█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 19 | Month: May | Year: 2014 | Release Date: 09/05/2014 | Edition: 15º ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that really worth your time! URL: http://penturalabs.wordpress.com/2014/05/04/reverse-dom-xss/ Description: Reverse DOM XSS (Nice Technique 😎). URL: http://www.websecresearch.com/2014/05/a-way-to-bypass-authentication.html Description: Authentication Bypass Using Login Validation Process Prediction. URL: http://blog.flowdock.com/2014/05/07/how-we-found-a-directory-traversal-vulnerability-in-rails-routes/ PoC: $ curl localhost:3000/staraction/../../../../../../../../../../etc/passwd.txt Description: How we found a directory traversal vulnerability in Rails routes. URL: http://makthepla.net/blog/=/plesk-sso-xxe-xss Description: Plesk 10 & 11 SSO XXE/XSS. ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: https://code.google.com/p/wfuzz/ Description: Wfuzz is a tool designed for bruteforcing Web Applications. URL: http://www.frida.re/ Description: Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android. URL: https://code.google.com/p/volafox/ Description: Volafox a.k.a 'Mac OS X Memory Analysis Toolkit'. URL: http://blog.mrg-effitas.com/publishing-of-mrg-effitas-automatic-xor-decryptor-tool/ Description: Automatic XOR decryptor tool (Yet Another Tool). URL: http://www.blisstonia.com/software/Decrypto/ Description: Decrypto 8.5 is a free program for solving cryptoquips. ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues/problems. URL: http://www.thespanner.co.uk/2014/05/06/mxss/ More: http://d.hatena.ne.jp/hasegawayosuke/20140508/p1 Description: Mutation XSS (mXSS) the beginning! URL: http://www.nirgoldshlager.com/2013/02/how-i-hacked-facebook-oauth-to-get-full.html Description: How I Hacked Facebook OAuth To Get Full Permission On Any Facebook Account (Without App "Allow" Interaction). URL: http://car-online.fr/files/publications/2014-03-CODASPY/kameleonfuzz-evolutionary_blackbox_XSS_fuzzing-duchene-codaspy_2014-paper.pdf Description: KameleonFuzz - Evolutionary Fuzzing for Black-Box XSS Detection. URL: http://thehackpot.blogspot.ie/2014/04/android-hacking-using-armitage.html Description: Android Hacking with Armitage. URL: http://rce4fun.blogspot.pt/2014/05/windows-heap-overflow-exploitation.html Description: Windows Heap Overflow Exploitation (Step by Step). ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time ? URL: http://pastebin.com/raw.php?i=gjkivAf3 Description: OpenSSH sshd - memory leak (Legen...Wait For It...Dary). URL: https://gist.github.com/quchen/5280339 Description: Trolling Haskell. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d 5065746b6f205065746b6f76202d2040706470202d2068747470733a2f2f61626f75742e6d652f706470