Seclog - 4

RosecurifyRosecurify
2 min read

Who controls the internet?

the internet is resting on a foundation of duct tape and WD40 - it is known.

The Security Design of the AWS Nitro System

The development of the AWS Nitro System has been a multi-year journey to reinvent the fundamental virtualization infrastructure of Amazon EC2.

CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You

Tailscale is a mesh VPN service: nodes on a Tailscale network establish direct Wireguard connections to one another on-demand, using information pushed out by a central control plane (what IPs each node can be found at, what Wireguard public keys they use, which nodes are allowed to access which ports, etc.).

cloud security predictions for 2023 | Spiceworks 1

Let’s check out the top cloud security predictions for the year 2023.

[#0017] Header spoofing via a hidden parameter in Facebook Batch GraphQL APIs | feed

I have found a non-documented parameter called headers which allows me to set custom headers on the given batch requests.

System misconfiguration is the number one vulnerability, at least for Mastodon

What is the number one vulnerability?

Let's speak AJP

AJP (Apache JServ Protocol) is a binary protocol developed in 1997 with the goal of improving the performance of the traditional HTTP/1.1 protocol especially when proxying HTTP traffic between a web server and a J2EE container.

AST Injection, Prototype Pollution to RCE

This article describes how to trigger RCE in two well-known template engines, using a new technique called AST Injection.

astextract

This tool converts Go code into its go/ast representation, using WebAssembly.

Learn how to attack SAML 2.0 Security

SAML began in 2001, and the final version of SAML 2.0 was released in 2005. Since then, no major version has been released.

Burp Suite and Protobuf - hn security

In the BApp Store there is an extension named protobuf-decoder created for this purpose.

Sigstore The Easy Way

Software signing just got easier.

Mutation XSS

by PortSwigger

sectweet

https://twitter.com/gf_256/status/1505059424582479874

secvideo

https://www.youtube.com/watch?v=GkPtK7BmvjA

secgit

https://github.com/cezary-sec/awesome-browser-security
https://github.com/0xacb/recollapse
https://github.com/cramppet/regulator
https://github.com/gwen001/detectify-cves
https://github.com/sandialabs/wiretap
https://github.com/disclose/dnssecuritytxt
https://github.com/idandaniel/ballyregan
https://github.com/target/strelka
https://github.com/racepwn/racepwn
https://github.com/zidansec/CloudPeler
https://github.com/chopicalqui/TurboDataMiner
0
Subscribe to my newsletter

Read articles from Rosecurify directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Securityweeklyseclog

Written by

Rosecurify
Rosecurify