█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 17 | Month: April | Year: 2020 | Release Date: 24/04/2020 | Edition: #323 ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that's really worth your time! URL: https://blog.cm2.pw/xssi-exploiting-the-unexploitable/ Description: XSSI - Exploiting the unexploitable. URL: https://hackerone.com/reports/541169 Description: GitLab::UrlBlocker validation bypass leading to full SSRF. URL: https://stazot.com/prestashop-csrf-to-rce-article/ Description: Critical CSRF to RCE bug chain in Prestashop v1.7.6.4 and below. ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: https://gitlab.com/x0r19x91/autoit-extractor Description: AutoIT Resource Extractor. URL: https://interrupt.memfault.com/blog/gnu-binutils Description: GNU Binutils - the ELF Swiss Army Knife. URL: https://github.com/noptrix/httpgrep Description: Scans HTTP servers to find given strings in URIs. URL: https://github.com/james0x40/CVE-2020-0624 Description: Win32k Elevation of Privilege via UaF PoC (CVE-2020-0624). URL: https://abrignoni.blogspot.com/2020/04/ios-houseparty-app-more-realm.html Description: iOS Houseparty app - More Realm. URL: https://github.com/talmaor/AzureADLateralMovement Blog: https://medium.com/@talthemaor/lateral-movement-graph-for-azure-ad-7c5e0136e2d8 Description: Lateral Movement graph for Azure Active Directory. URL: https://github.com/projectdiscovery/nuclei More: https://github.com/projectdiscovery/nuclei-templates Description: Tool for configurable targeted scanning based on templates. URL: https://medium.com/@polarply/build-your-first-llvm-obfuscator-80d16583392b Description: Build your first LLVM Obfuscator. URL: https://github.com/earthquake/SocksOverRDP Description: Socks5 Proxy support for Remote Desktop Protocol/Terminal Services. URL: https://www.varonis.com/blog/azure-skeleton-key/ Description: Azure Skeleton Key - Exploiting Pass-Through Auth to Steal Credentials. URL: https://github.com/lc/gau Related: https://github.com/pownjs/pown-lau Description: Fetch known URLs from AlienVault's OTE, the Wayback Machine, and Common Crawl. URL: https://github.com/Techbrunch/billing-hack Description: Application to impersonate the Google Play Billing service (com.android.vending). ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues. URL: https://www.codalabs.uk/blog/how-to-hack-5g-part-1 Description: Hacking 5G (Series). URL: https://duo.com/labs/research/finding-radio-sidechannels Description: TEMPEST@Home - Finding Radio Frequency Side Channels. URL: https://tech.firstlook.media/how-to-pick-a-video-conferencing-platform Description: How to Pick a Video Conferencing Platform. URL: https://www.mdsec.co.uk/2020/04/abusing-firefox-in-enterprise-environments/ Description: Abusing Firefox in Enterprise Environments. URL: https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/ Description: Exploiting (Almost) Every Antivirus Software. URL: https://medium.com/@dmxinajeansuit/elf-binary-mangling-part-1-concepts-e00cb1352301 More: https://bit.ly/3aqsawo (+) | https://bit.ly/3eMdF9C (+) Description: ELF Binary Mangling. URL: https://ricercasecurity.blogspot.com/2020/04/ill-ask-your-body-smbghost-pre-auth-rce.html Description: SMBGhost pre-auth RCE abusing Direct Memory Access structs (CVE-2020-0796). URL: https://medium.com/@peckshield/uniswap-lendf-me-hacks-root-cause-and-loss-analysis-50f3263dcc09 Description: Uniswap/Lendf.Me Hacks - Root Cause and Loss Analysis. URL: https://blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/ Description: You’ve Got (0-click) Mail! Unassisted iOS Attacks via MobileMail/Maild in the Wild. URL: https://insinuator.net/2020/04/cve-2020-0022-an-android-8-0-9-0-bluetooth-zero-click-rce-bluefrag/ Description: Android 8.0-9.0 Bluetooth Zero-Click RCE – BlueFrag (CVE-2020-0022). URL: https://medium.com/tenable-techblog/getting-root-on-macos-via-3rd-party-backup-software-b804085f0c9 Description: Getting Root on macOS via 3rd Party Backup Software. ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time? URL: http://amiarealdeveloper.com/ Description: Am I a Real Developer? URL: https://elder.dev/posts/open-source-virtual-background/ Description: Open Source Virtual Background. URL: https://gist.github.com/hasegawayosuke/83e81c48dc51f74608bc89ff1377dc62 Description: Hook getUserMedia() from Google Meet and stream a video. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d https://pathonproject.com/zb/?ee6ddc58837d0b64#6koybZpohsSstlBhTs8UvW0AygFE57kjltXfwYD8urY=