📚 SecMisc

DNSBomb - Exploit various DNS server vulnerabilities for network penetration testing. Read More

📰 SecLinks

LangChain JS Arbitrary File Read Vulnerability - Discusses a critical vulnerability in LangChain JS allowing arbitrary file reads. Read More

Old new email attacks - Slonser Notes - Analysis of old and new techniques in email attacks. Read More

Abusing URL handling in iTerm2 and Hyper for code execution - Exploiting URL handlers in terminal emulators for arbitrary code execution. Read More

Exploit Archeology - Exploiting an old unknown Server Side Browser | Alex Chapman’s Blog - Techniques for exploiting an old server-side browser. Read More

CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js — Codean Labs - Details on a vulnerability in PDF.js allowing arbitrary JavaScript execution. Read More

Exploiting CVE-2024-32002: RCE via git clone | Amal Murali - A deep dive into a remote code execution vulnerability through git clone. Read More

Cyber Security: A Pre-War Reality Check - Bert Hubert's writings - Reflections on cybersecurity in the context of geopolitical tensions. Read More

Password cracking: past, present, future (OffensiveCon 2024) - Comprehensive insights into the evolution of password cracking techniques. Read More

CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive – Horizon3.ai - Analyzing a command injection vulnerability in Fortinet FortiSIEM. Read More

Holes in Your Bitbucket: Why Your CI/CD Pipeline Is Leaking Secrets | Google Cloud Blog - Investigating secret leakage issues in Bitbucket CI/CD pipelines. Read More

ChatGPT: Hacking Memories with Prompt Injection · Embrace The Red - Exploring vulnerabilities in ChatGPT's memory through prompt injection. Read More

Random thoughts on physical security measures – DiabloHorn - Discussing various physical security measures and their effectiveness. Read More

🐦 SecTweet #

Cybertruck Design Flaw Alert - Highlighting a significant design flaw in Cybertruck that causes unintended acceleration due to the accelerator pedal issue. Watch Here

🎥 SecVideo

Backdooring Keras Models and How to Detect It (Machine Learning Attack Series) - Insights into backdooring Keras models and detection techniques. Watch Here

💻 SecGit

scalar/scalar - Beautiful API references from OpenAPI/Swagger files ✨ Explore on GitHub

hmgle/graftcp - A flexible tool for redirecting a given program's TCP traffic to SOCKS5 or HTTP proxy. Explore on GitHub

FoxIO-LLC/ja4 - JA4+ is a suite of network fingerprinting standards. Explore on GitHub

idealeer/xmap - XMap is a fast network scanner designed for performing Internet-wide IPv6 & IPv4 network research scanning. Explore on GitHub

mozillazg/ptcpdump - Process-aware, eBPF-based tcpdump. Explore on GitHub

← Back to Seclog