Seclog - #114

RosecurifyRosecurify
2 min read

"In cyber war, even the strongest passwords can fall, but a mind prepared for battle is unbreakable." - The Art of Cyber War

πŸ“š SecMisc

  • Meshtastic – An open-source, encrypted mesh networking communication protocol. Read More

  • LOLC2 – A lightweight and easy-to-use command and control (C2) framework. Read More

  • LOTTunnels – A proxy-based security tunneling tool for penetration testers and researchers. Read More

  • Infosec 101 for Activists – A cybersecurity guide tailored for activists and journalists. Read More

  • Elon Musk’s X blocks links to Signal – X is reportedly blocking links to Signal, the encrypted messaging service. Read More

  • Hacking cars in JavaScript – Running replay attacks in the browser with HackRF to manipulate vehicle systems. Read More

  • Removing Jeff Bezos From My Bed – An unusual cybersecurity investigation uncovering security flaws. Read More

  • Achieving RCE in a Japanese chat tool – Exploiting an outdated Electron feature to achieve remote code execution. Read More

  • How to Backdoor Large Language Models – Exploring methods of injecting backdoors into AI models. Read More

  • SSRF on Sliver C2 teamserver – A new vulnerability (CVE-2025-27090) allowing SSRF via spoofed callbacks. Read More

  • AWS IAM User Enumeration Vulnerability – A newly discovered issue (CVE-2025-0693) allowing unauthorized AWS IAM user enumeration. Read More

  • NSA Cyber Tactics Exposed – A look at NSA’s cyber strategies from China’s perspective. Read More

  • Fun with Timing Attacks – A deep dive into timing-based cybersecurity exploits. Read More

🐦 SecX

  • The Importance of Penetration Testing Reports – A pentester’s primary job is writing a great report; hacking is just the fun part. Read More

πŸ’» SecGit

  • AI-Infra-Guard – A security assessment tool for discovering risks in AI infrastructure. Explore on GitHub

  • Boofuzz – A powerful network protocol fuzzing tool for security testing. Explore on GitHub

  • OpenSSH Account Takeover (CVE-2023-38408) – A proof-of-concept exploit for an OpenSSH vulnerability. Explore on GitHub

  • Subtrace – A Wireshark-like tool for monitoring traffic in Docker containers. Explore on GitHub

  • Passkey Raider – A Burp Suite extension for testing Passkey authentication systems. Explore on GitHub

  • Tailpipe – An open-source SIEM tool for instant log insights using SQL and DuckDB. Explore on GitHub

  • M365TokenRepeater – A tool for analyzing authentication flows in Microsoft 365. Explore on GitHub

For suggestions and any feedback, please contact: securify@rosecurify.com

0
Subscribe to my newsletter

Read articles from Rosecurify directly inside your inbox. Subscribe to the newsletter, and don't miss out.

seclog

Written by

Rosecurify
Rosecurify