"The best defense is not only in strong encryption but in unpredictable behavior." - The Art of Cyber War

📚 SecMisc #

Tiny XSS Payloads – A curated list of tiny, minimalistic XSS payloads for testing and evasion.

Top CVE Trends & Expert Vulnerability Insights | cvemon – Real-time CVE trends and insights from vulnerability intelligence experts.

📰 SecLinks #

Postman is logging all your secrets and environment variables – Discover how Postman may be exposing sensitive variables to logging systems.

Authentication Bypass to RCE in Versa Concerto (0-Day) – Full technical breakdown of a 0-day RCE in Versa Concerto.

Clipjacking: Hacked by copying text – A creative attack method leveraging clipboard copy-paste behavior.

Stored XSS in My Flow To RCE in Opera Browser #2 – Exploiting stored XSS to achieve RCE in Opera's My Flow feature.

Finding and Exploiting 20-year-old bugs in Web Browsers – Slides covering long-lived browser vulnerabilities and exploitation strategies.

Have I Been Pwned 2.0 is Now Live! – Major updates to Troy Hunt’s breach notification platform.

Pressing Buttons with Popups (on Twitch, LinkedIn and more) – Abuse of popups to trigger unauthorized user actions.

Kusto-Mice: Optimizing Kusto joins – Performance tips for better join operations in Kusto Query Language.

Go Cryptography Security Audit – Detailed report on Go language’s cryptographic libraries and audit findings.

The Single-Packet Shovel: Desync Tunnelling – Exploring HTTP request desync for covert tunneling techniques.

Deloitte’s Secure by Design Approach – with Wiz – Integrating secure design principles with modern cloud-native tools.

Don’t Call That “Protected” Method: vBulletin RCE – How a logic flaw in vBulletin led to full RCE.

Reverse Engineering iOS Shortcuts Deeplinks – Analysis of iOS Shortcuts deep linking for exploitation or automation.

🐦 SecX #

The Fake Ledger That Stole Everything | IOC – A gripping thread on a fake hardware wallet that led to total crypto loss.

#OffensiveCon25 videos now up! – Full archive of OffensiveCon 2025 talks now available.

🎥 SecVideo #

Web security is fun (or how I stole your Google Drive files) - Lyra Rebane – Entertaining and educational talk on exploiting cloud document features.

💻 SecGit #

urbanadventurer/urlcrazy – Tool for generating typo variants of domain names to detect phishing.

c1phy/sqltimer – A lightweight and fast scanner for time-based SQL injection detection.

NightBloodz/CVE-2025-4123 – PoC for XSS and SSRF leading to data exfiltration in Grafana.

kapellos/LNKSmuggler – Tool to embed data in .lnk files and wrap them into ZIPs for evasion.

curated-intel/Attribution-to-IP – Collection of methods for IP ownership and attribution analysis.

sw33tLie/uff – A supercharged version of ffuf for fuzzing web directories and APIs.

cybrly/badsuccessor – An experimental project with unclear purpose – watch this one evolve.

← Back to Seclog