Seclog - #128

"The most effective attack is not in the virus you deploy, but in the backdoor they never find." - The Art of Cyber War

Dom-Explorer - A handy interactive tool to inspect DOM-based XSS vectors with practical exploration examples. Read More

Puny-Code Vulnerabilities & Account Takeover – A fascinating case of 0-click account takeover using puny-code encoding abuse. Read More

Offensive Threat Intelligence – Discussing how to leverage offensive capabilities for enhanced CTI operations. Read More

Remote Prompt Injection in GitLab Duo – An attack method leading to source code exfiltration via LLM prompt injection. Read More

BadSuccessor (dMSA Abuse in AD) – Escalating privileges in Active Directory via delegation misconfigurations. Read More

Commit Stomping – A clever way to manipulate Git history for stealthy backdoors. Read More

Persistent WeChat Client-Side Attack – Exploiting a single WeChat message for long-term client-side compromise. Read More

GitHub MCP Exploited – Critical vulnerability allowing access to private GitHub repos via MCP. Read More

XSSing TypeErrors in Safari – A deep dive into an unusual XSS vector using TypeErrors in Safari. Read More

Gareth Heyes on Safari XSS Vector – Can you spot the Safari-only XSS vector before checking the solution? Watch Here

Today In Infosec – "Realm of the Hackers" Documentary (2003) – The story of Australian teen hackers Electron & Phoenix. Watch Here

Today In Infosec – "Hackers: Heroes" Book Anniversary (2010) – Throwback to the iconic 1984 hacker culture publication. Read More

Abusing Historical DNS Records – Mustafa walks through how DNS history can be weaponized in red teaming. Watch Here

Preventing AI Hallucinations – The Cloudcast podcast explores strategies to reduce LLM hallucinations. Listen Here

OperantAI/woodpecker – A red teaming toolkit focusing on AI and cloud environments. Explore on GitHub

silverhack/monkey365 – All-in-one security auditing for Microsoft 365, Azure, and Entra ID. Explore on GitHub

macalbert/envilder – A secure CLI for managing environment variables via AWS SSM. Explore on GitHub

Suggestions & Feedback

Enjoyed this post? Subscribe to Seclog for more in-depth security analysis and updates.

For any suggestions or feedback, please contact us at: [email protected]

Enjoyed this post? Subscribe for more in-depth security analysis and updates direct to your inbox.

No spam. Only high-security insights. Unsubscribe at any time.

Share this Seclog: