█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 17 | Month: April | Year: 2017 | Release Date: 28/04/2017 | Edition: #167 ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that's really worth your time! URL: https://goo.gl/SXXey1 (+) Description: Old School Phishing Vulnerability on Outlook for Mac (CVE-2017-0207). URL: https://hackerone.com/reports/220494 Description: GitHub Extension Unsanitised HTML leading to XSS on GitHub.com. URL: https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol Description: The world's most secure communications protocol. 🐵 ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: http://offsecbyautomation.com/Open-Redirection-Bobrov/ Description: Open Redirect bug tested on different bug bounties to earn $4274. URL: https://github.com/minimaxir/big-list-of-naughty-strings Description: The Big List of Naughty Strings (QA/Fuzz Helper). URL: https://github.com/zmap/zgrab Description: Application layer scanner that operates with ZMap. URL: https://github.com/0rbz/Intel_Inside Description: Persistent SYSTEM Shell via Intel PROSet Wireless. URL: https://github.com/kudelskisecurity/scannerl Description: The modular distributed fingerprinting engine. URL: https://github.com/secrary/InfectPE Description: InfectPE - Inject custom code into PE file. URL: https://github.com/trailofbits/manticore Description: Dynamic binary analysis tool. URL: https://github.com/qazbnm456/awesome-cve-poc Description: A curated list of CVE PoCs. URL: https://github.com/superkojiman/pwnbox Description: Docker container for Reverse Eng. and Exploitation. URL: https://github.com/fdiskyou/kcshell Description: Interactive assembly/disassembly shell for various architectures. URL: https://github.com/redpois0n/cry Description: Cross platform PoC ransomware written in Go. ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues. URL: https://jaq.alibaba.com/community/art/show?articleid=781 PoC: https://github.com/zhengmin1989/macOS-10.12.2-Exp-via-mach_voucher Description: Local Privilege Escalation for macOS 10.12.2 and XNU port Feng Shui. URL: https://blogs.securiteam.com/index.php/archives/2928 Description: Cisco Mobile Services Engine (MSE) Preauthentication RCE. URL: https://www.ambionics.io/blog/drupal-services-module-rce Description: Drupal 7.x Services module unserialize() to RCE. URL: https://goo.gl/E2rgJ6 (+) Description: That time I had to crack my own Reddit password. URL: https://blog.cugu.eu/post/apfs/ Description: APFS filesystem format (Reverse). URL: https://goo.gl/QG0FPF (+) Description: UXSS in McAfee Endpoint Security and some extra goodies... URL: https://www.scip.ch/en/?labs.20170105 Description: Razor Code – Don't Cut Yourself (.NET Classic File Upload Vuln). URL: http://blog.opensecurityresearch.com/2013/01/windows-dll-injection-basics.html More: https://ijustwannared.team/2018/02/13/reflective-dlls-and-you/ Description: Windows DLL Injection Basics (Oldies). URL: https://textslashplain.com/2017/01/14/the-line-of-death/ Description: The Line of Death (Phishing...). URL: https://goo.gl/NMtcp2 (+) PoC: https://github.com/kgretzky/evilginx Description: Evilginx - Advanced Phishing with Two-factor Authentication Bypass. URL: https://goo.gl/AbEKml (+) Description: Arbitrary Kernel Memory Reads on Illumos (OpenSolaris fork). ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time? URL: https://www.youtube.com/watch?v=uNjxe8ShM-8 Description: On The Turing Completeness of PowerPoint. URL: http://xproger.info/projects/OpenLara/ Description: Classic Tomb Raider open-source engine. URL: https://www.ssh.com/ssh/port Description: The story of getting SSH port 22. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d http://pathonproject.com/zb/?8db3916a03870abc#svrH0FDMKd92ZybQ/5+OBGydAsZ81JcNwDLZPxcafsY=