█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 50 | Month: December | Year: 2014 | Release Date: 12/12/2014 | Edition: 44º ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that really worth your time! URL: http://blog.dewhurstsecurity.com/2014/12/09/how-i-hacked-facebook.html Description: How I hacked Facebook. URL: http://josipfranjkovic.blogspot.pt/ Description: Reading local files from Facebook's server (fixed). ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: https://gist.github.com/worawit/84ab41358b8465966224 Description: CVE-2014-6332 PoC to get shell (packed everything in one html). URL: https://github.com/inaz2/roputils Description: A Return-oriented Programming toolkit. URL: https://github.com/c0r3dump3d/Parsero Description: Robots.txt audit tool. URL: https://github.com/bidord/pykek Related: http://blog.liatsisfotis.com/knock-and-pass-kerberos-exploitation.html Description: Kerberos Exploitation Kit MS14-068 (CVE-2014-6324). URL: http://cxsecurity.com/issue/WLB-2014120030 Description: tnftp in MacOS X 10.10 & FreeBSD10 RCE Exploit. URL: https://securityreliks.wordpress.com/2010/08/20/devtcp-as-a-weapon/ Description: /dev/tcp as a weapon. 😊 URL: http://desowin.org/usbpcap/tour.html Description: USB Packet capture for Windows. ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues/problems. URL: http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html Description: Offset2lib - bypassing full ASLR on 64bit Linux. URL: http://securityintelligence.com/spoofedme-social-login-attack-discovered-by-ibm-x-force-researchers/ Description: SpoofedMe Social Login Attack Discovered by IBM X-Force Researchers. URL: https://evil32.com/ Description: Stay away from 32-bit key IDs in GPG. URL: http://pen-testing.sans.org/blog/pen-testing/2014/12/04/cross-site-scripting-through-file-metedata Description: Finding "Zero-Day" XSS Vulns via Doc Metadata. URL: http://samiux.blogspot.pt/2014/12/howto-arpon-on-kali-linux-109a.html Description: How - ArpON on Kali Linux 1.0.9a (Free Tips). URL: https://forsec.nl/2014/12/reading-outlook-using-metasploit/ Description: Reading Outlook using Metasploit. URL: http://h30499.www3.hp.com/t5/Fortify-Application-Security/Leveraging-SimpleHTTPServer-as-a-Simple-Web-Honeypot/ba-p/6682905 Description: Leveraging SimpleHTTPServer as a Simple Web Honeypot. ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time ? URL: http://www.jfedor.org/aaquake2/ Description: Text Mode Quake II. URL: http://alexnisnevich.github.io/untrusted/ Description: The continuing adventures of Dr. Eval. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d