"The art of cyber war is knowing when to strike… and when to reboot." - The Art of Cyber War

📚 SecMisc

Disclosed ․ Online – Directory that aggregates bug-bounty researcher profiles from HackerOne, Bugcrowd, GitHub, and more. (reddit.com)

Have I Been Squatted? – Fast typosquatting-discovery tool that maps look-alike domains and offers defence guidance. (haveibeensquatted.com)

📰 SecLinks

On the 10th Anniversary of the Snowden Revelations – Updated retrospective on key NSA leaks and their continuing impact (updated 7 Apr 2025). (electrospaces.net)

Incident Response in AWS: Scoping Strategies – Fresh Medium post (6 days ago) showing how to pivot on CloudTrail artefacts for rapid scoping. (medium.com)

Covert Web-to-App Tracking via Localhost on Android – Research revealing Meta & Yandex apps quietly listening on fixed local ports for tracking. (localmess.github.io)

Roundcube ≤ 1.6.10 Post-Auth RCE (CVE-2025-49113) – Deep dive into a PHP deserialization flaw that yields full remote code-execution. (fearsoff.org)

Analyzing IPv4 Trades with gnuplot – Demo project exploring IPv4 supply-and-demand trends during the IPv6 transition. (ipv4a-5539ad.gitlab.io)

The Ultimate Guide to JWT Vulnerabilities & Attacks – Hands-on PentesterLab guide to exploiting and defending JWT flaws. (pentesterlab.com)

AI bugSWAT in Tokyo & 2025 Hacker Roadshow – Google Bug Hunters’ inside look at their live AI hacking event and top findings. (x.com)

🐦 SecX

“I left a server online with VNC wide open…” – James Woolley shares what attackers did when handed an exposed VNC box. (x.com)

🎥 SecVideo

Undercover Journalist Unpacks Essential Tools to Escape Detection – Practical OPSEC tips for reporters working in hostile environments. (youtube.com)

💻 SecGit

frida-script-gen – CLI that scans Android APKs for root/SSL-pinning checks and auto-generates Frida bypass hooks. (github.com)

assetnote/surf – Go tool that filters massive host lists to surface cloud-based SSRF candidates for escalation. (github.com)

← Back to Seclog