█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 17 | Month: April | Year: 2019 | Release Date: 26/04/2019 | Edition: #271 ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that's really worth your time! URL: https://ysamm.com/?p=256 Description: Disclose the content of internal Facebook Javascript modules. 😒 URL: https://scriptinjection.blogspot.com/2019/04/oe-classic-280-rce-via-stored-xss.html Description: OE Classic <= 2.8.0 RCE via stored XSS. URL: https://hackerone.com/reports/422043 Description: DOMXSS on Embedded SDK (Shopify.API.setWindowLocation) abusing cookie stuffing. ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: https://github.com/rek7/fireELF Description: Fileless Linux Malware Framework. URL: https://github.com/sa7mon/miniprint Description: A medium interaction printer honeypot. URL: http://bit.ly/2GBOOEW (+) Description: How to obtain Office 365 credentials on Mac OS. URL: https://github.com/airbus-cert/regrippy Description: A modern Python-3-based alternative to RegRipper. URL: https://github.com/Hamz-a/frida-android-libbinder Description: PoC Frida script to view Android libbinder traffic. URL: https://github.com/proabiral/inception Description: Tool to check for whatever you like against any number of hosts. URL: http://bit.ly/2GFK4PU (+) Description: PDFReacter SSRF to ROOT Level Local File Read which led to RCE. URL: https://github.com/zerosum0x0/smbdoor Description: Windows kernel backdoor via registering a malicious SMB handler. URL: https://github.com/illuminopi/RCEvil.NET More: http://bit.ly/2PuOKLs (+) | https://github.com/0xACB/viewgen Description: Tool for signing malicious ViewStates with a known validationKey. URL: https://medium.com/@terjanq/xss-auditor-the-protector-of-unprotected-f900a5e15b7b Description: XSS-Auditor — the protector of unprotected. URL: http://bit.ly/2XLQOlb (+) Description: Gaining Access to Card Data Using the Windows Domain to Bypass Firewalls. URL: https://github.com/thom-s/netsec-ps-scripts Description: Collection of PowerShell network security scripts for system administrators. ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues. URL: https://habr.com/en/post/449182/ Description: The most common OAuth 2.0 Hacks. URL: http://bit.ly/2W6YqOK (+) Description: Exploiting Deserialisation in ASP.NET via ViewState. URL: https://blog.trailofbits.com/2019/01/22/fuzzing-an-api-with-deepstate-part-1/ More: https://blog.trailofbits.com/2019/01/23/fuzzing-an-api-with-deepstate-part-2/ Description: Fuzzing an API with DeepState. URL: http://bit.ly/2L061xq (+) Description: Modern Vulnerability Research Techniques on Embedded Systems. URL: https://consensys.github.io/smart-contract-best-practices/known_attacks/ Description: Ethereum Smart Contract Best Practices - Known Attacks. URL: https://blog.quarkslab.com/android-application-diffing-engine-overview.html Description: Android Application Diffing - Engine Overview. URL: http://bit.ly/2UHi2Yp (+) Description: Weblogic CVE-2019-2647 and other related XXE vulnerability analysis. URL: https://blog.doyensec.com/2019/04/24/rubyzip-bug.html Description: On insecure zip handling, Rubyzip and Metasploit RCE (CVE-2019-5624). URL: https://sensepost.com/blog/2019/understanding-peap-in-depth/ PoC: http://bit.ly/2Hzcbzv (+) | https://github.com/qingxp9/CVE-2019-6203-PoC Description: Write-up of the EAP bug that affected all Apple devices (CVE-2019-6203). URL: https://www.linkedin.com/pulse/micro-patching-vulnerabilities-tutorial-0patch-t-k/ Description: Micro-patching vulnerabilities tutorial with 0patch. ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time? URL: https://http3-explained.haxx.se/en/ Description: HTTP/3 explained. URL: https://github.com/chrismaltby/gb-studio Description: Visual retro game maker. URL: https://wybiral.github.io/code-art/projects/tiny-mirror/ Description: Check yourself out in the favicon. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d https://pathonproject.com/zb/?cdfd5695f67e4f38#3K1SaNtPzlxIsOp84AjOYYgKC2hCRPa4gzKUCpDm4cI=