█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 36 | Month: September | Year: 2017 | Release Date: 08/09/2017 | Edition: #186 ###


'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://zhchbin.github.io/2017/08/30/Uber-XSS-via-Cookie/
Description: XSS Injection via Cookie - Uber Bug Bounty.

URL: https://opnsec.com/2017/08/advanced-flash-vulnerabilities-in-youtube/
More: https://goo.gl/51CacB (+) | https://goo.gl/BDs1Fe (+)
Description: Advanced Flash Vulnerabilities in Youtube.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/v-p-b/oracle_forms
Paper: https://goo.gl/P4zfTA (+)
Description: Oracle Forms Test Scripts.

URL: https://github.com/smythtech/sdnpwn
Description: Software-Defined Networks (SDNs) penetration testing toolkit.

URL: https://github.com/evilsocket/smali_emulator
Description: Emulate a smali source file generated by apktool.

URL: https://blog.didierstevens.com/2017/09/05/abusing-a-writable-windows-service/
Description: Abusing A Writable Windows Service.

URL: https://github.com/mthbernardes/fses
Description: Fuc... Search Engines Scraper - PyLib to scrap url's from search engines.

URL: https://github.com/gendx/pdf-corpus
Description: Python script to quickly create hand-crafted PDF files (Handy).

URL: https://www.doyler.net/security-not-included/certreq-exfiltration
Description: CertReq Exfiltration – Getting Data via Native Tools & CSRs!

URL: https://github.com/evilcos/xssor2
Description: XSS'OR - Hack with JavaScript.

URL: https://github.com/lclevy/ab_decrypt
Description: ab_decrypt.py - An educational python tool to decrypt Android backups.

URL: https://github.com/neoneggplant/EggShell
Related: https://www.redcanary.com/blog/detecting-eggshell-surveillance-tool/
Description: iOS/macOS Remote Administration Tool.

URL: https://github.com/federicodotta/Brida
Blog: https://goo.gl/dGbT3D (+)
Description: The new bridge between Burp Suite and Frida!


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://lgtm.com/blog/apache_struts_CVE-2017-9805
PoC: https://www.exploit-db.com/exploits/42627/ | https://goo.gl/snfMLL (+)
Description: Using QL to find a RCE vulnerability in Apache Struts (CVE-2017-9805).

URL: http://blog.thinkst.com/2017/08/disrupting-aws-s3-logging.html
Description: Disrupting AWS S3 Logging.

URL: http://dmitry.gr/index.php?r=05.Projects&proj=23.%20PSoC4
Description: Exploiting PSoC4 for fun and profit.

URL: https://reactarmory.com/answers/how-can-i-use-css-in-js-securely
Description: How can I use CSS-in-JS securely?

URL: http://www.martinvigo.com/diy-spy-program-abusing-apple-call-relay-protocol/
Description: DIY Spy Program - Abusing Apple’s Call Relay Protocol.

URL: https://benkowlab.blogspot.pt/2017/08/from-onliner-spambot-to-millions-of.html
Description: From Onliner Spambot to millions of email's lists and credentials.

URL: http://blog.pentestbegins.com/2017/08/05/remote-xss-attack-using-csrf/
Description: XSS + CSRF + PayPal's Partner = Unauthorized access to Victim's Account.

URL: https://goo.gl/JhkeQj (+)
Description: Airbnb – Ruby on Rails String Interpolation led to RCE.

URL: http://www.ringzerolabs.com/2017/08/bypassing-anti-analysis-technique-in.html
Description: Bypassing Anti-Analysis Technique In Office Documents.

URL: https://blogs.securiteam.com/index.php/archives/3379
Description: Chrome v59 Turbofan Remote Code Execution (type confusion vulnerability).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://www.imperialviolet.org/2017/08/13/securitykeys.html
Description: Security Keys (101).

URL: https://blog.quarkslab.com/flash-dumping-part-i.html
Description: Flash Dumping.

URL: https://goo.gl/DtNjd8 (+)
Description: Creating a Surveillance Camera using a Pi Zero W.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

http://pathonproject.com/zb/?b7af3dedc936d19f#R9j3poIiftpORDQvRRKfZD2kPSZZbQXY+KYr124uWIs=