📚 SecMisc #

The CloudSec Engineer - Resources and articles for cloud security engineers. - Read More

Entities allowed between function calls - Shazzer - Analysis of security implications of entities allowed between function calls. - Read More

📰 SecLinks #

Putting the C2 in C2loudflare | JUMPSEC LABS - An exploration of using Cloudflare for C2 infrastructure. - Read More

Why I attack - Insights into the motivations behind security attacks. - Read More

The security prioritization paradox - Discussing the challenges in prioritizing security tasks. - Read More

Hacking Amazon's eero 6 (part 2) | Markuta - Part two of the series on hacking Amazon's eero 6. - Read More

17 vulnerabilities in Sharp Multi-Function Printers - IT Security Research by Pierre - Detailed analysis of vulnerabilities in Sharp printers. - Read More

Exploiting GCP Cloud Build for Privilege Escalation - Techniques for escalating privileges in GCP Cloud Build. - Read More

Polyfill.ioSupply Chain Attack: How Over 100,000 Websites Were Compromised and What You Need to Know - ThreatMon Blog - Examination of a significant supply chain attack. - Read More

Reddit & HackerOne Bug Bounty Announcement : r/redditsecurity - Announcement of Reddit's bug bounty program. - Read More

Holograph exploited for more than $1.2 million - Details on the Holograph exploit incident. - Read More

Breaking caches and bypassing Istio RBAC with HTTP response header injection | Snyk - Techniques for cache breaking and RBAC bypass. - Read More

Publicly Exposed AWS SSM Command Documents – High Signal Security – YAIB (Yet Another Infosec blog) - Discussion on exposed AWS SSM command documents. - Read More

Project Zero: Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models - Evaluating LLMs for offensive security. - Read More

Zip Slip meets Artifactory: A Bug Bounty Story | Karma(In)Security - Bug bounty story involving Zip Slip and Artifactory. - Read More

1-click Exploit in South Korea's biggest mobile chat app | stulle123's Blog - Account takeover exploit in KakaoTalk. - Read More

Kubernetes Cluster Security - Nuclei Templates v9.9.0 🎉 - Latest templates for Kubernetes security. - Read More

Under the Hood: Exploring the Architecture and Security Risks of Large Language Models - Presentation on the security risks of LLMs. - Read More

💻 SecGit #

domain-protect/domain-protect: OWASP Domain Protect - prevent subdomain takeover - A tool to prevent subdomain takeover. - Explore on GitHub

Trigii/MacHawkEye: Engine for analyzing binaries on macOS systems to identify potential vulnerabilities - Tool for analyzing macOS binaries for vulnerabilities. - Explore on GitHub

FLOCK4H/AtomDucky: WiFi Rubber Ducky with a web interface using CircuitPython - WiFi Rubber Ducky with a web interface. - Explore on GitHub

VolkanSah/GPT-Security-Best-Practices: The purpose of this document is to outline the security risks and vulnerabilities that may arise when implementing ChatGPT in web applications and to provide best practices for mitigating these risks. - Security best practices for implementing ChatGPT in web applications. - Explore on GitHub

← Back to Seclog