Seclog - #80

📚 SecMisc

• The CloudSec Engineer - Resources and articles for cloud security engineers. - Read More

• Entities allowed between function calls - Shazzer - Analysis of security implications of entities allowed between function calls. - Read More

📰 SecLinks

• Putting the C2 in C2loudflare | JUMPSEC LABS - An exploration of using Cloudflare for C2 infrastructure. - Read More

• Why I attack - Insights into the motivations behind security attacks. - Read More

• The security prioritization paradox - Discussing the challenges in prioritizing security tasks. - Read More

• Hacking Amazon's eero 6 (part 2) | Markuta - Part two of the series on hacking Amazon's eero 6. - Read More

• 17 vulnerabilities in Sharp Multi-Function Printers - IT Security Research by Pierre - Detailed analysis of vulnerabilities in Sharp printers. - Read More

• Exploiting GCP Cloud Build for Privilege Escalation - Techniques for escalating privileges in GCP Cloud Build. - Read More

• Polyfill.ioSupply Chain Attack: How Over 100,000 Websites Were Compromised and What You Need to Know - ThreatMon Blog - Examination of a significant supply chain attack. - Read More

• Reddit & HackerOne Bug Bounty Announcement : r/redditsecurity - Announcement of Reddit's bug bounty program. - Read More

• Holograph exploited for more than $1.2 million - Details on the Holograph exploit incident. - Read More

• Breaking caches and bypassing Istio RBAC with HTTP response header injection | Snyk - Techniques for cache breaking and RBAC bypass. - Read More

• Publicly Exposed AWS SSM Command Documents – High Signal Security – YAIB (Yet Another Infosec blog) - Discussion on exposed AWS SSM command documents. - Read More

• Project Zero: Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models - Evaluating LLMs for offensive security. - Read More

• Zip Slip meets Artifactory: A Bug Bounty Story | Karma(In)Security - Bug bounty story involving Zip Slip and Artifactory. - Read More

• 1-click Exploit in South Korea's biggest mobile chat app | stulle123's Blog - Account takeover exploit in KakaoTalk. - Read More

• Kubernetes Cluster Security - Nuclei Templates v9.9.0 🎉 - Latest templates for Kubernetes security. - Read More

• Under the Hood: Exploring the Architecture and Security Risks of Large Language Models - Presentation on the security risks of LLMs. - Read More

💻 SecGit

• domain-protect/domain-protect: OWASP Domain Protect - prevent subdomain takeover - A tool to prevent subdomain takeover. - Explore on GitHub

• Trigii/MacHawkEye: Engine for analyzing binaries on macOS systems to identify potential vulnerabilities - Tool for analyzing macOS binaries for vulnerabilities. - Explore on GitHub

• FLOCK4H/AtomDucky: WiFi Rubber Ducky with a web interface using CircuitPython - WiFi Rubber Ducky with a web interface. - Explore on GitHub

• VolkanSah/GPT-Security-Best-Practices: The purpose of this document is to outline the security risks and vulnerabilities that may arise when implementing ChatGPT in web applications and to provide best practices for mitigating these risks. - Security best practices for implementing ChatGPT in web applications. - Explore on GitHub

For suggestions and any feedback, please contact: securify@rosecurify.com