ROSECURIFY

Seclog - #25

A $1,000,000 bounty? The KuCoin User Information Leak

Real World Crypto 2023 Recap | Trail of Bits Blog

Why is OAuth still hard in 2023?

PassGAN: A Deep Learning Approach for Password Guessing

How to fix a ReDoS | The GitHub Blog

Cyberowl | CyberOwl

SLSA • SLSA specification

CS:GO: From Zero to 0-day — Neodyme

Privilege Escalations through Integrations

Introducing resocks - An Encrypted Back-Connect SOCKS Proxy for Network Pivoting

Bypass IIS Authorisation with this One Weird Trick - Three RCEs and Two Auth Bypasses in Sitecore 9.3

Dependabot Confusion: Gaining Access to Private GitHub Repositories using Dependabot

Azure DevOps CICD Pipelines - Command Injection with Parameters, Variables and a discussion on Runner hijacking

Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike

0VIX Exploit Post-Mortem & Steps to Recovery

Remediating AWS IMDSv1

Cross Site Smallish Scripting (XSSS)

Russian Hacker “Wazawaka” Indicted for Ransomware – Krebs on Security

Google Online Security Blog: New Android & Google Device Vulnerability Reward Program Initiatives

Testing Zero Touch Production Platforms and Safe Proxies

Security-by-Design and -Default

secvideo #

Prompt Injection, explained

DEF CON 23 - Dennis Maldonado - Are We Really Safe? - Bypassing Access Control Systems

secgit #

Fizzadar/pyinfra

racepwn/racepwn

GyulyVGC/sniffnet

Subscribe to Seclog

Weekly security analysis direct to your inbox.

Share
← All Seclogs

Press / to search, Esc to close