• VayFul®
  • Posts
  • AppSec Monday: Database Security, Email Spoofing, Fingerprinting, Maturing Your Application Security Program

AppSec Monday: Database Security, Email Spoofing, Fingerprinting, Maturing Your Application Security Program

Cybersecurity — For Security Professionals

Hey! James here.

Today’s edition is all about Application Security and offensive tactics:

  • 📝 Email Spoofing $50,000+ in bounties, 4 exploits in 1 bug: exploiting CVE-2024-20017, Information Leakage via Clicked Link in GitHub!

  • 🔥 DLL-proxy-generator Tool, Microsoft creates fake Azure tenants to pull phishers into honeypots, Weaponizing permissive CORS configurations!

  • 🧠 Database and Application Security, HTTP Parameter Pollution in 2024, Maturing Your Application Security Program Defcon 32!

  • And more…

First time reading? Sign up here.

📰 Top Security News

  • Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass (Bleepingcomputer)

  • Microsoft said it lost weeks of security logs for its customers’ cloud products (Techcrunch)

  • Microsoft creates fake Azure tenants to pull phishers into honeypots (Bleepingcomputer)

📝 Best Of Blogs

  • Information Leakage via Clicked Link in GitHub Repository (Fingerprinting) [4000$ Bounty] (HackerOne)

  • Email Spoofing $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies (hackermondev)

  • 4 exploits, 1 bug: exploiting CVE-2024-20017 4 different ways (Coffinsec)

🧠 Learning Resources

🛠️ Tools

  • DLL-proxy-generator: Generate a proxy dll for arbitrary dll. (GitHub)

  • Memexec: Circumventing "noexec" mount flag to execute arbitrary linux binaries by ptrace-less process injection. (GitHub)

  • Schemql: A lightweight TypeScript library that enhances your SQL workflow by combining raw SQL with targeted type safety and schema validation. (GitHub)

⚡️ Misc

  • Exploiting trust: Weaponizing permissive CORS configurations (Outpost24)

  • CS253: Web Security Course (Standford)

🎯 Favorite Quote

“Only a life lived for others is a life worthwhile.”
- Albert Einstein

💡 ABOUT VAYFUL®

Vayful® is a cybersecurity newsletter that curates the best cybersecurity news, research, tools, blogs, talks, tutorials, and learning resources — specially handpicked for security professionals. The content is curated with love by security professionals.

Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here!

Did someone forward this email to you? Become a subscriber!

Have feedback or questions? Just hit reply and let us know.