 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 15 | Month: April | Year: 2022 | Release Date: 15/04/2022 | Edition: #426 ###


'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://blog.fadyothman.com/metas-sparkar/
Description: Meta's SparkAR RCE Via ZIP Path Traversal.

URL: https://bit.ly/3JGRnUX (+)
Description: Exploiting a double-edged SSRF for server and client-side impact.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/jmgk77/PDL
Description: A tool/library to proxify DLL.

URL: https://github.com/z-Riocool/ldap_shell
Description: LDAP Shell - AD ACL abuse.

URL: https://github.com/synacktiv/QLinspector
Description: Finding Java gadget chains with CodeQL.

URL: https://github.com/six2dez/ipcdn
Description: Check which CDN providers an IP list belongs to.

URL: https://github.com/ehids/ecapture
Description: Capture SSL/TLS text content without CA cert by eBPF.

URL: https://github.com/rly0nheart/octosuite
Description: Advanced Open Source Intelligence Framework for Github.

URL: https://github.com/crypt0rr/hash-cracker
Description: Script to perform some hashcracking logic automagically.

URL: https://0xstarlight.github.io/posts/Active-Directory-Domain-Persistence/
Description: Active Directory - Domain Persistence.

URL: https://github.com/jsherman212/xnuspy
Description: iOS kernel function hooking framework for checkra1n'able devices.

URL: https://github.com/firefart/cisco-snmp-pwner
Description: Tool to dump cisco device configs via snmp and/or add new users.

URL: https://github.com/anchore/syft
Description: CLI tool/Library for generating a SBOM from container images and FSs. 

URL: https://github.com/utkusen/wholeaked
Description: File sharing tool to find the responsible person in case of a leakage.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://shomil.me/bereal/
Description: Reverse Engineering BeReal.

URL: https://github.com/corkami/collisions
Description: Hash collisions and their exploitations.

URL: https://www.notgitbleed.com/
Description: Credentials leaked as metadata inside git commits.

URL: https://vollragm.github.io/posts/abusing-large-page-drivers/
Description: Abusing LargePageDrivers to copy shellcode into valid kernel modules.

URL: https://blog.lexfo.fr/dexguard.html
Description: Step-by-step guide to reverse an APK protected with DexGuard using Jadx.

URL: https://link.medium.com/KBiQtlMOdpb 
Descrription: Make phishing great again. VSTO office files are the new macro nightmare?

URL: https://blog.lightspin.io/aws-rds-critical-security-vulnerability
Description: Exploiting a LFR vuln. on the RDS EC2 instance using the log_fdw extension. 

URL: https://back.engineering/13/04/2022/
Tool: https://github.com/mike1k/perses 
Description: Breaking Aimware popular CS:GO cheat by obfuscating CS:GO's engine.dll module.

URL: https://github.com/httpvoid/writeups/blob/main/Ruby-deserialization-gadget-on-rails.md
More: https://devcraft.io/2022/04/04/universal-deserialisation-gadget-for-ruby-2-x-3-x.html
Description: Ruby Deserialization - Gadget on Rails.

URL: https://bit.ly/3JHvu7Y (+)
PoC: https://github.com/polakow/CVE-2022-21907
Description: http.sys HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2022-21907).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://kiwiziti.com/~matt/wireguard/
Description: You may not need Cloudflare Tunnel - Linux is fine.

URL: https://m4gnum.xyz/firmware/2022/04/13/seabios-multithreading.html
Description: Why would legacy BIOS support multithreading?

URL: https://textslashplain.com/2020/02/11/browser-password-managers-threat-models/
Description: Browser Password Managers - Threat Models.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d2068747470733a2f2f706174686f6e70726f6a6563742e636f6d

https://pathonproject.com/zb/?3aa921bf3c0d4ce0#DqZXU5Hop+C+nvY05Jjx7r/bLZcBPD8/xEeHL47TH7I=