Seclog - #14
seclinks #
DOM-XSS in Instant Games due to improper verification of supplied URLs – Youssef Sammouda
How I Hacked my Car Part 3: Making Software :: Programming With Style
Security Advisory: Remote Command Execution in binwalk - ONEKEY
Unserializable, but unreachable: Remote code execution on vBulletin
Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI – Assetnote
Google Online Security Blog: Taking the next step: OSS-Fuzz in 2023
What happened to CVE-2022-23529? And what can we learn from it?
Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails – Assetnote
The Good, Bad and Compromisable Aspects of Linux eBPF - Pentera
(Web-)Insecurity Blog | SSO Gadgets: Escalate (Self-)XSS to ATO
secvuln #
VMware Workstation update addresses an arbitrary file deletion vulnerability (CVE-2023-20854)
Jira Service Management Server and Data Center Advisory (CVE-2023-22501)
sectool #
secvideo #
DEF CON 29 - Guillaume Fournier, Sylvain Afchain, Sylvain Baubeau - eBPF, I thought we were friends!
secgit #
A-poc/RedTeam-Tools: Tools and Techniques for Red Team / Penetration Testing
GhostManager/Ghostwriter: The SpecterOps project management and reporting engine
ThePorgs/Exegol: Fully featured and community-driven hacking environment
adityatelange/bhhb: Tool to view HTTP history exported from Burp Suite Community Edition
← All SeclogsEsonhugh/sshd_backdoor: /root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook.