forked from Simpsonpt/AppSecEzine
-
Notifications
You must be signed in to change notification settings - Fork 0
/
139 - AppSec Ezine
122 lines (81 loc) · 5.32 KB
/
139 - AppSec Ezine
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝
██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗
╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝
### Week: 41 | Month: October | Year: 2016 | Release Date: 14/10/2016 | Edition: #139 ###
' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐
' ║║║│ │└─┐ │ ╚═╗├┤ ├┤
' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘
' Something that's really worth your time!
URL: https://blog.tarq.io/node-js-request-smuggling/
Description: Node.JS Request Smuggling (Again!).
URL: http://blog.wesecureapp.com/xss-by-tossing-cookies/
Description: XSS by tossing cookies.
' ╦ ╦┌─┐┌─┐┬┌─
' ╠═╣├─┤│ ├┴┐
' ╩ ╩┴ ┴└─┘┴ ┴
' Some Kung Fu Techniques.
URL: https://github.com/mothran/unicorn-decoder
Description: Simple shellcode decoder using unicorn-engine.
URL: https://github.com/commonexploits/vlan-hopping
Slides: http://info-assure.co.uk/public_downloads/not-only-frogs-can-hop.pdf
Description: Not only frogs can hop (VLAN Hopping).
URL: https://github.com/sh4hin/Androl4b
Description: VM for Assessing Android apps, Reverse Eng. and Malware Analysis.
URL: https://github.com/tcstool/Fireaway
Description: Next Generation Firewall Audit and Bypass Tool.
URL: https://www.cgsec.co.uk/powershell-empire-cve-2016-0189-profit/
Description: Powershell Empire + CVE-2016-0189 = Profit.
URL: https://github.com/felixwilhelm/mario_baslr/
Description: PoC for breaking hypervisor ASLR using branch target buffer collisions.
URL: https://github.com/trylinux/lift/
Description: Low-Impact Fingerprint Tool.
URL: https://github.com/darkoperator/dnsrecon
Description: DNS Enumeration Script.
URL: https://github.com/dafthack/MailSniper
Description: Tool for searching through email in a MS Exchange env. for keywords.
URL: https://github.com/secrary/SSMA
Description: SSMA - Simple Static Malware Analyzer.
' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘
' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴
' All about security issues.
URL: https://hackerone.com/reports/53004
Description: Blacklist bypass on Callback URLs (DNS rebinding FTW!)
URL: https://goo.gl/ZQK5fU (+)
Description: Reading Uber's Internal Emails (Bug Bounty report worth $10,000).
URL: https://goo.gl/63HPVG (+)
Description: Breaching a CA - Blind XSS in the GeoTrust SSL Operations Panel.
URL: https://goo.gl/ZxXu7l (+)
PoC: https://github.com/outflankbv/NetshHelperBeacon
Description: Using NetShell to execute evil DLLs and persist on a host.
URL: http://rednaga.io/2016/09/21/reversing_go_binaries_like_a_pro/
Description: Reversing GO binaries like a pro.
URL: https://www.virtuesecurity.com/blog/jquery-security-model/
Description: Understanding jQuery Security.
URL: https://github.com/jaredmichaelsmith/awesome-vehicle-security
Description: Resources dump for learning about vehicle security and car hacking.
URL: http://blog.rewolf.pl/blog/?p=1630
Description: MSI ntiolib.sys/winio.sys local privilege escalation.
URL: https://goo.gl/6KQMdJ (+)
Description: Multiple vulnerabilities found in the Dlink DWR-932B.
URL: https://blog.nelhage.com/2011/03/exploiting-pickle/
Description: Exploiting Misuse of Python's "Pickle" (Oldies).
' ╔═╗┬ ┬┌┐┌
' ╠╣ │ ││││
' ╚ └─┘┘└┘
' Spare time?
URL: http://www.gwan.com/blog/20160405.html
Description: Google's "Director of Engineering" Hiring Test.
URL: http://nedbatchelder.com//blog/201609/computing_primes_with_css.html
Description: Computing primes with CSS.
URL: https://github.com/samyk/BPL
Description: Blind Public License (BPL).
' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
' ║ ├┬┘├┤ │││ │ └─┐
' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
' Content Helpers (0x)
52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d
http://pathonproject.com/zb/?ae48ff688d0f3e84#c0v4GiLZC5LRm/bFeKT7JY+ogU4Nqy4uLvrZ3W+MIGU=