Spotlight: Finding & Exploiting in H.264 Decoders, Fuzzing to JS, The Rule Of 2, Bypassing Amazon Kids+, DevOps threat matrix, LOLDrivers, Twitter Algorithm CVE, Cloudflare's flan, securing JSON.parse, WTFBins, etc.

seclinks #

Finding and Exploiting Vulnerabilities in H.264 Decoders

Storing OAuth tokens

How to Fuzz JavaScript with Jest and Jazzer.js

The Rule Of 2

XSS without HTML: Client-Side Template Injection with AngularJS

We put GPT-4 in Semgrep to point out false positives & fix code

Tool Release – shouganaiyo-loader: A Tool to Force JVM Attaches

CAN Injection: keyless car theft

Bypassing Amazon Kids+ Parental Controls

DevOps threat matrix

LOLDrivers

How the Twitter Algorithm works in 2023

A web security story from 2008: silently securing JSON.parse

The Uninvited Guest: IDORs, Garage Doors, and Stolen Secrets

The SSO Wall of Shame | A list of vendors that treat single sign-on as a luxury feature, not a core security requirement.

Apple Patching Two 0-Day Vulnerabilities in iOS and macOS

WTFBins | Home

secvuln #

phpMyFAQ Code Injection vulnerability · CVE-2023-1761

HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation · CVE-2023-1782 · GitHub Advisory Database

CVE - CVE-2023-29218

sectweet #

Ax Sharma on Twitter: "BREAKING: eFile..

vx-underground on Twitter: "IntelBroker..."

Matt Jay on Twitter: "YubiKey and FIDO2 auth can make you virtually phishing proof?

Shir Tamari on Twitter: "Continuing the #BingBang thread,

Donncha Ó Cearbhaill on Twitter: "Super proud of our team at @AmnestyTech" / Twitter

secvideo #

Abusing IT Management Tools to Create C2

secgit #

cloudflare/flan

GoSecure/pyrdp

plackyhacker/Shellcode-Injection-Techniques

musana/fuzzuli

DragoQCC/HardHatC2

d3mondev/burp-vps-proxy

anrbn/GCP-Attack-Defense

elfenware/obliviate-web

chenjiandongx/sniffer

gbrls/kurl

← Back to Seclog