█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 39 | Month: September | Year: 2019 | Release Date: 27/09/2019 | Edition: #293 ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that's really worth your time! URL: https://hackerone.com/reports/692603 Description: Semmle - Privilege Escalation in Workers Container. URL: https://medium.com/@terjanq/dom-clobbering-techniques-8443547ebe94 Description: Clobbering the clobbered — Advanced DOM Clobbering. URL: https://samcurry.net/analysis-of-cve-2019-14994/ PoC: https://github.com/bugbounty-site/exploits/tree/master/CVE-2019-14994 Description: Jira Service Desk Path Traversal leads to Info. Disclosure (CVE-2019-14994). ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: https://github.com/nccgroup/thetick Description: A simple embedded Linux backdoor. URL: https://github.com/p-/socket-connect-bpf Description: Get live information about applications that make network requests. URL: https://github.com/matterpreter/Shhmon Blog: https://posts.specterops.io/shhmon-silencing-sysmon-via-driver-unload-682b5be57650 Description: Shhmon - Neuter Sysmon by unloading its driver. URL: http://bit.ly/2kGLOjK (+) Description: Jenkins RCE PoC or simple pre-auth RCE on the Server. URL: https://blog.grimm-co.com/post/guided-fuzzing-with-driller/ Description: Guided Fuzzing with Driller. URL: https://modexp.wordpress.com/2019/08/30/minidumpwritedump-via-com-services-dll/ Description: MiniDumpWriteDump via COM+ Services DLL. URL: https://pentestlab.blog/2019/09/11/microsoft-exchange-mailbox-post-compromise/ Description: Microsoft Exchange – Mailbox Post Compromise. URL: https://github.com/sandialabs/dr_robot Description: Tool to enumerate the subdomains by aggregating multiple OSINT tools results. URL: https://github.com/pwntester/DupeKeyInjector Description: Burp Suite extension implementing Dupe Key Confusion (XML signature bypass). URL: https://github.com/arthastang/Router-Exploit-Shovel Description: Automated Application Generation for Stack Overflow Types on Wireless Routers. URL: https://github.com/googleprojectzero/iOS-messaging-tools Description: Repository containing several tools Project Zero uses to test iPhone messaging. URL: https://github.com/whitel1st/docem Description: Utility to embed XXE and XSS payloads in docx,odt,pptx,etc (OXML_XEE on steroids). ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues. URL: http://bit.ly/2mW6FjW (+) Description: Exploiting Cookie Based XSS by Finding RCE. URL: https://interrupt.memfault.com/blog/ble-throughput-primer Description: A Practical Guide to BLE Throughput. URL: https://alephsecurity.com/2019/09/02/Z3-for-webapp-security/ Description: Breaking Algorithms - SMT Solvers for WebApp Security. URL: https://ackcent.com/blog/in-depth-freemarker-template-injection/ Description: In-depth Freemarker Template Injection. URL: https://adapt-and-attack.com/2019/08/29/proxying-com-for-stable-hijacks/ Description: Proxying COM For Stable Hijacks. URL: https://medium.com/@memn0ps/http-request-smuggling-cl-te-7c40e246021c Description: HTTP Request Smuggling CL.TE URL: https://blog.xpnsec.com/bypassing-macos-privacy-controls/ Description: Bypassing MacOS Privacy Controls. URL: https://medium.com/@akshukatkar/rce-with-flask-jinja-template-injection-ea5d0201b870 More: https://0x00sec.org/t/explaining-server-side-template-injections/16297 Description: RCE with Flask Jinja Template Injection. URL: http://bit.ly/2lXfyJy (+) PoC: https://github.com/securifera/CVE-2019-1579 Description: PreAuth RCE on Palo Alto GlobalProtect Part II (CVE-2019-1579). URL: https://medium.com/@vickieli/how-to-find-more-idors-ae2db67c9489 Description: How to find more IDORs - And maximize their impact while hunting for bugs. ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time? URL: https://github.com/evilsocket/pwnagotchi Description: Deep Reinforcement Learning vs WiFI. URL: http://bit.ly/2ltl8DK (+) Description: An absolute beginners guide to nRF52840. URL: https://hsivonen.fi/string-length/ Description: It’s Not Wrong that "🤦🏼‍♂️".length == 7. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d https://pathonproject.com/zb/?5546c616a14ca6e5#U5wiQt/ye8AY+l3HpUcVVEX2S7P40qAevQnvYChEAmc=