Seclog - #21
Spotlight: Finding & Exploiting in H.264 Decoders, Fuzzing to JS, The Rule Of 2, Bypassing Amazon Kids+, DevOps threat matrix, LOLDrivers, Twitter Algorithm CVE, Cloudflare's flan, securing JSON.parse, WTFBins, etc.
seclinks
Finding and Exploiting Vulnerabilities in H.264 Decoders
Storing OAuth tokens
How to Fuzz JavaScript with Jest and Jazzer.js
The Rule Of 2
XSS without HTML: Client-Side Template Injection with AngularJS
We put GPT-4 in Semgrep to point out false positives & fix code
Tool Release – shouganaiyo-loader: A Tool to Force JVM Attaches
CAN Injection: keyless car theft
Bypassing Amazon Kids+ Parental Controls
DevOps threat matrix
LOLDrivers
How the Twitter Algorithm works in 2023
A web security story from 2008: silently securing JSON.parse
The Uninvited Guest: IDORs, Garage Doors, and Stolen Secrets
The SSO Wall of Shame | A list of vendors that treat single sign-on as a luxury feature, not a core security requirement.
Apple Patching Two 0-Day Vulnerabilities in iOS and macOS
WTFBins | Home
secvuln
phpMyFAQ Code Injection vulnerability · CVE-2023-1761
HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation · CVE-2023-1782 · GitHub Advisory Database
CVE - CVE-2023-29218
Ax Sharma on Twitter: "BREAKING: eFile..
vx-underground on Twitter: "IntelBroker..."
Matt Jay on Twitter: "YubiKey and FIDO2 auth can make you virtually phishing proof?
Shir Tamari on Twitter: "Continuing the #BingBang thread,
Donncha Ó Cearbhaill on Twitter: "Super proud of our team at @AmnestyTech" / Twitter
secvideo
Abusing IT Management Tools to Create C2
secgit
cloudflare/flan
GoSecure/pyrdp
plackyhacker/Shellcode-Injection-Techniques
musana/fuzzuli
DragoQCC/HardHatC2
d3mondev/burp-vps-proxy
anrbn/GCP-Attack-Defense
elfenware/obliviate-web
chenjiandongx/sniffer
gbrls/kurl
← All Seclogs