█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 14 | Month: April | Year: 2022 | Release Date: 08/04/2022 | Edition: #425 ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that's really worth your time! URL: https://hackerone.com/reports/783877 Description: Remote Code Execution in Slack desktop apps + bonus. URL: https://link.medium.com/E885oyCLZob Description: HTTP Request Smuggling on business.apple.com and Others. ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: https://github.com/kris-nova/boopkit Description: Linux eBPF backdoor over TCP. URL: https://cloudbrothers.info/en/azure-dominance-paths/ Description: Azure Dominance Paths. URL: https://github.com/wfinn/redirex Description: Tool that generates bypasses for open redirects. URL: https://github.com/deepfence/PacketStreamer Blog: https://link.medium.com/cDUP28dZ0ob Description: Distributed packet capture for cloud-native platforms. URL: https://github.com/IcebreakerSecurity/PersistBOF Description: A tool to help automate common persistence mechanisms. URL: https://amini.eu/posts/cloud_native_security/ Description: Cloud-native security (Container Security Cheat Sheet). URL: https://github.com/PaloAltoNetworks/can-ctr-escape-cve-2022-0492 Description: Test containers to container escapes via CVE-2022-0492. URL: https://www.trustedsec.com/blog/making-smb-accessible-with-ntlmquic/ Description: Making SMB Accessible with NTLMquic. URL: https://github.com/jhftss/CVE-2022-22639 Blog: https://bit.ly/3uhqmTu (+) Description: MacOS SUHelper Root Privilege Escalation Vulnerability (CVE-2022-22639). URL: https://github.com/RyanJarv/cdn-proxy Blog: https://bit.ly/37mzEEO (+) Description: Create a copy of a targeted website with CDN and WAF restrictions disabled. URL: https://github.com/mnrkbys/ma2tl Description: macOS forensic timeline generator using the analysis result DBs of mac_apt. URL: https://github.com/microsoft/routeros-scanner Description: Tool to scan for RouterOS (Mikrotik) forensic artifacts and vulnerabilities. ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues. URL: https://scribesecurity.com/github-cache-poisoning/ Description: GitHub Cache Poisoning. URL: https://blog.sonarsource.com/php-supply-chain-attack-on-pear Description: PHP Supply Chain Attack on PEAR. URL: https://link.medium.com/PTRVaGTW0ob Description: When Equal is Not, Another WebView Takeover Story. URL: https://blog.xilokar.info/pwning-the-bcm61650.html Description: Pwning a femtocell - ROM secure boot bypass on bcm61650. URL: https://bit.ly/3JkiLbh (+) Description: A Sneak Peek into Smart Contracts Reversing and Emulation. URL: https://blog.relyze.com/2022/04/pwning-cisco-rv340-with-4-bug-chain.html Description: Pwning a Cisco RV340 with a 4 bug chain exploit. URL: https://bit.ly/3iPLjP1 (+) Description: Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121). URL: https://blog.dbouman.nl/2022/04/02/How-The-Tables-Have-Turned-CVE-2022-1015-1016/ PoC: https://github.com/pqlx/CVE-2022-1015 Description: An analysis of two Linux vulns in nf_tables (CVE-2022-1015/CVE-2022-1016). URL: https://www.secureworks.com/research/azure-active-directory-exposes-internal-information Description: Azure Active Directory Exposes Internal Information. URL: https://orca.security/resources/blog/breakingformation-technical-vulnerability-walkthrough/ Description: BreakingFormation - Technical Vulnerability Walkthrough. ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time? URL: https://www.pico-8-edu.com/ Description: PICO-8 Education Edition. URL: https://devd.me/log/posts/startup-security/ Description: Early Security for Startups. URL: https://blog.thelazyfox.xyz/how-to-mount-an-encrypted-google-drive-folder-with-rclone/ Description: How to mount an encrypted Google Drive folder with rclone. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d2068747470733a2f2f706174686f6e70726f6a6563742e636f6d https://pathonproject.com/zb/?8630802488eecd67#2KGXJ5qPVFHo+J3UQWHmltgIHP8E9CbU1COOs2z9RhM=