• VayFul®
  • Posts
  • AppSec Monday: UnOAuthorized Privilege Elevation, SSTI, Android XSS, SmuggleShield, Whatsapp Contacts Security Assessment

AppSec Monday: UnOAuthorized Privilege Elevation, SSTI, Android XSS, SmuggleShield, Whatsapp Contacts Security Assessment

Cybersecurity — For Security Professionals

Hey! James here.

Today’s edition is all about Application Security and offensive tactics:

  • 📝 CVE-2024-45186: Unauthenticated SSTI bug, $20,300 Bounties from a 200 Hour Hacking Challenge!

  • 🔥 SmuggleShield, Sn0int Tools,Systemwide security flaw has been hiding in macOS for 2 decades!

  • 🧠 UnOAuthorized: The discovered path to privilege elevation, Hacking Bank from Hackthebox!

  • And more…

First time reading? Sign up here.

📰 Top Security News

  • Public report Whatsapp contacts security assessment (Nccgroup)

  • Chinese hackers had access to Canadian government systems for years (Techradar)

  • Systemwide security flaw has been hiding in macOS for 2 decades (Stephen Casas)

📝 Best Of Blogs

  • CVE-2024-45186: Unauthenticated SSTI bug in Filesender exposes MySQL & S3 credentials (Jonathan Bouman)

  • Popping Android vulnerabilities from notification to Webview XSS (Abdillah Muhamad)

  • $20,300 Bounties from a 200 Hour Hacking Challenge (Voorivex)

🧠 Learning Resources

  • Unified Mobile and Security Testing with Mobile Cloud Vendors (Avi Elgal)

  • UnOAuthorized:The discovered path to privilege elevation(Eric Woodruff)

  • Hacking Bank from Hackthebox (Chris Alupului)

🛠️ Tools

  • Sliver - Adversary Emulation Framework. (GitHub)

  • Sn0int: Semi-automatic OSINT framework and package manager (GitHub)

  • SmuggleShield - Basic protection against HTML smuggling attempts. (GitHub)

⚡️ Misc

  • Lessons in Security Tooling: Strategies for Success (Gyan.ca)

  • Stacklok Donates Minder Security Project to OpenSSF (Thenewstack)

🎯 Favorite Quote

“Keep smiling, because life is a beautiful thing and there's so much to smile about.”
- Marilyn Monroe

💡 ABOUT VAYFUL®

Vayful® is a cybersecurity newsletter that curates the best cybersecurity news, research, tools, blogs, talks, tutorials, and learning resources — specially handpicked for security professionals. The content is curated with love by security professionals.

Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here!

Did someone forward this email to you? Become a subscriber!

Have feedback or questions? Just hit reply and let us know.