█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 14 | Month: April | Year: 2017 | Release Date: 07/04/2017 | Edition: #164 ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that's really worth your time! URL: https://goo.gl/MT32ED (+) Description: Airbnb – Web to App Phone Notification IDOR. URL: https://bugs.chromium.org/p/project-zero/issues/detail?id=1225 Description: LastPass RCE - Global properties can be modified across isolated worlds. ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: https://github.com/ChrisTruncer/WMImplant Blog: https://www.fireeye.com/blog/threat-research/2017/03/wmimplant_a_wmi_ba.html Description: A WMI Based Agentless Post-Exploitation RAT Developed in PowerShell. URL: https://github.com/akibsayyed/safeseven Description: SS7 Assessment Tool. URL: https://github.com/PanagiotisDrakatos/JavaRansomware Description: Simple Ransomware Tool in Pure Java. URL: http://hexinject.sourceforge.net/ Description: HexInject is a very versatile packet injector and sniffer. URL: https://github.com/Va5c0/Steghide-Brute-Force-Tool Description: Execute a brute force attack with Steghide to files. URL: https://github.com/ezekg/git-hound Description: Git plugin that prevents sensitive data from being committed. URL: https://github.com/edwardz246003/IIS_exploit Python PoC: https://github.com/danigargu/explodingcan Description: IIS 6.0 RCE in Microsoft Windows Server 2003 R2 (CVE-2017-7269). URL: https://gist.github.com/joernchen/f28ec01de20b22bbbee1622a41deb601 Description: Discourse RCE. URL: https://github.com/dxa4481/truffleHog Description: Searches git repos for high entropy strings aka secrets. URL: https://github.com/mauro-g/snuck Description: Automatic XSS filter bypass, with selenium. URL: https://github.com/elttam/advisories/tree/master/firejail Description: Firejail advisory for TOCTOU in --get and --put (local root). ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues. URL: https://goo.gl/pIKwVU (+) Description: WhatsApp & Telegram Accounts Takeovers. URL: https://unmitigatedrisk.com/?p=570 Description: CAs and SSL and Phishing Oh My! URL: https://razygon.github.io/2016/09/23/iOS-kernel-heap-review-5-10/ Description: iOS kernel heap review 5-10. URL: https://cobbr.io/ObfuscatedEmpire.html Description: Use an obfuscated, in-memory PS C2 channel to evade AV signatures. URL: https://goo.gl/D6mU2f (+) | https://goo.gl/eHsPc1 (+) Description: Hacking Polar Loop - Part 1 and 2. URL: https://goo.gl/xcQhzl (+) Description: Breaking down qwertyoruiopz's 4.0x userland exploit. URL: https://capacitorset.github.io/mathjs/ Description: How we exploited a RCE vulnerability in math.js. URL: https://www.aptive.co.uk/blog/unrestricted-file-upload-testing/ Description: Unrestricted File Upload Testing. URL: https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/ Description: Synology Bug Bounty Report. URL: http://offsecbyautomation.com/Automating-Web-Content-Discovery/ Description: Automating Web Content Discovery (Alerting). URL: https://codewhitesec.blogspot.pt/2017/04/amf.html Description: AMF – Another Malicious Format. ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time? URL: https://github.com/kjempelodott/rickify Description: How to rickroll Spotify for Android. URL: https://mastodon.social/ Description: Mastodon is a free, open-source social network. URL: https://calebfenton.github.io/2017/04/05/creating_java_vm_from_android_native_code/ Description: Creating a Java VM from Android Native Code. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d http://pathonproject.com/zb/?5d5e9e2695955728#R1/yZt77s49v4JDaA8/aPuuPWI0uIFXcpyh9Gy3JQ7A=