█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 50 | Month: December | Year: 2015 | Release Date: 11/12/2015 | Edition: 95º ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that really worth your time! URL: https://security.linkedin.com/blog-archive#11232015 Description: Abusing CSS Selectors to Perform UI Redressing Attacks. URL: http://blog.valverde.me/2015/12/07/bad-life-advice/ Description: Bad life advice - Replay attacks against HTTPS. ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: https://github.com/BuffaloWill/oxml_xxe Description: A tool for embedding XXE/XML exploits into different filetypes. URL: https://github.com/jndok/ropnroll Description: An OSX exploitation helper library. URL: https://gist.github.com/crowell/92ed41884db35d73e2fc Description: Prevent an ELF from being loaded by gdb < v7.10. URL: https://github.com/DhavalKapil/icmptunnel Description: Transparently tunnel your IP traffic through ICMP echo and reply packets. URL: http://magikh0e.ihtb.org/pubPapers/ssh_gymnastics_tunneling.html Description: SSH Gymnastics and Tunneling with ProxyChains. URL: https://github.com/xor-function/fathomless Description: A collection of different programs that work together, related to infosec. URL: https://github.com/n3k/CertSlayer Description: Test if an application handles SSL certificates the way it is supposed to. URL: https://github.com/secabstraction/PowerCat Description: A PowerShell TCP/IP swiss army knife. URL: http://decidedlygray.com/2015/11/19/evil-access-point-with-auto-backdooring-ftw/ Description: Evil Access Point with Auto-Backdooring FTW! ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues/problems. URL: http://yahoo-security.tumblr.com/post/134549767190/attacking-http2-implementations Description: Attacking HTTP/2 Implementations. URL: http://www.sekoia.fr/blog/windows-driver-signing-bypass-by-derusbi/ Description: Windows driver signing bypass by Derusbi Malware. URL: https://goo.gl/Pei7cP (+) Description: Remote code execution in wget+dietlibc. URL: http://silentbreaksecurity.com/malicious-outlook-rules/ Description: Malicious Outlook Rules. URL: https://odzhan.wordpress.com/2015/11/17/asmcodes-pic/ Description: Platform Independent PIC for Loading DLL and Exec Commands. URL: https://w00tsec.blogspot.pt/2015/11/arris-cable-modem-has-backdoor-in.html Description: ARRIS Cable Modem has a Backdoor in the Backdoor. URL: https://www.mdsec.co.uk/2015/12/protected-mode-a-case-of-when-no-means-yes/ Description: Protected Mode - A Case of When No Means Yes. URL: http://neonprimetime.blogspot.pt/2015/11/xsl-payload-xxe-rce-e3xpl0it.html Description: Remote Code Execution in XSL (EXtensible Stylesheet Language) Transformations. URL: http://blog.fortinet.com/post/when-baby-monitors-are-a-model-for-iot-security Description: When Baby Monitors Are a Model For IoT Security. URL: https://blog.coresecurity.com/2015/12/09/exploiting-windows-media-center/ Description: Exploiting Windows Media Center. ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time ? URL: https://hackerone.com/reports/100829 Description: Stored-XSS in Coinbase.com (Cry if you want 😭). URL: http://racksburg.com/choosing-an-http-status-code/ Description: Choosing an HTTP Status Code — Stop Making It Hard. URL: https://github.com/KnightOS/knightos Description: KnightOS is a third-party operating system for TI calculators. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d