█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 17 | Month: April | Year: 2018 | Release Date: 27/04/2018 | Edition: #219 ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that's really worth your time! URL: https://lightningsecurity.io/blog/linkedin/ Description: LinkedIn Autofill Vulnerability. URL: http://bit.ly/2HsCqdK (+) Description: Breaking bad to make good - Firefox CVE-2017–7843. ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: http://bit.ly/2vOHq71 (+) Description: Cobalt Strike – Bypassing Windows Defender with Obfuscation. URL: https://github.com/tehw0lf/airbash Description: Fully automated WPA PSK handshake capture script. URL: https://github.com/linkedin/qark Description: Tool for Android application audit. URL: https://github.com/51x/WHP Description: Micro$oft Windows Hacking Pack. URL: https://github.com/HanseSecure/credgrap_ie_edge Description: Extract stored credentials from Internet Explorer and Edge. URL: https://github.com/mitre/caldera Description: An automated adversary emulation system. URL: https://github.com/Ice3man543/subfinder Description: SubFinder is a subdomain discovery tool. URL: https://github.com/Nhoya/PastebinMarkdownXSS Description: XSS in pastebin.com via unsanitized markdown output. URL: http://blog.secu.dk/blog/Tunnels_in_a_hard_filtered_network Description: Pivoting through HTTP webshells with Tunna - SOCKS proxy webshells. URL: https://github.com/l0ss/Grouper Description: PS script for helping to find vulnerable settings in AD Group Policy. URL: https://security.szurek.pl/exploit-bypass-php-escapeshellarg-escapeshellcmd.html Description: Exploit/bypass PHP escapeshellarg/escapeshellcmd functions. URL: https://github.com/FireFart/CVE-2018-7600 More: https://gist.github.com/g0tmi1k/7476eec3f32278adc07039c3e5473708 Description: Drupal <7.58 Unauthenticated RCE For Drupal v8.4.5/v8.5.0 (CVE-2018-7600). ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues. URL: http://csl.com.co/rid-hijacking/ Description: RID Hijacking on Windows. URL: http://bit.ly/2KgT5i9 (+) Description: Do not underestimate credentials leaks. URL: https://blog.xpnsec.com/total-meltdown-cve-2018-1038/ PoC: http://bit.ly/2KfSRbi (+) | http://bit.ly/2qZOjOa (+) Description: Exploiting CVE-2018-1038 - Total Meltdown. URL: http://touhidshaikh.com/blog/?p=790 Description: Abusing SUDO (Linux Privilege Escalation). URL: https://arvanaghi.com/blog/reversing-ethereum-smart-contracts/ Description: Reversing Ethereum Smart Contracts. URL: http://bit.ly/2JqTRIs (+) Description: SQL injection, Oracle and full-width characters. URL: https://habrahabr.ru/post/272187/ Description: Not all cookies are equally useful. URL: http://blogs.360.cn/blog/how-to-kill-a-firefox-en/ Description: How to kill a (Fire)fox (CVE-2018-5146). URL: http://bit.ly/2HQEpYV (+) Description: Fuzzing Adobe Reader for exploitable vulns (fun != profit). URL: https://w00tsec.blogspot.pt/2018/04/abusing-mysql-local-infile-to-read.html Description: Abusing MySQL LOCAL INFILE to read client files. ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time? URL: https://github.com/BatchDrake/suscan Description: Channel scanner based on sigutils library. URL: https://github.com/tehnokv/picojs Description: A face detection library in 200 lines of JavaScript. URL: http://bit.ly/2vRctiE (+) Description: Reverse Engineering Facebook API - Private Video Downloader. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d http://pathonproject.com/zb/?014cbc5ba29808fc#+TFvGuXoUdklNvqXrIfodrPg+Z3VsYzk/lzWqfkpgA4=