█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 16 | Month: April | Year: 2015 | Release Date: 17/04/2015 | Edition: 62º ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that really worth your time! URL: http://intothesymmetry.blogspot.ch/2015/04/open-redirect-in-rfc6749-aka-oauth-20.html Description: Open redirect in rfc6749 aka 'The OAuth 2.0 Authorization Framework'. URL: https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/ Description: Hidden backdoor API to root privileges in Apple OSX. URL: https://ma.ttias.be/remote-code-execution-via-http-request-in-iis-on-windows/ Oficial: https://technet.microsoft.com/library/security/MS15-034 PoC: $ curl -v Vulnerable_IP/ -H "Host: irrelevant" -H "Range: bytes=0-18446744073709551615" (It will DoS) 😈 Description: Remote Code Execution via HTTP Request in IIS (Windows 7 to Server 2012 R2). ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: http://www.openwall.com/lists/oss-security/2015/04/14/4 PoC CVE-2015-1862: https://gist.github.com/taviso/fe359006836d6cd1091e (raceabrt.c) Execution: https://gist.github.com/taviso/d0f673bbd5093ffcafb7 PoC CVE-2015-1318: https://gist.github.com/taviso/0f02c255c13c5c113406 (newpid.c) Description: Race condition exploit for Fedora and Ubuntu. URL: https://github.com/gdbinit/can_I_suid Description: A TrustedBSD module to control execution of binaries with suid bit set. URL: https://blog.criticalstack.com/envdb-ask-your-environment-questions/ Description: Envdb - Ask your environment questions. URL: https://github.com/Shopify/toxiproxy Description: A proxy to simulate network and system conditions. URL: https://github.com/analog-nico/hpp Description: Express middleware to protect against HTTP Parameter Pollution attacks. ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues/problems. URL: http://blog.h3xstream.com/2015/04/crossdomainxml-beware-of-wildcards.html Description: crossdomain.xml - Beware of Wildcards. URL: http://0xdabbad00.com/2015/04/12/looking_for_security_trouble_spots_in_go_code/ Description: Looking for security trouble spots in Go code. URL: http://blog.maintenancewindow.ca/post/2015/03/29/Making-Smart-Locks-Smarter-%28aka.-Hacking-the-August-Smart-Lock%29 Description: Making Smart Locks Smarter (aka. Hacking the August Smart Lock). URL: http://niiconsulting.com/checkmate/2015/04/server-side-request-forgery-ssrf/ Description: Server Side Request Forgery (SSRF). URL: http://www.labofapenetrationtester.com/2015/02/using-windows-screensaver-as-backdoor.html Description: Using Windows Screensaver as a Backdoor with PowerShell. URL: http://beginners.re/ Description: "Reverse Engineering for Beginners" free book. URL: http://sirdarckcat.blogspot.hk/2014/05/matryoshka-web-application-timing.html Description: Web Application Timing Attacks (or.. Timing Attacks against JavaScript Applications in Browsers). URL: http://blog.0x3a.com/post/110052845124/an-in-depth-analysis-of-the-fiesta-exploit-kit-an Description: An In-depth analysis of the Fiesta Exploit Kit - An infection in 2015. ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time ? URL: http://8088mph.blogspot.pt/2015/04/cga-in-1024-colors-new-mode-illustrated.html Description: CGA in 1024 Colors - the Illustrated Guide. URL: http://crpgaddict.blogspot.pt/2015/04/game-183-shadowforge-1989.html Description: John D. Carmack 1st Game. URL: http://visualgo.net/ Description: Visualising data structures and algorithms through animation. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d