█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 19 | Month: May | Year: 2020 | Release Date: 08/05/2020 | Edition: #325 ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that's really worth your time! URL: https://blog.doyensec.com/2020/04/30/polymorphic-images-for-xss.html Description: Researching Polymorphic Images for XSS on Google Scholar. URL: https://opnsec.com/2020/05/dom-xss-in-gmail-with-a-little-help-from-chrome/ Description: DOM XSS in Gmail with a little help from Chrome. URL: https://bit.ly/2SMtvaL (+) Description: Stealing Trello token by abusing a cross-iframe XSS on the Butler Plugin. ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: https://github.com/odedshimon/BruteShark Description: Network Analysis Tool. URL: https://github.com/fransr/postMessage-tracker Description: Chrome Extension to track postMessage usage. URL: https://bit.ly/3ftttOY (+) Description: Decrypting and analyzing HTTPS traffic without MiTM. URL: https://github.com/decoder-it/NetworkServiceExploit Blog: https://decoder.cloud/2020/05/04/from-network-service-to-system/ Description: POC for NetworkService Privilege Escalation. URL: https://github.com/horsicq/XELFViewer Description: ELF file viewer/editor for Windows, Linux and MacOS. URL: https://git.lsd.cat/g/nokia-keygen Description: WPA and admin password generator for Nokia and Alcatel CPEs. URL: https://www.cyclon3.com/Bypass-Instagram-SSL-Certificate-Pinning-for-iOS Description: Bypass Instagram SSL Certificate Pinning for iOS. URL: https://ijustwannared.team/2020/05/05/com-hijacking-for-lateral-movement/ Description: COM Hijacking for Lateral Movement. URL: https://anubissec.github.io/How-To-Call-Windows-APIs-In-Golang/# Related: https://github.com/zlowram/gopart | https://github.com/zlowram/gowin Description: How To Call Windows APIs in Golang. URL: https://blog.sambal0x.com/2020/04/30/Hacking-razer-pay-ewallet-app.html Description: Hacking Razer Pay Ewallet App. URL: https://github.com/thezdi/PoC/tree/master/CVE-2020-0558 Blog: https://bit.ly/3cekL54 (+) Description: PoC for Trio of RCE Bugs in Intel Wireless Adapters (CVE-2020-0558). URL: https://github.com/HoShiMin/Kernel-Bridge Description: Windows kernel hacking framework, driver template, hypervisor and API. ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues. URL: https://exploit.ph/crossing-trusts-4-delegation.html Description: Crossing Trusts 4 Delegation. URL: https://johannesbader.ch/blog/the-dga-of-zloader/ Description: The Domain Generation Algorithm (DGA) of Zloader. URL: https://www.gremwell.com/node/955 Description: Remote Command Execution on RemotePC for Windows. URL: https://www.notsosecure.com/exploiting-vlan-double-tagging/ Description: Exploiting VLAN Double Tagging. URL: https://cturt.github.io/shogihax.html Description: Remote Code Execution on Nintendo 64 through Morita Shogi 64. URL: https://bit.ly/35GJaxN (+) Description: Piercing the Veal - Short Stories to Read with Friends (SSRF). URL: https://itm4n.github.io/printspoofer-abusing-impersonate-privileges/ Description: Abusing Impersonation Privileges on Windows 10 and Server 2019. URL: https://blog.redforce.io/windows-authentication-and-attacks-part-1-ntlm/ More: https://blog.redforce.io/windows-authentication-attacks-part-2-kerberos/ Description: Windows authentication attacks. URL: https://bit.ly/2Wzky5U (+) Description: Closing the Loop - Practical Attacks and Defences for GraphQL APIs. URL: https://siguza.github.io/psychicpaper/ More: https://wojciechregula.blog/post/stealing-your-sms-messages-with-ios-0day/ Description: "Psychic Paper" - iOS XML <3. URL: https://shells.systems/open-audit-v3-3-1-remote-command-execution-cve-2020-12078/ Description: Open-AudIT v3.3.1 Remote Command Execution (CVE-2020-12078). ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time? URL: https://jdan.github.io/98.css/ Description: 98.css. URL: https://github.com/oseiskar/corona-sniffer Description: BLE contact tracing sniffer PoC. URL: https://dev.to/angt/how-to-store-your-little-secrets-l8e Description: How to store your little secrets. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d https://pathonproject.com/zb/?f89dc295e4f10889#7ESR060uTofCi606g+Pr1+907f39CV11fChOqrtRcN4=