█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 49 | Month: December | Year: 2015 | Release Date: 04/12/2015 | Edition: 94º ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that really worth your time! URL: http://www.n0tr00t.com/2015/11/27/cve-2015-8213.html Description: Django settings leak possibility in date template filter (CVE-2015-8213). URL: http://lizardhq.org/2015/11/25/dell-foundation-services.html Patch 😆 : http://lizardhq.org/2015/12/01/dell-foundation-services.2.html More: http://www.exploit-monday.com/2015/12/thoughts-on-exploiting-remote-wmi-query.html Description: Dell Foundation Services Remote Information Disclosure. ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: https://github.com/tsu-iscd/beef-drive Description: BeEF and Google Drive. URL: https://github.com/jenseng/xsslint Description: Find potential XSS vulnerabilities. URL: https://github.com/CoolerVoid/0d1n Description: Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. URL: https://github.com/ThomasKing2014/ELF-ARM-HOOK-Library Description: It's very smali to Substrate. But I give you three methods to do HOOK. URL: https://github.com/alienwithin/OWASP-mth3l3m3nt-framework Description: OWASP Mth3l3m3nt F. penetration testing tool and exploitation framework. URL: http://www.th3r3p0.com/vulns/jenkins/jenkinsVuln.html PoC: http://www.th3r3p0.com/vulns/jenkins/jenkinsVuln.py Description: Unauthenticated Stored Credential Recovery and RCE on Jenkins. URL: http://goo.gl/O07NBR (+) Description: Exploiting Padding Oracle To Gain Encryption Keys. URL: https://packetstormsecurity.com/files/134064/mchtml-exec.txt Description: Microsoft Compiled HTML Help Remote Code Execution. URL: http://www.pentest.guru/index.php/2015/10/19/ditch-psexec-spraywmi-is-here/ More: http://www.rapid7.com/resources/videos/how-psexec-and-remote-execution-work.jsp Description: Ditch PsExec, SprayWMI is here ;) (Pentest Stuff). URL: https://github.com/rcoh/stacksmash Description: A collection of toy programs for teaching buffer overflow vulnerabilities. ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues/problems. URL: https://jbeekman.nl/blog/2015/03/reverse-engineering-uefi-firmware/ Description: Reverse Engineering UEFI Firmware. URL: http://goo.gl/HCRlCE (+) Description: United Airlines Bug Bounty- An experience in reporting a serious vulns. URL: https://github.com/Muterra/doc-muse Description: Open, decentralizable, encrypted low-level social protocol. URL: http://blog.knownsec.com/2015/11/analysis-of-redis-unauthorized-of-expolit/ Description: Redis unauthorized access with SSH key files use analysis. URL: https://blog.srcclr.com/spring-social-core-vulnerability-disclosure/ Description: Spring Social Core Vulnerability Disclosure. URL: http://www.spect.cl/blog/2015/11/security-audit-scrapyd/ Description: Security Audit - Scrapyd (Python Security). URL: http://www.sciencedirect.com/science/article/pii/S1742287615000146 Description: Forensic analysis of a Sony PlayStation 4 - A first look. URL: http://www.labofapenetrationtester.com/2015/11/week-of-continuous-intrusion-day-1.html Description: Week of Continuous Intrusion (Jenkins PoC 100% Working). URL: http://goo.gl/9TtRd8 (+) DoS: https://cxsecurity.com/issue/WLB-2015120026 Description: Easy File Sharing Web Server v7.2 - Remote SEH Buffer Overflow (DEP Bypass w/ ROP). ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time ? URL: http://www.adriancourreges.com/blog/2015/11/02/gta-v-graphics-study/ Description: GTA V - Graphics Study. URL: https://github.com/Xyl2k/TSA-Travel-Sentry-master-keys Description: 3D reproduction of TSA Master keys. URL: http://thepiratebook.net/ Description: The Pirate Book. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d