"A network without shadows is a fortress in daylight; its enemies are hidden in plain sight." - The Art of Cyber War
๐ SecMisc
- End-to-End Encrypted Cloud Storage in the Wild: A Broken Ecosystem - An analysis of the current state of encrypted cloud storage solutions. Read More
๐ฐ SecLinks
Class Pollution in Ruby: A Deep Dive into Exploiting Recursive Merges - Exploring security vulnerabilities in Ruby's recursive merge operations. Read More
Exploiting trust: Weaponizing permissive CORS configurations - Examining the security risks associated with overly permissive CORS settings. Read More
Google Cloud launches new Vulnerability Rewards Program - Details on Google Cloud's initiative to enhance security through bug bounties. Read More
Exploiting Microsoft Teams on macOS during a Purple Team engagement - A case study on uncovering vulnerabilities in Microsoft Teams for macOS. Read More
Should We Chat, Too? Security Analysis of WeChat's MMTLS Encryption Protocol - An in-depth look at the security measures in WeChat's encryption protocol. Read More
Sandbox escape from extensions due to insufficient checks in Chrome - Details on a security vulnerability in Chrome's extension system. Read More
Node.js fuzzing audit - Comprehensive security audit report for Node.js. Read More
Cloud native incident response in AWS - Part II - Strategies for handling security incidents in AWS environments. Read More
3 ways to get Remote Code Execution in Kafka UI - Exploring vulnerabilities in Kafka UI that could lead to RCE. Read More
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA - Analysis of a sophisticated attack on Ivanti Connect Secure Appliance. Read More
CloudGoat: New Scenario and Walkthrough (sns_secrets) - A new AWS security scenario for training purposes. Read More
Turning AWS Documentation into Gold: AI-Assisted Security Research - Leveraging AI for more effective AWS security research. Read More
Finding Vulnerability Variants at Scale - Techniques for identifying similar vulnerabilities across large codebases. Read More
Cobalt Strike - CDN / Reverse Proxy Setup - Guide on setting up Cobalt Strike with CDN and reverse proxy. Read More
๐ฆ SecX
Baptiste Robert on the arrest of "USDoD" - OSINT breakdown of how a famous hacker's identity was uncovered. Read More
Denis Shilov on GPT-4 jailbreak - Sharing a simple method to bypass GPT-4 content restrictions. Read More
Erlend Oftedal on WiFi Pineapple XSS - Recounting an XSS vulnerability discovery in WiFi Pineapple's admin GUI. Read More
๐ฅ SecVideo
Interview with Aytek -HolyOne- รstรผndaฤ, Founder of Tahribat.com - An in-depth conversation with the creator of a prominent Turkish hacking and security forum. Watch Here
DEF CON 32 - Winning the Game of Active Directory - Brandon Colley's presentation on Active Directory security strategies. Watch Here
๐ป SecGit
adanalvarez/TrailDiscover - A repository of CloudTrail events with detailed security insights. Explore on GitHub
anchore/syft - CLI tool for generating Software Bill of Materials from container images and filesystems. Explore on GitHub
mllamazares/vulncov - Tool to correlate Semgrep scans with Python test coverage for prioritizing SAST findings. Explore on GitHub
protectai/vulnhuntr - Zero-shot vulnerability discovery using LLMs. Explore on GitHub
For suggestions and any feedback, please contact: securify@rosecurify.com