█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 45 | Month: November | Year: 2020 | Release Date: 06/11/2020 | Edition: #351 ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that's really worth your time! URL: https://samy.pl/slipstream/ Description: NAT Slipstreaming. URL: https://ash-king.co.uk/blog/backdoor-android-facebook Description: Ability To Backdoor Facebook For Android. URL: https://devcraft.io/2020/10/20/github-pages-multiple-rces-via-kramdown-config.html Description: GitHub Pages - Multiple RCEs via insecure Kramdown config (CVE-2020-10518). ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: https://github.com/quantumcored/paradoxiaRAT Description: Native Windows Remote access Tool. URL: https://adepts.of0x.cc/kerberoast-vba-macro/ Description: Implementing kerberoast in pure VBA. URL: https://github.com/BBVA/apicheck Description: The DevSecOps toolset for REST APIs. URL: https://sensepost.com/blog/2020/pass-the-hash-wifi/ Description: Pass-the-hash WiFi. URL: https://github.com/zerofox-oss/phishpond Related: https://bit.ly/3jZzIuR (+) Description: Explore phishing kits in a contained environment. URL: https://www.antitree.com/2020/11/when-list-is-a-lie-in-kubernetes/ Description: When LIST is a Lie in Kubernetes. URL: http://zznop.com/posts/10-31-2020-Crash_Harnessing_with_Injected_Code.html Description: Crash Harnessing with Injected Code. URL: https://decoder.cloud/2020/10/27/when-a-stupid-oplock-leads-you-to-system/ Description: When a stupid oplock leads you to SYSTEM. URL: https://github.com/bohops/UltimateWDACBypassList Description: A centralized resource for previously documented WDAC bypass techniques. URL: https://github.com/intelowlproject/IntelOwl Description: Analyze files, domains, IPs in multiple ways from a single API at scale. URL: https://bit.ly/3mV2Sgx (+) Description: Using a C# shellcode runner and confuserex to Bypass uac while evading AV. URL: https://github.com/EncodeGroup/AggressiveProxy Blog: https://link.medium.com/y0ij9AVZ8ab Description: Project to enumerate proxy configs and generate shellcode from CobaltStrike. ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues. URL: https://rya.nc/dkim-privates.html Description: DKIM - Show Your Privates. URL: https://darkbit.io/blog/cve-2020-15157-containerdrip Description: CVE-2020-15157 "ContainerDrip" Write-up. URL: https://secret.club/2020/10/30/alien-swarm-rce.html Description: Wormable remote code execution in Alien Swarm. URL: https://scannell.me/fuzzing-for-ebpf-jit-bugs-in-the-linux-kernel/ PoC: https://github.com/scannells/exploits/tree/master/CVE-2020-27194 Description: Fuzzing for eBPF JIT bugs in the Linux kernel (CVE-2020-27194). URL: https://bit.ly/3mTjFjT (+) More: https://bit.ly/32hWBn9 (+) Description: The Tale of the Lost, but not Forgotten, Undocumented NetSync. URL: https://git.lsd.cat/g/pax-pwn Description: PAX Point of Sale devices reverse engineering and exploitation. URL: https://labs.ioactive.com/2020/11/cve-2020-16877-exploiting-microsoft.html Description: Exploiting Microsoft Store Games (CVE-2020-16877). URL: https://labs.f-secure.com/blog/samsung-s20-rce-via-samsung-galaxy-store-app/ Description: Samsung S20 - RCE via Samsung Galaxy Store App. URL: https://blog.redteam-pentesting.de/2020/websocket-vulnerability-tomcat/ PoC: https://github.com/RedTeamPentesting/CVE-2020-13935 Description: Diving into a WebSocket Vulnerability in Apache Tomcat (CVE-2020-13935). URL: https://swapcontext.blogspot.com/2020/10/uacme-35-wd-and-ways-of-mitigation.html Related: https://swapcontext.blogspot.com/2020/11/uac-bypasses-from-comautoapprovallist.html Description: UACMe 3.5, WD and the ways of mitigation. URL: https://bit.ly/38eSNqs (+) Description: Multiple Priv. Escalation in Citrix Gateway Plug-In (CVE-2020-8257/CVE-2020-8258). URL: https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html Description: A story of 3 CVE's in Ubuntu Desktop (CVE-2020-15703/CVE-2020-16121/CVE-2020-15238). ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time? URL: https://tixy.land/ Description: Minimalist creative coding environment. URL: https://codepen.io/jcoulterdesign/pen/WNxjVbW Description: The Caretaker - A pure CSS Horror/Puzzle game. URL: https://github.com/pry0cc/prys-hacks/blob/master/image-to-text Description: Copy-paste text THROUGH images. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d2068747470733a2f2f706174686f6e70726f6a6563742e636f6d https://pathonproject.com/zb/?7c734f7b6e63df44#Y+9Z2bx+3ED7WrK6LCrf36no//gEg0rw3aK3/nfb89c=