█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 51 | Month: December | Year: 2015 | Release Date: 18/12/2015 | Edition: 96º ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that really worth your time! URL: https://nvisium.com/blog/2015/12/07/injecting-flask/ Description: Injecting Flask. URL: https://vagmour.eu/facebook-open-redirect-vulnerability-that-does-the-social-engineering-job-too/ Description: Facebook open-redirect vulnerability that does the social engineering job too. URL: https://sites.google.com/site/zerodayresearch/BadWinmail.pdf Description: The "Enterprise Killer" Attack Vector in Microsoft Outlook. ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: https://github.com/DaniLabs/scripts-nse Description: Huawei HG253s v2 Huawei HG253s v2 Pwn. URL: https://github.com/vcrypt/vcrypt Description: Toolkit for multi-factor, multi-role encryption. URL: https://github.com/killswitch-GUI/SimplyEmail Description: SimpleEmail is a email recon tool that is fast and easy framework to build on. URL: https://github.com/alexis-ld/pycket Description: A simple python packet sniffer and manipulation tool for linux. URL: https://github.com/jndok/stfusip Description: System Integrity Protection (SIP) bypass for OSX 10.11.1. URL: https://github.com/hasherezade/snippets Description: Code snippets and PoCs, to be used for tests or as ready-made skeletons. (Win Pwnage) URL: https://isc.sans.edu/diary/Scanning+tricks+with+scapy/20381 Description: Scanning tricks with scapy. URL: https://github.com/CaledoniaProject/jenkins-cli-exploit Description: Jenkins CommonCollections Exploit (JAVA Serializaion Vulnerabilty Continuation). URL: http://antincode.com/post/131952657591/xss-via-xml-post Description: XSS via XML POST (Small Trick). URL: http://www.greyhathacker.net/?p=894 Description: Bypassing Windows ASLR in Microsoft Office using ActiveX controls. ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues/problems. URL: https://odzhan.wordpress.com/2015/11/19/dllpic-injection-on-windows-from-wow64-process/ PoC: https://github.com/odzhan/pi Description: DLL/PIC Injection on Windows from Wow64 process. URL: http://ethanheilman.tumblr.com/post/133488739430/is-playstation-4-network-traffic-especially Description: Is PlayStation 4 Network Traffic Especially Difficult to Decrypt? URL: https://www.raspberrypi.org/forums/viewtopic.php?f=66&t=126892 Description: RBPi Predictable SSH host keys (Year 2008 Again 😄). URL: http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html Description: House of Keys - Industry-Wide HTTPS Certificate and SSH Key Reuse. URL: https://usn.pw/blog/gen/2015/06/09/filenames/ Description: A Tale of Two File Names. URL: http://hn.premii.com/#/article/10686676 Description: Survey of popular Node.js packages reveals credential leaks. URL: http://opensecuritytraining.info/IntroX86.html Description: Introductory Intel x86 - Architecture, Assembly, Applications, & Alliteration. URL: http://labs.detectify.com/post/133528218381/chrome-extensions-aka-total-absence-of-privacy Description: Chrome Extensions – AKA Total Absence of Privacy. URL: https://blog.srcclr.com/amazon-aws-sdk-for-java-vulnerability-disclosure/ Description: Amazon AWS Java SDK Vulnerability Disclosure. URL: https://blogs.akamai.com/2015/12/developing-a-poc-step-by-step.html Description: Developing a PoC Step by Step (Wordpress Issue Example). ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time ? URL: http://blog.totallynotmalware.net/?p=15 Description: Social Media Self-Defense (Tips and Tricks). URL: http://oldweb.today/ Description: Browse old web pages the old way with virtual browsers in the browser. URL: http://bnrg.cs.berkeley.edu/~randy/Courses/CS39K.S13/anarchistcookbook2000.pdf Description: Anarchy Cookbook V2000. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d