Seclog - #14
seclinks #
DOM-XSS in Instant Games due to improper verification of supplied URLs β Youssef Sammouda
How I Hacked my Car Part 3: Making Software :: Programming With Style
Security Advisory: Remote Command Execution in binwalk - ONEKEY
Unserializable, but unreachable: Remote code execution on vBulletin
Exploiting Hardcoded Keys to achieve RCE in Yellowfin BI β Assetnote
Google Online Security Blog: Taking the next step: OSS-Fuzz in 2023
What happened to CVE-2022-23529? And what can we learn from it?
Pre-Auth RCE in Aspera Faspex: Case Guide for Auditing Ruby on Rails β Assetnote
The Good, Bad and Compromisable Aspects of Linux eBPF - Pentera
(Web-)Insecurity Blog | SSO Gadgets: Escalate (Self-)XSS to ATO
secvuln #
VMware Workstation update addresses an arbitrary file deletion vulnerability (CVE-2023-20854)
Jira Service Management Server and Data Center Advisory (CVE-2023-22501)
sectool #
secvideo #
DEF CON 29 - Guillaume Fournier, Sylvain Afchain, Sylvain Baubeau - eBPF, I thought we were friends!
secgit #
A-poc/RedTeam-Tools: Tools and Techniques for Red Team / Penetration Testing
GhostManager/Ghostwriter: The SpecterOps project management and reporting engine
ThePorgs/Exegol: Fully featured and community-driven hacking environment
adityatelange/bhhb: Tool to view HTTP history exported from Burp Suite Community Edition
Esonhugh/sshd_backdoor: /root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook.
Enjoyed this post? Subscribe to Seclog for more in-depth security analysis and updates.
For any suggestions or feedback, please contact us at: [email protected]Subscribe to Seclog
Enjoyed this post? Subscribe for more in-depth security analysis and updates direct to your inbox.
No spam. Only high-security insights. Unsubscribe at any time.