- VayFul®
- Posts
- AppSec Monday: Database Security, Email Spoofing, Fingerprinting, Maturing Your Application Security Program
AppSec Monday: Database Security, Email Spoofing, Fingerprinting, Maturing Your Application Security Program
Cybersecurity — For Security Professionals
Hey! James here.
Today’s edition is all about Application Security and offensive tactics:
📝 Email Spoofing $50,000+ in bounties, 4 exploits in 1 bug: exploiting CVE-2024-20017, Information Leakage via Clicked Link in GitHub!
🔥 DLL-proxy-generator Tool, Microsoft creates fake Azure tenants to pull phishers into honeypots, Weaponizing permissive CORS configurations!
🧠 Database and Application Security, HTTP Parameter Pollution in 2024, Maturing Your Application Security Program Defcon 32!
And more…
First time reading? Sign up here.
📰 Top Security News
Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass (Bleepingcomputer)
Microsoft said it lost weeks of security logs for its customers’ cloud products (Techcrunch)
Microsoft creates fake Azure tenants to pull phishers into honeypots (Bleepingcomputer)
📝 Best Of Blogs
Information Leakage via Clicked Link in GitHub Repository (Fingerprinting) [4000$ Bounty] (HackerOne)
Email Spoofing $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies (hackermondev)
4 exploits, 1 bug: exploiting CVE-2024-20017 4 different ways (Coffinsec)
🧠 Learning Resources
Database and Application Security (Kanda Runapongsa Saikaew)
HTTP Parameter Pollution in 2024 (0xAwali)
Maturing Your Application Security Program Tanya Janca (Defcon 32)
🛠️ Tools
DLL-proxy-generator: Generate a proxy dll for arbitrary dll. (GitHub)
Memexec: Circumventing "noexec" mount flag to execute arbitrary linux binaries by ptrace-less process injection. (GitHub)
Schemql: A lightweight TypeScript library that enhances your SQL workflow by combining raw SQL with targeted type safety and schema validation. (GitHub)
⚡️ Misc
🎯 Favorite Quote
“Only a life lived for others is a life worthwhile.”
- Albert Einstein
💡 ABOUT VAYFUL®
Vayful® is a cybersecurity newsletter that curates the best cybersecurity news, research, tools, blogs, talks, tutorials, and learning resources — specially handpicked for security professionals. The content is curated with love by security professionals.
Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here!
Did someone forward this email to you? Become a subscriber!
Have feedback or questions? Just hit reply and let us know.