█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 31 | Month: August | Year: 2022 | Release Date: 05/08/2022 | Edition: #442 ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that's really worth your time! URL: https://hackerone.com/reports/1567186 Description: One-click account hijack for anyone using Apple sign-in with Reddit. URL: https://albertpedersen.com/blog/hijacking-email-with-cloudflare-email-routing/ Description: Hijacking email with Cloudflare Email Routing. ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: https://github.com/io-tl/Mara Description: Mara is a userland pty/tty sniffer. URL: https://github.com/hktalent/scan4all Description: All in one vulnerability scanning tool. URL: https://github.com/dobin/antnium More: https://bit.ly/3QkdDYt (+) Description: Develop your own RAT - EDR + AV Defense. URL: https://github.com/Ph33rr/cirrusgo Description: A fast tool to scan SAAS,PAAS App written in Go. URL: https://github.com/janoglezcampos/DeathSleep Description: PoC of a novel Evasion Technique (ReadTeam Helpers). URL: https://github.com/tastypepperoni/RunAsWinTcb Description: Running Exploit As Protected Process Ligh From Userland. URL: https://github.com/veo/vbackdoor Description: Hide process,port,self under Linux using the ld_preload. URL: https://github.com/vladko312/SSTImap Description: Automatic SSTI detection tool with interactive interface. URL: https://github.com/Sh0ckFR/Lockbit3.0-MpClient-Defender-PoC Description: Lockbit3.0 Microsoft Defender MpClient.dll DLL Hijacking PoC. URL: https://gist.github.com/rqu1/8ed4f51fd90dd82fc89111340e26a756 More: https://forum.spacehey.com/topic?id=83646 Description: OS Command Injection in Simple Certificate Enrollment Protocol (CVE-2021-3060). URL: https://github.com/layer8secure/SilentHound Description: Enumerate an Active Directory Domain via LDAP parsing users, admins, groups ... URL: https://github.com/google/paranoid_crypto Description: Library to check for weakenesses on crypto artifacts generated by black boxes. ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues. URL: https://xz.aliyun.com/t/11578 Description: Zoho Password Manager Pro XML-RPC RCE (CVE-2022-35405). URL: https://link.medium.com/1frAdLJYDqb Description: Multi-factor Authentication In-The-Wild bypass methods. URL: https://eslam.io/posts/ejs-server-side-template-injection-rce/ Description: EJS, Server side template injection RCE (CVE-2022-29078). URL: https://danielmangum.com/posts/risc-v-bytes-stack-use-after-return/ Description: RISC-V Bytes - Stack Use After Return in C, Go, and Rust. URL: https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/ Description: How we have pwned Root-Me in 2022. URL: https://engineering.mercari.com/en/blog/entry/20220729-the-mobile-attack-surface/ Description: The Mobile Attack Surface. URL: https://rootdse.org/posts/active-directory-basics-1/ More: https://rootdse.org/posts/active-directory-basics-2/ (basics-3/ and basics-4/) Description: AD Fundamentals - Basic Concepts, Objects, Group Policies and LDAP and more. URL: https://bit.ly/3OZag8e (+) Description: (ZOHO) ManageEngine Desktop Central - SQL Injection / Arbitrary File Write. URL: https://s1ckb017.github.io/2022/07/30/Discover-an-AntiDebug-feature-a-newbie-approach.html Description: Discover an AntiDebug feature - A newbie approach. URL: https://blog.syscall.party/2022/08/02/inside-windows-defender-system-guard-runtime-monitor Description: Inside Windows Defender System Guard Runtime Monitor. ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time? URL: https://github.com/ranok/pdfchat Description: Silly proof-of-concept for a PDF chatroom. URL: https://dmitry.gr/?r=05.Projects&proj=33.%20LinuxCard Description: My business card runs Linux, yours can too. URL: https://lab.quantumflytrap.com/lab Description: Visualizing quantum mechanics in an interactive simulation (or not!). ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d2068747470733a2f2f706174686f6e70726f6a6563742e636f6d https://pathonproject.com/zb/?28f0f8e9764d4f97#LhPfSm6ngTnSCfEFST9vD2xuTsFUeMb2vv0OPv+vFyQ=