█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 21 | Month: May | Year: 2017 | Release Date: 26/05/2017 | Edition: #171 ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that's really worth your time! URL: http://kedrisec.com/twitter-publish-by-any-user/ Description: Publish tweets by any other user. URL: https://www.ambionics.io/blog/oracle-peoplesoft-xxe-to-rce Description: Oracle PeopleSoft Remote Code Execution - Blind XXE to SYSTEM Shell. URL: https://randywestergren.com/xss-sms-hacking-text-messages-verizon-messages/ Description: XSS over SMS - Hacking Text Messages in Verizon Messages. ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: https://github.com/nelenkov/gdrive-appdata Description: Fetch Android appdata/ from Google Drive. URL: https://github.com/jtesta/ssh-mitm Description: SSH man-in-the-middle tool. URL: https://github.com/ANSSI-FR/bootcode_parser Description: Script to analyse the boot records used by BIOS based systems (!UEFI). URL: https://github.com/bwall/HashPump Description: Tool to exploit the hash len extension attack in hashing algorithms. URL: https://github.com/SpiderLabs/Airachnid-Burp-Extension Blog: https://goo.gl/fmzkPk (+) Description: A Burp Extension to test Web Cache Deception attacks. URL: https://github.com/hlldz/Invoke-Phant0m Description: Windows Event Log Killer. URL: https://github.com/python-security/pyt Description: Static analysis of python web apps based on theoretical foundations. URL: https://github.com/mbechler/marshalsec/ Description: Java Unmarshaller Security - Turning your data into code execution. URL: https://github.com/ShellcodeSmuggler/IAT_POC Description: IAT based payload helper for bypass post DEP/ASLR protections in EMET. URL: https://github.com/stealth/plasmapulsar Description: Generic root exploit against kde (CVE-2017-8422, CVE-2017-8849). URL: http://www.debasish.in/2017/05/openxmolar-ms-openxml-format-fuzzing_20.html Description: OpenXMolar - A MS OpenXML Format Fuzzing Framework. ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues. URL: http://www.exfiltrated.com/research-BIOS_Based_Rootkits.php Description: BIOS Based Rootkits. URL: http://blog.timac.org/?p=1570 Description: Deobfuscating libMobileGestalt (iOS) keys. URL: https://cobbr.io/ScriptBlock-Logging-Bypass.html Description: PowerShell ScriptBlock Logging Bypass. URL: http://cloak-and-dagger.org/ Description: Cloak & Dagger is a new class of attacks affecting Android devices. URL: https://wald0.com/?p=112 Description: BloodHound 1.3 – The ACL Attack Path Update. URL: https://goo.gl/Xzy1ql (+) Description: From Serialized to Shell - Exploiting Google Web Toolkit w/ EL Injection. URL: https://www.elttam.com.au/blog/playing-with-canaries/ Description: Playing with canaries (Looking at SSP over several architectures). URL: https://goo.gl/4oruRY (+) Description: Trend Micro ServerProtect Multiple Vulnerabilities (CVE-2017-9032/37). URL: https://tyranidslair.blogspot.pt/2017/05/exploiting-environment-variables-in.html Description: Exploiting Environment Variables in Scheduled Tasks for UAC Bypass. URL: https://animal0day.blogspot.co.uk/2017/05/fuzzing-apache-httpd-server-with.html Description: Fuzzing Apache httpd server with American Fuzzy Lop + persistent mode. URL: https://medium.com/@d0znpp/how-to-bypass-libinjection-in-many-waf-ngwaf-1e2513453c0f Description: How to bypass libinjection in many WAF/NGWAF. ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time? URL: https://gist.github.com/winocm/e3eb9c9b061c7414441c45a4938a0c57 Description: Unicode_was_a_bad_idea.cc. URL: https://github.com/FireyFly/pixd Description: Colourful visualization tool for binary files. URL: https://github.com/m3liot/ryanair-seats Description: Tool to predict which seat you will have for free at Ryanair. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d http://pathonproject.com/zb/?6e7e98410957f89f#nFNYEZ5VRLnH6SSFcOj59CjWwnm7hvZ1a5WTzSp6ikQ=