Seclog - #13

seclinks #

Publisher’s Weekly Review of A Hacker’s Mind - Schneier on Security

Pwning the all Google phone with a non-Google bug

Hacking Redis for fun and CTF points

Learn to build it, then break it - EdOverflow

SSH key injection in Google Cloud Compute Engine [Google VRP]

Towards a global framework for cross-border data flows and privacy protection

(DRAFT) Fearless CORS: a design philosophy for CORS middleware libraries (and a Go implementation)

RedTeam Pentesting GmbH - Skyhigh Security Secure Web Gateway: Cross-Site Scripting in Single Sign-On Plugin

Account Takeover in KAYAK

Errata Security: I'm still bitter about Slammer

Using 0days to Protect the United Nations

MyBB <= 1.8.31: Remote Code Execution Chain

Finding the right piece of code -

2022 Microsoft Teams RCE

Bitwarden design flaw: Server side iterations

A Look at AWS API Protocols

Adding security headers to your SvelteKit application - EdOverflow

Simple Parenting Hacks: Tips and Scripts from a Hacker Dad · rez0

secvideo #

Empathy, Bitwarden, Lexmark, Exchange, Dragonbridge, & Derek Johnson Talks About Hive - SWN #269

From zero to 6-digit bug bounty earnings in 1 year - Johan Carlsson - BBRD podcast #3

sectool #

Pashword - Passwords Done Right

USB Dongle Authentication

Home - Unprotect Project

secgit #

jeffssh/KACE-SMA-RCE: Fully functional exploit for a preauth RCE as root chain demonstrated and discussed at DEFCON 30

praetorian-inc/gato: GitHub Self-Hosted Runner Enumeration and Attack Tool

Checkmarx/capital: A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.

s0md3v/Parth: Heuristic Vulnerable Parameter Scanner

eddiechu/File-Smuggling: HTML smuggling is not an evil, it can be useful

projectdiscovery/pdtm: ProjectDiscovery's Open Source Tool Manager

jhy/jsoup: jsoup: the Java HTML parser, built for HTML editing, cleaning, scraping, and XSS safety.

Suggestions & Feedback

Enjoyed this post? Subscribe to Seclog for more in-depth security analysis and updates.

For any suggestions or feedback, please contact us at: [email protected]

Subscribe to Seclog

Enjoyed this post? Subscribe for more in-depth security analysis and updates direct to your inbox.

No spam. Only high-security insights. Unsubscribe at any time.

Share this Seclog:

← Back to Seclog