█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗ ██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝ ███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝ ### Week: 15 | Month: April | Year: 2020 | Release Date: 10/04/2020 | Edition: #321 ### ' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐ ' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘ ' Something that's really worth your time! URL: https://www.ryanpickren.com/webcam-hacking Description: The story of how I gained unauthorized Camera access on iOS and macOS. URL: https://blog.mert.ninja/freemarker-ssti-on-lithium-cms/ Description: Limited FreeMarker SSTI to Arbitrary LiQL Query and Manage Lithium CMS. URL: https://www.rtcsec.com/2020/04/01-slack-webrtc-turn-compromise/ Related: http://bit.ly/3bvpv8E (+) Description: How we abused Slack's TURN servers to gain access to internal services. ' ╦ ╦┌─┐┌─┐┬┌─ ' ╠═╣├─┤│ ├┴┐ ' ╩ ╩┴ ┴└─┘┴ ┴ ' Some Kung Fu Techniques. URL: https://github.com/staaldraad/turner Description: An HTTP over TURN/STUN proxy. URL: https://github.com/bats3c/ghost-in-the-logs/ Description: Evade sysmon and windows event logging. URL: https://github.com/WiseSecurity/dockerized-fuzzers Description: Dockerfiles for (un)popular fuzzers! URL: https://github.com/0xSearches/sandcastle Description: Python script for AWS S3 bucket enumeration. URL: https://github.com/IoT-PTv/IoT-PT Description: A Virtual environment for pentest IoT Devices. URL: https://github.com/thelinuxchoice/evilreg Description: Reverse shell using Windows Registry files (.reg). URL: https://github.com/wsfengfan/CVE-2020-10199-10204/ Description: Nexus Repository Manager 3 - Remote Code Execution PoC. URL: https://burninatorsec.blogspot.com/2020/04/sql-rollback-hack.html Description: SQL Rollback Hack. URL: https://bit.ly/39WmPMQ (+) Description: How to use DNS Poisoning to redirect users to Fake Website. URL: https://github.com/penma/findvolkey Description: Recover the volume key of EncFS volumes created around 2007 on Debian. URL: https://github.com/andreafioraldi/angrgdb Description: Use angr inside GDB. Create an angr state from the current debugger state. URL: https://modexp.wordpress.com/2020/04/08/red-teams-etw/ Description: Another method of bypassing ETW and Process Injection via ETW reg. entries. ' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬ ' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘ ' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues. URL: https://n0.lol/a/pemangle.html Description: Modern PE Mangling. URL: https://en.hackndo.com/kerberos-asrep-roasting/ Description: AS_REP Roasting. URL: https://mazinahmed.net/blog/ohmyzsh-dotenv-rce/ Description: OhMyZsh dotenv Remote Code Execution. URL: https://redcanary.com/blog/heavens-gate-technique-on-linux/ Description: Revisiting Heaven’s Gate for Windows. URL: https://bit.ly/34ozEhW (+) Description: Remote Code Execution Through .LNK Files (CVE-2020-0729). URL: https://scriptingxss.gitbook.io/firmware-security-testing-methodology/ Description: OWASP Firmware Security Testing Methodology. URL: https://assortedhackery.com/patching-cam-link-to-play-nicer-on-linux/ Description: Patching my Cam Link 4K to play nicer on Linux. URL: https://objective-see.com/blog/blog_0x56.html Description: Uncovering (local) security flaws in Zoom's latest macOS client. URL: https://codewhitesec.blogspot.com/2020/03/liferay-portal-json-vulns.html More: https://bit.ly/2JQDnLP (+) Description: Liferay Portal JSON Web Service RCE Vulnerabilities (CVE-2020-7961). URL: https://theevilbit.github.io/posts/exploiting_directory_permissions_on_macos/ Description: Exploiting directory permissions on macOS. URL: https://bit.ly/2yN2soI (+) Description: Discovering SQL Injections Incrementally with Isomorphic SQL Statements. ' ╔═╗┬ ┬┌┐┌ ' ╠╣ │ ││││ ' ╚ └─┘┘└┘ ' Spare time? URL: https://bckr.itch.io/mpga Description: Make Pandemics Great Again. URL: https://tails.boum.org/ Description: Privacy for anyone anywhere. URL: https://labs.unit221b.com/2020/04/04/wfh-security-advisory/ Description: WFH Security Advisor. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐ ' ║ ├┬┘├┤ │││ │ └─┐ ' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘ ' Content Helpers (0x) 52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d https://pathonproject.com/zb/?99c300c03a451199#dnpsSIWllH8i0Vw7RhG+46g+ssD+sgNU2c5TXPlVUXs=