📚 SecMisc #

beaconDB - An advanced database for security researchers and analysts. Read More

BLAST RADIUS - A platform focused on visualizing and understanding the impact of security breaches. Read More

Deep-ML - A cutting-edge tool leveraging deep learning for security applications. Read More

📰 SecLinks #

Crooks Steal Phone, SMS Records for Nearly All AT&T Customers - A major breach impacting nearly all AT&T customers, compromising phone and SMS records. Read More

Thwacking DDOS with AWS WAF - Insights into using AWS WAF to mitigate DDOS attacks effectively. Read More

Secure by Design Alert: Eliminating OS Command Injection Vulnerabilities - Guidelines from CISA on preventing OS command injection vulnerabilities. Read More

Chaining Three Bugs to Access All Your ServiceNow Data - A detailed analysis of exploiting multiple vulnerabilities to gain unauthorized access to ServiceNow data. Read More

plORMbing your Prisma ORM with Time-based Attacks - Examining time-based attacks on Prisma ORM to understand potential vulnerabilities. Read More

Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine - How binary secret scanning averted a significant supply chain attack. Read More

How I found DOM XSS via postMessage on Bing.com - Microsoft Bug Bounty - A write-up on discovering a DOM XSS vulnerability on Bing.com. Read More

Security Cameras - A Penetration Tester's Journey - Exploring vulnerabilities in security cameras through penetration testing. Read More

PySkyWiFi: completely free, unbelievably stupid wi-fi on long-haul flights - An innovative approach to accessing free Wi-Fi on long-haul flights. Read More

RockYou2024: 10 billion passwords leaked in the largest compilation of all time - An overview of the massive RockYou2024 password leak. Read More

Context window overflow: Breaking the barrier - Discussing the implications and solutions for context window overflow in security. Read More

Don't Click Evil.txt: CVE-2024-30050 and Other Windows Silliness - An analysis of a new CVE and other security quirks in Windows. Read More

Interactive Arithmetization and Iterative Constraint Systems - A dive into advanced cryptographic techniques and their applications. Read More

Bypassing Discord's masked links filter - Techniques to bypass Discord's security filters on masked links. Read More

💻 SecGit #

mbadanoiu/CVE-2024-22274 - Authenticated Remote Code Execution in VMware vCenter Server. Explore on GitHub

FLOCK4H/AtomDucky - WiFi Rubber Ducky with a web interface using CircuitPython. Explore on GitHub

efeali/fragtunnel - A PoC TCP tunnel tool for bypassing firewalls. Explore on GitHub

kpolley/PIIDetective - A PII detection platform leveraging human-in-the-loop AI. Explore on GitHub

NetSPI/gcpwn - A pentesting framework for GCP, modeled like Pacu for AWS. Explore on GitHub

← Back to Seclog