2023 年の第 2 週に読んだおすすめの記事を紹介します。 また、年末と三が日に読んだ記事に関してはこちらの記事をご覧ください。 (ちょっと旅行やそれ以外のバタ付きでメモはまとめられておらず載せられていないでです)

今週読んだおすすめ記事

• Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More | Sam Curry
  • 自動車の製造を行う企業に対して行われた脆弱性のリサーチに関してまとめられた良い記事でした。

Security 関連で読んだ記事

Web

• Interesting case of SQLi. Hey everyone, didn’t get time this year… | by Nikhil (niks) | InfoSec Write-ups
• Worldwide Server-side Cache Poisoning on All Akamai Edge Nodes ($50K+ Bounty Earned) | by Jacopo Tediosi | Medium
• $6000 with Microsoft Hall of Fame | Microsoft Firewall Bypass | CRLF to XSS | Microsoft Bug Bounty | by Neh Patel | InfoSec Write-ups
• Interesting Account Takeover Bugs | by protonsec | Nov, 2022 | InfoSec Write-ups
• Google VRP (Acquisitions) — [Insecure Direct Object Reference] 2nd | by Caesar Evan Santoso | Nov, 2022 | Medium
• Bypass Duplicate Tweet Protection using negative tweet id | by Jayateertha Guruprasad | Nov, 2022 | Medium
• From Shodan Dork to Grafana 📊Local File Inclusion | by Anurag__Verma | Nov, 2022 | InfoSec Write-ups
• Finding Reflected XSS In A Strange Way | by Raymond Lind | Nov, 2022 | Medium
• [#0017] Header spoofing via a hidden parameter in Facebook Batch GraphQL APIs | feed
• Remediation Archeology — Finding and Decoding an Ancient XSS | by Bend Theory | Nov, 2022 | Medium
• [Hacking Banks] Broken Access Control Vulnerability in Banking application [PART I] | by Abdelhak Kharroubi | Medium
• [Hacking Bank] Broken Access Control Vulnerability in Banking application [PART II] | by Abdelhak Kharroubi | Medium
• [Hacking Bank] The Second Story of Finding Critical Vulnerabilities on Banking Application | by Abdelhak Kharroubi | Nov, 2022 | Medium
• Fastly Subdomain Takeover $2000 - Bug Bounty Writeup | InfoSec Write-ups
• Interesting Stored XSS via meta data | by Veshraj Ghimire | Pentester Nepal | Nov, 2022 | Medium
• Winning QR with DOM-Based XSS | Bug Bounty POC | by Haroon Hameed | Nov, 2022 | Medium

Cloud

• A Confused Deputy Vulnerability in AWS AppSync | Datadog Security Labs

Tool

• [GitHub - onekey-sec/unblob: Extract files from any kind of container formats](https://github.com/onekey-sec/unblob
  • unblob - extract everything!
• GitHub - Th0h0/autossrf: Smart context-based SSRF vulnerability scanner.
• GitHub - primait/nuvola
• GitHub - edoardottt/csprecon: Discover new target domains using Content Security Policy
• GitHub - sleeyax/burp-awesome-tls: Fix Burp Suite's horrible TLS stack & spoof any browser fingerprint
• Working with a scope using Gowitness | by Ike Murami | Nov, 2022 | Medium
• GitHub - kitabisa/teler: Real-time HTTP Intrusion Detection

開発 / 運用

Cloud / SRE

• GitHub - bregman-arie/devops-exercises: Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions

データ基盤

• A brief introduction to two data processing architectures — Lambda and Kappa for Big Data | by Iman Samizadeh, Ph.D. | Towards Data Science
• SAI #13: Lambda vs. Kappa Architecture.

その他

• GitHub - corkami/pics: Posters, drawings...
• 学びを仕事に繋げる - Speaker Deck
• https://github.com/Eandrju/cellular-automaton.nvim

変更履歴

• 初稿: 2023-01-16 22:03

Obsidian Tags : #blog #letter