Seclog - #128

RosecurifyRosecurify
2 min read

"The most effective attack is not in the virus you deploy, but in the backdoor they never find." - The Art of Cyber War

๐Ÿ“š SecMisc

  • Dom-Explorer - A handy interactive tool to inspect DOM-based XSS vectors with practical exploration examples. Read More

  • Puny-Code Vulnerabilities & Account Takeover โ€“ A fascinating case of 0-click account takeover using puny-code encoding abuse. Read More

  • Offensive Threat Intelligence โ€“ Discussing how to leverage offensive capabilities for enhanced CTI operations. Read More

  • Remote Prompt Injection in GitLab Duo โ€“ An attack method leading to source code exfiltration via LLM prompt injection. Read More

  • BadSuccessor (dMSA Abuse in AD) โ€“ Escalating privileges in Active Directory via delegation misconfigurations. Read More

  • Commit Stomping โ€“ A clever way to manipulate Git history for stealthy backdoors. Read More

  • Persistent WeChat Client-Side Attack โ€“ Exploiting a single WeChat message for long-term client-side compromise. Read More

  • GitHub MCP Exploited โ€“ Critical vulnerability allowing access to private GitHub repos via MCP. Read More

  • XSSing TypeErrors in Safari โ€“ A deep dive into an unusual XSS vector using TypeErrors in Safari. Read More

๐Ÿฆ SecX

  • Gareth Heyes on Safari XSS Vector โ€“ Can you spot the Safari-only XSS vector before checking the solution? Watch Here

  • Today In Infosec โ€“ "Realm of the Hackers" Documentary (2003) โ€“ The story of Australian teen hackers Electron & Phoenix. Watch Here

  • Today In Infosec โ€“ "Hackers: Heroes" Book Anniversary (2010) โ€“ Throwback to the iconic 1984 hacker culture publication. Read More

๐ŸŽฅ SecVideo

  • Abusing Historical DNS Records โ€“ Mustafa walks through how DNS history can be weaponized in red teaming. Watch Here

  • Preventing AI Hallucinations โ€“ The Cloudcast podcast explores strategies to reduce LLM hallucinations. Listen Here

๐Ÿ’ป SecGit

  • OperantAI/woodpecker โ€“ A red teaming toolkit focusing on AI and cloud environments. Explore on GitHub

  • silverhack/monkey365 โ€“ All-in-one security auditing for Microsoft 365, Azure, and Entra ID. Explore on GitHub

  • macalbert/envilder โ€“ A secure CLI for managing environment variables via AWS SSM. Explore on GitHub

For suggestions and any feedback, please contact: securify@rosecurify.com

0
Subscribe to my newsletter

Read articles from Rosecurify directly inside your inbox. Subscribe to the newsletter, and don't miss out.

seclog

Written by

Rosecurify
Rosecurify