Seclog - #105

📰 SecLinks

• Hacking Kerio Control via CVE-2024-52875: from CRLF Injection to 1-click RCE
  Exploring how CRLF Injection leads to remote code execution vulnerabilities in Kerio Control. Read More

• How to build an offensive AI security agent
  A guide to crafting AI-powered agents for offensive security operations. Read More

• Home Assistant can not be secured for internet access
  A critical analysis of Home Assistant's internet access vulnerabilities. Read More

• Tic TAC - Beware of your scan
  Insights into security risks during scanning processes. Read More

• The Role of Fuzzy Hashes in Security Operations
  Uncovering the potential of fuzzy hashes in identifying security threats. Read More

• I’m Lovin’ It: Exploiting McDonald’s APIs
  Examining vulnerabilities in McDonald’s API that allow delivery hijacking and penny orders. Read More

• Django security hardenings that are not happening
  A detailed review of missed security enhancements in Django. Read More

• Lesser known techniques for large-scale subdomain enum
  Advanced techniques for subdomain enumeration. Read More

• How an obscure PHP footgun led to RCE in Craft CMS
  Investigating a PHP vulnerability that caused remote code execution in Craft CMS. Read More

• Another JWT Algorithm Confusion Vulnerability: CVE-2024-54150
  Discovering a JWT algorithm confusion vulnerability. Read More

• Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm
  Analysis of the Araneida hacking service and its links to Turkish IT firms. Read More

---

🐦 SecX

• My LLM analyzed a vulnerability in a Linux library and created a PoC!
  Advanced LLM capabilities in identifying and exploiting Linux vulnerabilities. Read More

---

💻 SecGit

• TrustedSec - Hate Crack
  A tool for automating cracking methodologies through Hashcat. Explore on GitHub

• FindMy.py
  A comprehensive tool to query Apple's FindMy network. Explore on GitHub

---

For suggestions and feedback, please contact: securify@rosecurify.com