█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 11 | Month: March | Year: 2015 | Release Date: 13/03/2015 | Edition: 57º ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that really worth your time! URL: http://drops.wooyun.org/papers/5107 Blog: https://jordan-wright.github.io/blog/2015/03/08/elasticsearch-rce-vulnerability-cve-2015-1427/ PoC: https://github.com/XiphosResearch/exploits/tree/master/ElasticSearch Description: ElasticSearch Groovy script RCE analysis (CVE-2015-1427). URL: https://hackerone.com/reports/48516 Description: Redirect URL in /intent/ functionality is not properly escaped (Twitter XSS). URL: http://sakurity.com/blog/2015/03/05/RECONNECT.html Description: RECONNECT - Critical bug in websites with Facebook Login. ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: https://github.com/DanMcInerney/net-creds Description: Sniffs sensitive data from interface or pcap. URL: https://github.com/pentestgeek/phishing-frenzy-templates Description: Phishing Scenarios Used for Phishing Frenzy. URL: https://manifestsecurity.com/appie/ Description: Appie – Android Pentesting Portable Integrated Environment. URL: https://github.com/ohjeongwook/Samsung-TV-Hacks Description: Samsung-TV-Hacks. URL: https://github.com/jingchunzhang/backdoor_rootkit/tree/master/mod_rootme-0.4 Description: mod_rootme - making Apache almost as insecure as IIS 5. URL: https://github.com/erwanlr/Fingerprinter Description: Tool to find the version of the remote application/third party script. URL: https://github.com/wishstudio/flinux Description: Dynamic binary translator and a Linux system call interface emulator for the Windows platform. ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues/problems. URL: http://christian-schneider.net/ChromeSopBypassWithSvg.html Description: Chrome SOP Bypass with SVG (CVE-2014-3160). URL: https://lqdc.github.io/making-finfisher-undetectable.html Description: Making Finfisher Undetectable. URL: https://www.nccgroup.com/media/481815/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf Description: Multiple Vulnerabilities in MailEnable. URL: http://theelectronjungle.com/2015/02/15/use-after-free-in-vlc-2.1.x/ Description: Use-After-Free in VLC 2.1.x ∞. URL: https://github.com/80vul/phpcodz Description: PHP Codz Hacking - Security Research Overview. URL: http://w00tsec.blogspot.pt/2015/02/extracting-raw-pictures-from-memory.html Description: Extracting RAW pictures from memory dumps. URL: http://www.malwaretech.com/2014/04/coding-malware-for-fun-and-not-for.html Description: Coding Malware for Fun and Not for Profit (Because that would be illegal) 😍. ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time ? URL: https://github.com/apuigsech/wargames/tree/master/matasano/crypto-challenges Description: Wargames by Matasano (Crypto-Challenges Set 1). URL: https://keboch.wordpress.com/2008/11/09/please-accept-this-spider-as-payment/ Description: Please accept this spider as payment. URL: https://gist.github.com/dchest/7225cf79c1ea2166489c Description: Swift HashDoS. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d