Seclog - #25

A $1,000,000 bounty? The KuCoin User Information Leak

Real World Crypto 2023 Recap | Trail of Bits Blog

Why is OAuth still hard in 2023?

PassGAN: A Deep Learning Approach for Password Guessing

How to fix a ReDoS | The GitHub Blog

Cyberowl | CyberOwl

SLSA • SLSA specification

CS:GO: From Zero to 0-day — Neodyme

Privilege Escalations through Integrations

Introducing resocks - An Encrypted Back-Connect SOCKS Proxy for Network Pivoting

Bypass IIS Authorisation with this One Weird Trick - Three RCEs and Two Auth Bypasses in Sitecore 9.3

Dependabot Confusion: Gaining Access to Private GitHub Repositories using Dependabot

Azure DevOps CICD Pipelines - Command Injection with Parameters, Variables and a discussion on Runner hijacking

Automating C2 Infrastructure with Terraform, Nebula, Caddy and Cobalt Strike

0VIX Exploit Post-Mortem & Steps to Recovery

Remediating AWS IMDSv1

Cross Site Smallish Scripting (XSSS)

Russian Hacker “Wazawaka” Indicted for Ransomware – Krebs on Security

Google Online Security Blog: New Android & Google Device Vulnerability Reward Program Initiatives

Testing Zero Touch Production Platforms and Safe Proxies

Security-by-Design and -Default

Prompt Injection, explained

DEF CON 23 - Dennis Maldonado - Are We Really Safe? - Bypassing Access Control Systems

Fizzadar/pyinfra

racepwn/racepwn

GyulyVGC/sniffnet

Suggestions & Feedback

Enjoyed this post? Subscribe to Seclog for more in-depth security analysis and updates.

For any suggestions or feedback, please contact us at: [email protected]

Enjoyed this post? Subscribe for more in-depth security analysis and updates direct to your inbox.

No spam. Only high-security insights. Unsubscribe at any time.

Share this Seclog: