• VayFul®
  • Posts
  • AppSec Monday: Website Hacking, Burpsuite Basics, DLL Hijacking, Data Exfiltrated by Malware, SAML Gitlab Auth Bypass, IDOR, GoPhish Tool spotlight, Addressing Vulnerabilities in Cellular Modems

AppSec Monday: Website Hacking, Burpsuite Basics, DLL Hijacking, Data Exfiltrated by Malware, SAML Gitlab Auth Bypass, IDOR, GoPhish Tool spotlight, Addressing Vulnerabilities in Cellular Modems

Cybersecurity — For Security Professionals

Hey! James here.

Today’s edition is all about Application Security and offensive tactics:

  • 📝 Intercept Data Exfiltrated by Malware, Ruby SAML Gitlab auth bypass, IDOR Exposes All Machine Learning Models.

  • 🔥 GoPhish, Pixel's Approach to Security: Addressing Vulnerabilities in Cellular Modems, Arc bowser vulnerability.

  • 🧠 How to perform web hacking, Burpsuite Basics, DLL hijacking.

  • And more…

First time reading? Sign up here.

📰 Top Security News

  • Pixel's Approach to Security: Addressing Vulnerabilities in Cellular Modems (Google)

  • Arc bowser vulnerability exposes the Inefficiency of Row-Level Security (RLS) (Permit)

📝 Best Of Blogs

  • How to Intercept Data Exfiltrated by Malware via Telegram and Discord(Any.run)

  • Ruby SAML Gitlab auth bypass (Project Discovery)

  • IDOR Exposes All Machine Learning Models Bounty [1160$ Bounty] (HackerOne)

🧠 Learning Resources

  • How hacking works - Web edition (NDC)

  • DLL Hijacking - A New Spin on Proxying your Shellcode w/ Matthew Eidelberg (Black Hills)

  • Burp Suite Basics w/ Jennifer Shannon (Antispython)

🛠️ Tools

  • Gophish - Open-Source Phishing Toolkit. (GitHub)

  • Attacksurge/Ax - Control Your Infrastructure, Scale Your Scanning and distribute arbitrary binaries and scripts . (GitHub)

  • Supernova - Shellcode encryption & obfuscation tool. (GitHub)

⚡️ Misc

  • Opaque Predicates and How to Hunt Them (midi12)

  • Differential fuzzing for cryptography - Quarkslab's blog (quarkslab)

🎯 Favorite Quote

“Be yourself; everyone else is already taken.“
- Oscar Wilde

💡 ABOUT VAYFUL®

Vayful® is a cybersecurity newsletter that curates the best cybersecurity news, research, tools, blogs, talks, tutorials, and learning resources — specially handpicked for security professionals. The content is curated with love by security professionals.

Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here!

Did someone forward this email to you? Become a subscriber!

Have feedback or questions? Just hit reply and let us know.