Seclog - #129

RosecurifyRosecurify
2 min read

"The art of cyber war is knowing when to strike… and when to reboot." - The Art of Cyber War

📚 SecMisc

  • Disclosed ․ Online – Directory that aggregates bug-bounty researcher profiles from HackerOne, Bugcrowd, GitHub, and more. (reddit.com)

  • Have I Been Squatted? – Fast typosquatting-discovery tool that maps look-alike domains and offers defence guidance. (haveibeensquatted.com)

📰 SecLinks

  • On the 10th Anniversary of the Snowden Revelations – Updated retrospective on key NSA leaks and their continuing impact (updated 7 Apr 2025). (electrospaces.net)

  • Incident Response in AWS: Scoping Strategies – Fresh Medium post (6 days ago) showing how to pivot on CloudTrail artefacts for rapid scoping. (medium.com)

  • Covert Web-to-App Tracking via Localhost on Android – Research revealing Meta & Yandex apps quietly listening on fixed local ports for tracking. (localmess.github.io)

  • Roundcube ≤ 1.6.10 Post-Auth RCE (CVE-2025-49113) – Deep dive into a PHP deserialization flaw that yields full remote code-execution. (fearsoff.org)

  • Analyzing IPv4 Trades with gnuplot – Demo project exploring IPv4 supply-and-demand trends during the IPv6 transition. (ipv4a-5539ad.gitlab.io)

  • The Ultimate Guide to JWT Vulnerabilities & Attacks – Hands-on PentesterLab guide to exploiting and defending JWT flaws. (pentesterlab.com)

  • AI bugSWAT in Tokyo & 2025 Hacker Roadshow – Google Bug Hunters’ inside look at their live AI hacking event and top findings. (x.com)

🐦 SecX

  • “I left a server online with VNC wide open…” – James Woolley shares what attackers did when handed an exposed VNC box. (x.com)

🎥 SecVideo

  • Undercover Journalist Unpacks Essential Tools to Escape Detection – Practical OPSEC tips for reporters working in hostile environments. (youtube.com)

💻 SecGit

  • frida-script-gen – CLI that scans Android APKs for root/SSL-pinning checks and auto-generates Frida bypass hooks. (github.com)

  • assetnote/surf – Go tool that filters massive host lists to surface cloud-based SSRF candidates for escalation. (github.com)

For suggestions and any feedback, please contact: securify@rosecurify.com

0
Subscribe to my newsletter

Read articles from Rosecurify directly inside your inbox. Subscribe to the newsletter, and don't miss out.

seclog

Written by

Rosecurify
Rosecurify