forked from Simpsonpt/AppSecEzine
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path16 - AppSec Ezine
96 lines (64 loc) · 4.6 KB
/
16 - AppSec Ezine
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝
██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗
╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝
### Week: 20 | Month: May | Year: 2014 | Release Date: 16/05/2014 | Edition: 16º ###
' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐
' ║║║│ │└─┐ │ ╚═╗├┤ ├┤
' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘
' Something that really worth your time!
URL: http://www.oauthsecurity.com/
Description: OAuth Security Cheatsheet.
URL: http://www.securatary.com/Portals/0/Vulnerabilities/PayPal/Paypal%20Manager%20Account%20Hijack.pdf
Description: PayPal Manager Admin Account Hijack.
URL: http://bouk.co/blog/elasticsearch-rce/
PoC: http://www.exploit-db.com/exploits/33370/
Description: Insecure default in Elasticsearch enables remote code execution (RCE).
' ╦ ╦┌─┐┌─┐┬┌─
' ╠═╣├─┤│ ├┴┐
' ╩ ╩┴ ┴└─┘┴ ┴
' Some Kung Fu Techniques.
URL: https://github.com/enzolovesbacon/inficere
Description: Mac OS X rootkit (for learning purposes 😇).
URL: http://holloway.co.nz/steg/
Description: Steganography to hide secret messages in user’s tweets.
URL: https://blog.curesec.com/article/blog/32.html
Description: Heartbleed analysis daemon published.
URL: https://github.com/vboxme/Portable-VirtualBox
Description: Portable-VirtualBox run OSs from a usb stick without separate installation.
URL: https://github.com/hedaode/SmartProxy
Description: SmartProxy transparent TCP proxy client for Android 4.0++, without ROOT privileges.
URL: http://xip.io/
Description: Wildcard DNS for everyone.
' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘
' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴
' All about security issues/problems.
URL: http://www.securityaegis.com/the-big-fat-metasploit-post/
Description: The Big Fat Metasploit Post (All in One).
URL: http://samsclass.info/124/proj14/p6x-NTP-DrDOS.htm
Description: Packet Amplification with NTP.
URL: http://www.aldeid.com/wiki/Fiddler#Example:_Decrypting_malware_HTTPS_traffic
Description: Decrypting malware HTTPS traffic.
URL: http://blog.ioactive.com/2014/05/glass-reflections-in-pictures-osint.html
Description: Glass Reflections in Pictures + OSINT = More Accurate Location.
URL: http://www.jakoblell.com/blog/2014/05/07/hacking-contest-rootkit/
Description: Rootkit - Motivational Post.
URL: http://blog.ptsecurity.com/2014/05/obtaining-passwords-from-cisco-wireless.html
Description: Obtaining Passwords from Cisco Wireless LAN Controllers.
' ╔═╗┬ ┬┌┐┌
' ╠╣ │ ││││
' ╚ └─┘┘└┘
' Spare time ?
URL: https://www.adafruit.com/blog/2014/04/04/new-product-cupcade-the-raspberry-pi-powered-micro-arcade-cabinet-kit-beta/
Description: Micro Arcade Cabinet Kit.
URL: https://www.alchemistowl.org/pocorgtfo/spoiler03.html
Description: PoC||GTFO 0x03 Spoiler 😸.
' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
' ║ ├┬┘├┤ │││ │ └─┐
' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
' Content Helpers (0x)
52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d
5065746b6f205065746b6f76202d2040706470202d2068747470733a2f2f61626f75742e6d652f706470