█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 52 | Month: December | Year: 2014 | Release Date: 26/12/2014 | Edition: 46º ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that really worth your time! URL: http://git-blame.blogspot.pt/2014/12/git-1856-195-205-214-and-221-and.html More: https://github.com/blog/1938-vulnerability-announced-update-your-git-clients PoC: https://gitcasefail.googlecode.com/svn/trunk/repo/ (Vulnerable Repo) Description: Update your Git clients! URL: http://sintheticlabs.com/blog/a-look-inside-facebooks-source-code.html Description: A look inside Facebook's "source code". 😆 URL: http://hak-it.blogspot.pt/2014/12/stored-xss-on-facebook-and-twitter_18.html Description: Stored XSS on facebook and twitter! ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: http://pen-testing.sans.org/blog/pen-testing/2014/12/10/awkward-binary-file-transfers-with-cut-and-paste Description: Awkward Binary File Transfers with Cut and Paste. URL: http://hooked-on-mnemonics.blogspot.pt/p/injdmp.html Description: injdmp is a tool for dumping injected processes and dumping process memory that is marked as RWX. URL: http://www.darknet.org.uk/2014/12/bluemaho-project-bluetooth-security-testing-suite/ Description: BlueMaho Project – Bluetooth Security Testing Suite. URL: https://github.com/droope/droopescan Description: A plugin-based scanner to identifying issues in several CMSs, mainly Drupal and Silverstripe. URL: https://github.com/k33nteam/cc-shellcoding Blog: http://www.k33nteam.org/blog.htm Description: Framework dedicated to avoiding shellcoding in your project (focused on PoC for vulnerability response). URL: http://xgusix.com/blog/analyzing-a-malicious-excel-file-with-oledump-py/ Tool: http://blog.didierstevens.com/2014/12/17/introducing-oledump-py/ Description: Analyzing a malicious Excel file with oledump.py. ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues/problems. URL: https://titanous.com/posts/docker-insecurity Description: Docker Image Insecurity. URL: http://lifeat.tetrane.com/2014/12/ie-crash-analysis.html Description: IE crash analysis. URL: http://breenmachine.blogspot.gr/2014/12/raining-shells-ambari-0-day.html Description: Raining Shells - Ambari "0-day". URL: https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/ Description: Analysis of the CVE-2013-6435 Flaw in RPM. URL: http://www.justanotherhacker.com/2011/12/writing-a-stealth-web-shell.html Description: Writing a stealth web shell. URL: http://web-in-security.blogspot.pt/2014/11/detecting-and-exploiting-xxe-in-saml.html Description: Detecting and exploiting XXE in SAML Interfaces. URL: https://media.defcon.org/DEF%20CON%2022/DEF%20CON%2022%20video%20and%20slides/ Description: DEF CON 22 (Dump 😃). ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time ? URL: http://www.keurighack.com/ Description: Hacking Coffe Machines! URL: https://www.druid.es/content/gopro-firmware-forensic Description: GoPro firmware forensic. URL: http://hackertyper.com/ Description: Hackishhh. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d