• VayFul®
  • Posts
  • AppSec Monday: C++ Code Security, SQL Injection, Inside Hacker Mindset, goCrack Tool, FogRansomware

AppSec Monday: C++ Code Security, SQL Injection, Inside Hacker Mindset, goCrack Tool, FogRansomware

Cybersecurity — For Security Professionals

Hey! James here.

Today’s edition is all about Application Security and offensive tactics:

  • 📝 Inside the Mind of a Hacker 2024, Command-Jacking: The New Supply Chain Attack Technique!

  • 🔥 Gocrack, Graphinder Tools, Fog ransomware targets SonicWall VPNs to breach corporate networks!

  • 🧠 Security in C++ Hardening Techniques from Trenches, SQL Injection Isn't Dead Smuggling Queries at the Protocol Level!

  • And more…

First time reading? Sign up here.

📰 Top Security News

  • Grav-ity of the situation: Unauthenticated Access to RCE in Grav CMS (Tantosec)

  • Amazon identified internet domains abused by APT29 (AWS Security)

  • Fog ransomware targets SonicWall VPNs to breach corporate networks (Bleepingcomputer)

📝 Best Of Blogs

  • Inside the Mind of a Hacker 2024 (Bugcrowd)

  • Command-Jacking: New Supply Chain Attack Technique (Checkmarx)

  • OWASP Says Secrets Security Is The Most Important Issue For Mobile Applications (Git guardian)

🧠 Learning Resources

  • Security in C++ Hardening Techniques from Trenches (Louis Dionne)

  • Accelerating Innovation: Improving Application Security in the Age of AI (Microsoft Reactor)

  • SQL Injection Isn't Dead Smuggling Queries at the Protocol Level - Paul (Defcon32)

🛠️ Tools

  • Wpgarlic - A proof-of-concept WordPress plugin fuzzer. (GitHub)

  • Graphinder - Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. (GitHub)

  • Gocrack - GoCrack is a management frontend for password cracking tools written in Go. (GitHub)

⚡️ Misc

  • Escaping the Chrome Sandbox Through DevTools (Ading.dev)

  • Announcing the Nuclei Templates Community Leaderboard and Rewards (Project Discovery)

🎯 Favorite Quote

“You may say I‘m a dreamer, but I’m not the only one. I hope someday you'll join us. And the world will live as one.”
- John Lennon

💡 ABOUT VAYFUL®

Vayful® is a cybersecurity newsletter that curates the best cybersecurity news, research, tools, blogs, talks, tutorials, and learning resources — specially handpicked for security professionals. The content is curated with love by security professionals.

Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here!

Did someone forward this email to you? Become a subscriber!

Have feedback or questions? Just hit reply and let us know.