█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 34 | Month: August | Year: 2018 | Release Date: 24/08/2018 | Edition: #236 ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that's really worth your time! URL: https://ninja.style/post/bcard/ Description: How I Hacked BlackHat 2018. URL: https://hackerone.com/reports/395296 Description: Phone Call to XXE via Interactive Voice Response. ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: https://github.com/nccgroup/singularity Description: A DNS rebinding attack framework. URL: https://github.com/quentinhardy/odat Description: ODAT - Oracle Database Attacking Tool. URL: https://github.com/stufus/reconerator Description: C# Targeted Attack Reconnissance Tools. URL: https://github.com/RhinoSecurityLabs/pacu More: http://bit.ly/2MweecW (+) Description: Rhino Security Labs' AWS penetration testing toolkit. URL: https://github.com/gen0cide/gscript Slides: http://bit.ly/2BzDYjL (+) Description: Framework to implement custom droppers for all three major OSs. URL: https://github.com/HigorLoren/stalker Description: Py Script that searches and downloads informations about a person. URL: https://github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint Description: WhatsApp Protocol Decryption Burp Tool. URL: https://www.blackhillsinfosec.com/how-to-hack-websockets-and-socket-io/ Description: How to Hack WebSockets and Socket.io. URL: https://github.com/violentlydave/mkhtaccess_red Description: Auto-generate an HTaccess for payload delivery. URL: https://ntdiff.github.io/ Description: Diff any structure or list of functions from NTDLL/NTOSKRNL/HAL. URL: https://github.com/RUB-NDS/BurpSSOExtension More: http://bit.ly/2PxIHWc (+) Description: BurpSuite extension that highlights SSO messages in proxy window. URL: https://github.com/trailofbits/rattle Description: Rattle is an EVM binary static analysis framework for smart contracts. ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues. URL: http://www.kvakil.me/posts/ropchain/ Description: Ropchain - Primer and Attack. URL: https://hackerone.com/reports/126522 Description: Incorrect param parsing in Digits web authentication. URL: http://bit.ly/2NeGNs1 (+) Related: https://blog.path.network/fuzzing-cs-go-bsp-files/ Description: Lock and Load - Exploiting Counter Strike via BSP Map Files. URL: http://bit.ly/2wgLB8Q (+) Description: Breaking Full Disk Encryption from a Memory Dump. URL: https://codewhitesec.blogspot.pt/2018/01/handcrafted-gadgets.html Description: Handcrafted Gadgets. URL: https://blogs.securiteam.com/index.php/archives/3736 Description: VirtualBox VRDP Guest-to-Host Escape (unresolved 😏). URL: https://github.com/zhengmin1989/GreatiOSJailbreakMaterial Description: Great iOS Jailbreak Material! URL: http://bit.ly/2w67bOb (+) PoC: https://github.com/ChiChou/GlobalWebInspect Description: Prison Break - iOS Global Enable WebView Remote Debug. URL: https://shkspr.mobi/blog/2018/01/mailchimp-leaks-your-email-address/ Description: MailChimp leaks your email address. URL: https://lgtm.com/blog/apache_struts_CVE-2018-11776 PoC: https://github.com/jas502n/St2-057/ | http://bit.ly/2obNtMq (+) More: https://lgtm.com/blog/apache_struts_CVE-2018-11776-part2 Description: How to find 5 RCEs in Apache Struts with Semmle QL (CVE-2018-11776). URL: http://bit.ly/2PtttS5 (+) PoC: https://github.com/Rhynorater/CVE-2018-15473-Exploit Description: OpenSSH User Enumeration Vulnerability - A Close Look (CVE-2018-15473). URL: http://bit.ly/2BzZKDO (+) PoC: https://github.com/atredispartners/CVE-2018-0952-SystemCollector Description: PE Vulnerability in Windows Standard Collector Service (CVE-2018-0952). ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time? URL: https://uselesscsp.com/ Description: Useless CSP. URL: https://github.com/jesseduffield/lazygit Description: simple terminal UI for git commands. URL: http://www.deaddialect.com/articles/2018/8/17/badge-story Description: Breaking Badge - The DEFCON Crazy 8s. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d https://pathonproject.com/zb/?ee35280d08ab441d#23B0Rh/aXuUPQmzjFAg5NvcNNva7UsTJLaC5ipMl66I=