█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 08 | Month: February | Year: 2015 | Release Date: 20/02/2015 | Edition: 54º ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that really worth your time! URL: https://github.com/cryptostorm/leakblock/tree/master/superfish.com Why Not: https://blog.filippo.io/make-your-own-superfish-infected-vm/ Blog: http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html Certificate: https://gist.github.com/mathiasbynens/7a13a467b22c42505490#file-private-key-pem Description: Lenovo SuperFish Awesomeness 😂. URL: http://danlec.com/blog/hacking-stackoverflow-com-s-html-sanitizer Description: Hacking stackoverflow.com's HTML sanitizer. URL: http://philippeharewood.com/paging-cursors-leaking-data-in-graph-api/ Description: Paging Cursors leaking data in Graph API (Facebook). ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: http://www.shellcheck.net/ Description: Automatically detects problems with sh/bash scripts and commands. URL: https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/ Description: Decrypting TLS Browser Traffic With Wireshark - The Easy Way! URL: https://github.com/wapiflapi/exrs Description: Exercises for learning Reverse Engineering and Exploitation. URL: https://github.com/citronneur/rdpy Description: Remote Desktop Protocol in twisted python. (Handy!) URL: https://github.com/clymb3r/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1 Description: Invoke-Mimikatz in Memory Only with PowerShell. URL: http://seclists.org/fulldisclosure/2015/Feb/56 Description: NetGear Routers Pownage. URL: http://sourceforge.net/projects/packeth/ Description: packETH is a Linux GUI packet generator tool for ethernet. ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues/problems. URL: http://shubh.am/exploiting-markdown-syntax-and-telescope-persistent-xss-through-markdown-cve-2014-5144/ Description: Exploiting Markdown Syntax and Telescope Persistent XSS through Markdown (CVE-2014-5144). URL: http://blog.sucuri.net/2015/02/creative-evasion-technique-against-website-firewalls.html Description: Creative Evasion Technique Against Website Firewalls. URL: https://www.trustedsec.com/january-2015/account-hunting-invoke-tokenmanipulation/ Description: Account Hunting for Invoke-TokenManipulation (Pentesting). URL: http://www.evilsocket.net/2015/01/29/nike-fuelband-se-ble-protocol-reversed/ Description: Nike+ FuelBand SE BLE Protocol Reversed. URL: http://www.insinuator.net/2015/01/evasion-of-cisco-acls-by-abusing-ipv6-discussion-of-mitigation-techniques/ Description: Evasion of Cisco ACLs by (Ab)Using IPv6 & Discussion of Mitigation Techniques. URL: https://rh0dev.github.io/blog/2015/fun-with-info-leaks/ Description: Fun With Info-Leaks. URL: http://haxelion.eu/article/LD_NOT_PRELOADED_FOR_REAL/ Description: LD_NOT_PRELOADED_FOR_REAL (LD_PRELOAD the Other Side). ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time ? URL: https://github.com/yaronn/blessed-contrib Description: Build terminal dashboards using ascii/ansi art and javascript. URL: http://pixelscommander.com/en/javascript/nasa-coding-standarts-for-javascript-performance/ Description: Applying NASA coding standards to JavaScript. URL: https://littleosbook.github.io/ Description: The little book about OS development. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d