You always succeed in producing a result. — Tony Robbins

SecMisc

Privacy is sexy 🍑🍆 - Enforce privacy & security on Windows, macOS and Linux: A comprehensive guide to enhancing privacy and security across major operating systems. Read More

Certificate Transparency: Delve into the world of certificate transparency and its pivotal role in internet security. Read More

📰 SecLinks

Quishing Simulator - Keepnet Labs: An interactive simulator to understand and defend against quishing attacks. Read More

Exploiting XSS using Polyglot JPEGs+Javascript to bypass CSP: A novel approach to exploiting XSS vulnerabilities using polyglot JPEGs and JavaScript. Read More

MobSF Remote Code Execution (CVE-2024-21633) by 0x33c0unt: In-depth analysis of a critical remote code execution vulnerability in MobSF. Read More

Privilege Escalation in Cloudflare Pages : Exploration of privilege escalation and page tampering issues in Cloudflare Pages. Read More

Adtech Catalyzing Fraud: Unverified Vanity URLs & Interest Tracking by Eli Grey: An analysis of how adtech, including unverified vanity URLs, is catalyzing online fraud. Read More

2023 CVE Data Review: A comprehensive review of CVE data from the year 2023. Read More

Control-M Web Security Advisory: Important security update and advisory for Control-M Web users. Read More

Unauthenticated RCE in Adobe Coldfusion (CVE-2023-26360): A detailed analysis of a remote code execution vulnerability in Adobe Coldfusion. Read More

GitLab Critical Security Release (Versions 16.7.2, 16.6.4, 16.5.6): Details on GitLab's critical security update addressing significant vulnerabilities. Read More

Defending Websites with ZIP Bombs: Strategies on using ZIP bombs to protect websites. Read More

Analysis of HTTP2 Request Smuggling: In-depth exploration of utilizing HTTP2 request smuggling. Read More

Best Security Movies (and some yet to be made) by Phil Venables: A curated list of the best security movies and some ideas for future films. Read More

5 Katana Tricks for OSINT: Advanced techniques for open-source intelligence gathering. Read More

Sink Tracing in Modern Web Applications: Techniques for tracing and securing web application sinks. Read More

Chrome V8 Engine Exploit (CVE 2023-4069) - GitHub Security Lab: Technical details of exploiting vulnerabilities in Chrome's V8 engine. Read More

PaperCut WebDAV Vulnerability (CVE-2023-39143) - Horizon3.ai: Comprehensive writeup on the PaperCut WebDAV vulnerability. Read More

Opsec for Security Investigators by Cosive: Essential operational security tips for professionals in the security field. Read More

Introducing ShellSweep: Web Shell Detection Tool by Splunk: Discover ShellSweep, a new tool for detecting web shells. Read More

MSRC Security Report Analysis: A detailed examination of a security report from the Microsoft Security Response Center. Read More

🔗 SecGit

Paper-based Secret Sharing Technique - Sjlver/psst: Explore this innovative approach to secret sharing using paper-based techniques. Explore on GitHub

SSH-Snake by MegaManSec: A self-propagating, self-replicating, file-less script for automating SSH private key and host discovery. Explore on GitHub

Swarmsecurity/swarm: The next generation of distributed cloud scanning and attack surface monitoring, evolved from Axiom. Explore on GitHub

Automating AWS Resource Import into Terraform - aws-samples/aws2tf: Automate the importing of existing AWS resources into Terraform and outputs Terraform HCL code. Explore on GitHub

Secator by freelabz: Discover Secator, a unique tool in the realm of cybersecurity. Explore on GitHub

BypassFuzzer by intrudir: A specialized tool for fuzzing 401/403/404 pages to discover bypass vulnerabilities. Explore on GitHub

LL-RASP: Protecting High-level Programming Languages - h2-stack: Learn about low-level RASP techniques for protecting applications implemented in high-level programming languages. Explore on GitHub

PostMessage Logger - opnsec: A simple Chrome extension for logging "postMessage" data, useful in security analysis. Explore on GitHub

Eval Villain: Discovering DOM XSS - swoops: A Firefox Web Extension aimed at improving the discovery of DOM XSS vulnerabilities. Explore on GitHub

Damn Vulnerable LLM Agent - WithSecureLabs: A repository dedicated to studying and understanding vulnerabilities in LLM agents. Explore on GitHub

← Back to Seclog