█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 13 | Month: April | Year: 2021 | Release Date: 02/04/2021 | Edition: #372  ###


'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://sensepost.com/blog/2021/from-500-to-account-takeover/
Description: From 500 to Account Takeover.

URL: https://portswigger.net/research/hidden-oauth-attack-vectors
Description: Hidden OAuth attack vectors.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/HashPals/Search-That-Hash
Description: The Fastest Hash Cracking System.

URL: https://github.com/CyborgSecurity/PoisonApple
Description: macOS persistence tool.

URL: https://link.medium.com/HA8aiH7LWeb
PoC: https://github.com/jychp/cloudflare-bypass
Description: How to bypass CloudFlare bot protection.

URL: https://github.com/BishopFox/smogcloud
Description: Find cloud assets that no one wants exposed.

URL: https://godiego.tech/posts/STO-AWS/
More: https://godiego.tech/posts/STO-Azure/
Description: Subdomain Takeover in AWS/Azure making a PoC.

URL: https://github.com/trailofbits/fickling
Blog: https://bit.ly/31BrkuG (+)
Description: A Python pickling decompiler and static analyzer.

URL: https://github.com/mrphrazer/obfuscation_detection
Description: Collection of scripts to pinpoint obfuscated code.

URL: https://github.com/NESCAU-UFLA/FuzzingTool
Description: Software for fuzzing, used on web application pentestings.

URL: https://github.com/secureCodeBox/secureCodeBox
Description: SecureCodeBox (SCB) - Continuous secure delivery out of the box.

URL: https://github.com/waleedassar/CVE-2021-1656
Description: TPM Device Driver Information Disclosure Vulnerability (CVE-2021-1656).

URL: https://github.com/tandasat/SmmExploit
More: http://standa-note.blogspot.com/2021/03/debugging-system-with-dci-and-windbg.html
Description: Kernel-to-SMM LPE in ASUS UX360CA BIOS version 303 (2021-26943).

URL: https://github.com/XMCyber/MacHound
Description: A Solution to MacOS Active Directory based Attacks (Bloodhound extension).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://blog.assetnote.io/2021/03/18/h2c-smuggling/
Description: H2C Smuggling in the Wild.

URL: https://bit.ly/31DT2H9 (+)
Description: Abusing VoIPmonitor for Remote Code Execution.

URL: https://blog.sonarsource.com/mybb-remote-code-execution-chain
Description: MyBB Remote Code Execution Chain.

URL: https://research.nccgroup.com/2021/03/29/saml-xml-injection/
Description: SAML XML Injection.

URL: https://bit.ly/34HaVYm (+)
Description: Using Kubelet Client to Attack the Kubernetes Cluster.

URL: https://starlabs.sg/advisories/21-3409/
Description: QEMU Heap Overflow in SDHCI Component (CVE-2021-3409).

URL: https://blog.redteam.pl/2019/08/threat-hunting-dns-firewall.html
Related: https://blog.redteam.pl/2020/03/dns-c2-rebinding-fast-flux.html
Description: Threat hunting using DNS firewalls and data enrichment.

URL: https://bit.ly/3wizlTq (+)
Description: netmask NPM Package SSRF, RFI, LFI, and more (CVE-2021-28918).

URL: https://bit.ly/3cKgTvo (+)
Description: Bypassing VPN MFA During a Pentest via Duo Inline Self-Enrollment.

URL: https://blog.vonahi.io/srclient-dll-hijacking/
Description: SrClient DLL Hijacking - a Windows Server 2012 bug that won't be patched.

URL: https://labs.f-secure.com/blog/wind-vision-writeup/
Description: Click here for free TV! - Chaining bugs to takeover Wind Vision accounts.

URL: https://www.archcloudlabs.com/projects/poking-at-elasticsearch-beyond-dumping-data/
Description: Poking At Elasticsearch - Beyond Just Dumping Data.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://git.blackmarble.sh/init6/exfil-keylocks/-/tree/main
Description: Exfil data using NumLock, CapsLock, and ScrollLock.

URL: https://github.com/ratfactor/ziglings
Description: Learn the Zig programming language by fixing tiny broken programs.

URL: https://github.com/microsoft/codetour
Description: VS Code extension that allows you to record and playback guided tours of codebases.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d2068747470733a2f2f706174686f6e70726f6a6563742e636f6d

https://pathonproject.com/zb/?916f11ebeffaa49d#AjdeKYKp9r4Vp+sZMujU3ir4whW4f5JjxPFP7yYF0kc=