Seclog - #98

“If you know your network and your systems, you need not fear the result of a hundred cyber battles." - Sun Tzu, The Art of Cyber War

📚 SecMisc

• GPS Signal Spoofing - Overview of GPS spoofing threats and mitigation techniques. Read More

📰 SecLinks

• Ancient Monkey: Pwning a 17-Year-Old Version of SpiderMonkey - Exploiting vulnerabilities in older versions of SpiderMonkey. Read More

• RCE Vulnerability in QBittorrent – Sharp Security - Analysis of a remote code execution vulnerability in QBittorrent. Read More

• OSV - Open Source Vulnerabilities - Initiatives for improving data quality in open-source vulnerability reporting. Read More

• Email Security Analysis - Danny's Newsletter - In-depth look into email security challenges and solutions. Read More

• More Models, More ProbLLMs: New Vulnerabilities in Ollama | Oligo Security - Discussing vulnerabilities introduced by new models in machine learning security. Read More

• Identifying Blind Spots in Your API and Application Security - Strategies for identifying and addressing API security gaps. Read More

• ChatGPT-4o Guardrail Jailbreak: Hex Encoding for Writing CVE - Techniques for bypassing guardrails in ChatGPT-4 to write CVEs. Read More

• Asking Good Questions in OSINT - Essential questioning strategies to enhance OSINT investigations. Read More

🐦 SecX

• Bypassing App-Bound Encrypted Keys in Chrome - Code for bypassing and decrypting App-Bound encrypted keys in Chrome 127+. View on X

💻 SecGit

• tun2socks - A tool powered by gVisor’s TCP/IP stack for tunneling SOCKS connections. Explore on GitHub

• gcp-ctf-workshop - A workshop for GCP-based capture the flag (CTF) exercises. Explore on GitHub

• dns-triage - A Python script for conducting domain-focused reconnaissance. Explore on GitHub

For suggestions and any feedback, please contact: securify@rosecurify.com