History will be kind to me for I intend to write it. — Winston Churchill

📚 SecMisc #

TrailDiscover - Explore the world of trails with TrailDiscover. Read More

GoFetch - Discover the GoFetch vulnerability that affects Apple Silicon processors. Read More

Year 2038 Problem - Learn about the Year 2038 problem that could affect Unix-based systems. Read More

📰 SecLinks #

The Guides to (mostly) Harmless Hacking - A classic resource for understanding hacking from a beginner's perspective. Read More

Vulnerability Reward Program: 2023 Year in Review - Google's review of its Vulnerability Reward Program for 2023. Read More

Real-time, privacy-preserving URL protection - Google's approach to real-time, privacy-preserving URL protection. Read More

New chip flaw hits Apple Silicon - A vulnerability named 'GoFetch' attacks Apple M1, M2, M3 processors. Read More

SQL Injection in Prepared Statement - CVE-2024–1597 - A security vulnerability involving SQL injection in prepared statements. Read More

Incident report on March 13, 2024 - Mintlify - A report on an incident that occurred on March 13, 2024. Read More

JPEG DCT text lossifizer - A tool for lossy text compression using JPEG DCT. Read More

Javascript deobfuscation the easy way - A guide to easy JavaScript deobfuscation. Read More

DOM Purify - untrusted Node bypass - A discussion on a vulnerability in DOM Purify. Read More

Read code like a pro with our weAudit VSCode extension - Introducing the weAudit VSCode extension for code analysis. Read More

Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762 - An analysis of a remote code execution vulnerability in FortiGate. Read More

SVG Files Abused in Emerging Campaigns - A discussion on the abuse of SVG files in emerging cyber campaigns. Read More

Fuzzing Ladybird with tools from Google Project Zero - An exploration of fuzzing the Ladybird browser with tools from Google Project Zero. Read More

CVE-2024-1800 (CVSS 9.9): Critical RCE Flaw Found in Popular Reporting Platform - A critical remote code execution flaw found in a popular reporting platform. Read More

Google's Advanced Protection Program is great, it's a shame the company rarely mentions it - A discussion on Google's Advanced Protection Program. Read More

📣 SecTweet #

Marc Stevens on X - "Here is a 72-byte alphanum MD5 collision with 1-byte difference for fun." Read More

🎥 SecVideo #

Intro to Lockpicking! - A beginner's guide to lockpicking. Watch Here

GitHub Advanced Security: Code scanning autofix - An overview of GitHub's code scanning and autofix features. Watch Here

💻 SecGit #

jsmug: A PoC code for JSON Smuggling - A proof of concept for smuggling arbitrary files through JSON. Explore on GitHub

DNS-Tunnel-Keylogger - A keylogging server and client that uses DNS tunneling/exfiltration to transmit keystrokes. Explore on GitHub

uBlockOrigin-HUGE-AI-Blocklist - A huge blocklist of sites containing AI-generated content for uBlock Origin & uBlacklist. Explore on GitHub

grok-1: Grok open release - The open release of Grok. Explore on GitHub

TinyCheck - A tool for capturing and analyzing network communications from smartphones and other devices. Explore on GitHub

SpyGuard - A forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device. Explore on GitHub

← Back to Seclog