█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 05 | Month: January | Year: 2015 | Release Date: 31/01/2015 | Edition: 51º ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that really worth your time! URL: http://chargen.matasano.com/chargen/2015/1/27/vulnerability-overview-ghost-cve-2015-0235.html PoC: https://gist.github.com/koelling/ef9b2b9d0be6d6dbab63 Notes: http://blog.erratasec.com/2015/01/you-shouldnt-be-using-gethostbyname.html Fix: http://product.reverb.com/2015/01/28/patching-cve-2015-0235-aka-ghost-2/ Description: Ghost Overview (CVE-2015-0235). URL: https://hackerone.com/reports/44146 Description: Make API calls on behalf of another user (Vimeo CSRF protection bypass). URL: http://potatohatsecurity.tumblr.com/post/108197611404/yahoo-root-access-sql-injection-tw-yahoo-com Description: Yahoo - Root Access SQL Injection. ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: https://github.com/nccgroup/CrossSiteContentHijacking Description: Content hijacking proof-of-concept using Flash, PDF and Silverlight. 😈 URL: https://gitweb.torproject.org/user/jvoisin/mat.git Description: Metadata Anonymisation Toolkit. URL: http://www.gironsec.com/blog/2015/01/owning_modems_and_routers_silently/ Description: Owning Modems And Routers Silently. URL: https://github.com/Hykem/psxtract Description: Tool to decrypt and convert PSOne Classics from PSP/PS3. URL: https://github.com/PentesterES/Delorean Description: NTP Main-in-the-Middle Tool. URL: https://forsec.nl/2015/01/bash-data-exfiltration-through-dns-using-bash-builtin-functions/ Description: Bash data exfiltration through DNS (using bash builtin functions). URL: http://securitycafe.ro/2014/12/19/how-to-intercept-traffic-from-java-applications/ Description: How to intercept traffic from Java applications. ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues/problems. URL: http://chichou.0ginr.com/blog/1023 Description: A real case study of XSS through EXIF headers. URL: https://capsop.com/phpmyadmin Description: PHPMYADMIN PMA VULN CVE-2009-1151 (Yep Still the same!) URL: http://www.malwaretech.com/2015/01/using-kernel-rootkits-to-conceal.html Description: Using Kernel Rootkits to Conceal Infected MBR. URL: http://wouter.coekaerts.be/2015/resurrecting-phantomreference Description: Resurrecting a PhantomReference (Java Necromancy). URL: https://fail0verflow.com/blog/2014/hubcap-chromecast-root-pt1.html (-root-pt2.html) Description: Pwning the ChromeCast! (Part I and II). URL: https://milo2012.wordpress.com/2015/01/09/pentesting-firebird-database/ Description: Pentesting Firebird Databases. URL: http://kukuruku.co/hub/infosec/backdoor-in-a-public-rsa-key PoC: https://gist.github.com/ryancdotorg/18235723e926be0afbdd Description: Backdoor in a Public RSA Key. ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time ? URL: http://www.rfcreader.com/ Description: RFC Reader. URL: http://js-dos.com/ Description: On this site you can play in famous old dos games in browser. URL: https://github.com/joaojeronimo/rimrafall Description: npm install could be dangerous. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d