📰 SecLinks #

Hacking Kerio Control via CVE-2024-52875: from CRLF Injection to 1-click RCE Exploring how CRLF Injection leads to remote code execution vulnerabilities in Kerio Control. Read More

How to build an offensive AI security agent A guide to crafting AI-powered agents for offensive security operations. Read More

Home Assistant can not be secured for internet access A critical analysis of Home Assistant's internet access vulnerabilities. Read More

Tic TAC - Beware of your scan Insights into security risks during scanning processes. Read More

The Role of Fuzzy Hashes in Security Operations Uncovering the potential of fuzzy hashes in identifying security threats. Read More

I’m Lovin’ It: Exploiting McDonald’s APIs Examining vulnerabilities in McDonald’s API that allow delivery hijacking and penny orders. Read More

Django security hardenings that are not happening A detailed review of missed security enhancements in Django. Read More

Lesser known techniques for large-scale subdomain enum Advanced techniques for subdomain enumeration. Read More

How an obscure PHP footgun led to RCE in Craft CMS Investigating a PHP vulnerability that caused remote code execution in Craft CMS. Read More

Another JWT Algorithm Confusion Vulnerability: CVE-2024-54150 Discovering a JWT algorithm confusion vulnerability. Read More

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm Analysis of the Araneida hacking service and its links to Turkish IT firms. Read More

🐦 SecX #

My LLM analyzed a vulnerability in a Linux library and created a PoC! Advanced LLM capabilities in identifying and exploiting Linux vulnerabilities. Read More

💻 SecGit #

TrustedSec - Hate Crack A tool for automating cracking methodologies through Hashcat. Explore on GitHub

FindMy.py A comprehensive tool to query Apple's FindMy network. Explore on GitHub

For suggestions and feedback, please contact: [email protected]

← Back to Seclog