█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 29 | Month: July | Year: 2022 | Release Date: 22/07/2022 | Edition: #440 ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that's really worth your time! URL: https://philippeharewood.com/instagram-app-access-token/ Description: Instagram App Access Token. URL: https://blog.sonarsource.com/blitzjs-prototype-pollution/ Description: Remote Code Execution via Prototype Pollution in Blitz.js. ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: https://github.com/laluka/bypass-url-parser Description: Bypass Url Parser. URL: https://github.com/pinecone-wifi/pinecone Description: A WLAN red team framework. URL: https://github.com/gsmith257-cyber/GraphCrawler Description: GraphQL automated security testing toolkit. URL: https://github.com/dashingsoft/pyarmor Description: A tool used to obfuscate, fix or expire python scripts. URL: https://www.x86matthew.com/view_post?id=add_exe_import Description: AddExeImport - Add a hardcoded DLL dependency to any EXE. URL: https://persistence-info.github.io/ Description: Dump of information about Windows persistence mechanisms. URL: https://github.com/jbaines-r7/hook Description: WatchGuard Authenticated Arbitrary File Read (CVE-2022-31749). URL: https://github.com/teamssix/cf Blog: https://zone.huoxian.cn/d/1341-cf Description: Cloud Exploitation Framework facilitates the follow-up work of Red Teams. URL: https://revers.engineering/syscall-hooking-via-extended-feature-enable-register-efer/ Description: Syscall Hooking Via Extended Feature Enable Register (EFER). URL: https://github.com/daddycocoaman/dumpscan Description: CLI tool to extract and dump secrets from kernel and Windows Minidump formats. URL: https://blahcat.github.io/posts/2022/07/17/windbgx-undocumented-workspace-options.html Description: WinDbgX undocumented workspace options. URL: https://github.com/dirkjanm/ROADtools Blog: https://dirkjanm.io/introducing-roadtools-and-roadrecon-azure-ad-exploration-framework/ Description: The Azure AD exploration framework. ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues. URL: https://arkandas.com/blog/mifare_classic_cracking Description: MIFARE Cracking. URL: https://randorisec.fr/yet-another-bug-netfilter/ More: https://www.randorisec.fr/crack-linux-firewall/ Description: Yet another bug into Netfilter (CVE-2022-1972). URL: https://thinkloveshare.com/hacking/1001_ways_to_pwn_prod/ Description: 1001 ways to PWN prod - A tale of 60 RCE in 60 minutes. URL: https://labs.jumpsec.com/azure-securing-shared-access-signatures-sas/ Description: Azure - Securing Shared Access Signatures (SAS). URL: https://bit.ly/3PqnDzp (+) Description: Analysis of CVE-2022-30136 "Windows Network File System Vulnerability". URL: https://bit.ly/3Bm7Qxt (+) Description: Introduction to Smart Contract Security and Decentralized Web Applications. URL: https://onekey.com/blog/advisory-festo-cecc-x-m1-command-injection-vulnerabilities/ Description: FESTO - CECC-X-M1 - Command Injection Vulnerabilities. URL: https://blog.ret2.io/2022/06/29/pwn2own-2021-safari-sandbox-intel-graphics-exploit/ Description: Exploiting Intel Graphics Kernel Extensions on macOS - Apple Safari Sandbox Escape. URL: https://bit.ly/3Pq8iyD (+) Description: MS SharePoint Server WizardConnectToDataStep4 Deserialization Of Untrusted Data RCE. URL: https://blog.viettelcybersecurity.com/cve-2022-1040-sophos-xg-firewall-authentication-bypass/ Description: Sophos XG Firewall Authentication bypass (CVE-2022-1040). ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time? URL: https://brickexperimentchannel.wordpress.com/ Description: Lego Technic - Submarine 4.0 project. URL: https://12ft.io/ Description: Show me a 10ft paywall, I'll show you a 12ft ladder. URL: https://www.fuzzmap.io/ Description: Pretty cool interactive demo on how fuzzing can be used to explore gui-state. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d2068747470733a2f2f706174686f6e70726f6a6563742e636f6d https://pathonproject.com/zb/?0fbb52b8d3cf4a0c#hI8ZuKY77Q1SG+X0XltUMwHIIDSwTZbzOVp2RbZvonw=