœstรผndaฤŸ, Founder of Tahribat.com - An in-depth conversation with the creator of a prominent Turkish hacking and security forum. Watch Here

  • DEF CON 32 - Winning the Game of Active Directory - Brandon Colley's presentation on Active Directory security strategies. Watch Here

๐Ÿ’ป SecGit

  • adanalvarez/TrailDiscover - A repository of CloudTrail events with detailed security insights. Explore on GitHub

  • anchore/syft - CLI tool for generating Software Bill of Materials from container images and filesystems. Explore on GitHub

  • mllamazares/vulncov - Tool to correlate Semgrep scans with Python test coverage for prioritizing SAST findings. Explore on GitHub

  • protectai/vulnhuntr - Zero-shot vulnerability discovery using LLMs. Explore on GitHub

For suggestions and any feedback, please contact: securify@rosecurify.com

ย