Seclog - #82

📚 SecMisc

• beaconDB - An advanced database for security researchers and analysts. Read More

• BLAST RADIUS - A platform focused on visualizing and understanding the impact of security breaches. Read More

• Deep-ML - A cutting-edge tool leveraging deep learning for security applications. Read More

📰 SecLinks

• Crooks Steal Phone, SMS Records for Nearly All AT&T Customers - A major breach impacting nearly all AT&T customers, compromising phone and SMS records. Read More

• Thwacking DDOS with AWS WAF - Insights into using AWS WAF to mitigate DDOS attacks effectively. Read More

• Secure by Design Alert: Eliminating OS Command Injection Vulnerabilities - Guidelines from CISA on preventing OS command injection vulnerabilities. Read More

• Chaining Three Bugs to Access All Your ServiceNow Data - A detailed analysis of exploiting multiple vulnerabilities to gain unauthorized access to ServiceNow data. Read More

• plORMbing your Prisma ORM with Time-based Attacks - Examining time-based attacks on Prisma ORM to understand potential vulnerabilities. Read More

• Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine - How binary secret scanning averted a significant supply chain attack. Read More

• How I found DOM XSS via postMessage on Bing.com - Microsoft Bug Bounty - A write-up on discovering a DOM XSS vulnerability on Bing.com. Read More

• Security Cameras - A Penetration Tester's Journey - Exploring vulnerabilities in security cameras through penetration testing. Read More

• PySkyWiFi: completely free, unbelievably stupid wi-fi on long-haul flights - An innovative approach to accessing free Wi-Fi on long-haul flights. Read More

• RockYou2024: 10 billion passwords leaked in the largest compilation of all time - An overview of the massive RockYou2024 password leak. Read More

• Context window overflow: Breaking the barrier - Discussing the implications and solutions for context window overflow in security. Read More

• Don't Click Evil.txt: CVE-2024-30050 and Other Windows Silliness - An analysis of a new CVE and other security quirks in Windows. Read More

• Interactive Arithmetization and Iterative Constraint Systems - A dive into advanced cryptographic techniques and their applications. Read More

• Bypassing Discord's masked links filter - Techniques to bypass Discord's security filters on masked links. Read More

💻 SecGit

• mbadanoiu/CVE-2024-22274 - Authenticated Remote Code Execution in VMware vCenter Server. Explore on GitHub

• FLOCK4H/AtomDucky - WiFi Rubber Ducky with a web interface using CircuitPython. Explore on GitHub

• efeali/fragtunnel - A PoC TCP tunnel tool for bypassing firewalls. Explore on GitHub

• kpolley/PIIDetective - A PII detection platform leveraging human-in-the-loop AI. Explore on GitHub

• NetSPI/gcpwn - A pentesting framework for GCP, modeled like Pacu for AWS. Explore on GitHub

For suggestions and any feedback, please contact: securify@rosecurify.com