AppSec Ezine - #442

luton15071 · Aug 5, 2022 · da779be · da779be
1 parent eaa2af4
commit da779be
Showing 1 changed file with 129 additions and 0 deletions.
diff --git a/Ezines/442 - AppSec Ezine b/Ezines/442 - AppSec Ezine
@@ -0,0 +1,129 @@
+ █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
+██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
+███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
+██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
+██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
+╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
+###  Week: 31 | Month: August | Year: 2022 | Release Date: 05/08/2022 | Edition: #442  ###
+
+
+'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
+'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
+'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
+'  Something that's really worth your time!
+
+
+URL: https://hackerone.com/reports/1567186
+Description: One-click account hijack for anyone using Apple sign-in with Reddit.
+
+URL: https://albertpedersen.com/blog/hijacking-email-with-cloudflare-email-routing/
+Description: Hijacking email with Cloudflare Email Routing.
+
+
+'  ╦ ╦┌─┐┌─┐┬┌─
+'  ╠═╣├─┤│  ├┴┐
+'  ╩ ╩┴ ┴└─┘┴ ┴
+'  Some Kung Fu Techniques.
+
+
+URL: https://github.com/io-tl/Mara
+Description: Mara is a userland pty/tty sniffer.
+
+URL: https://github.com/hktalent/scan4all
+Description: All in one vulnerability scanning tool.
+
+URL: https://github.com/dobin/antnium
+More: https://bit.ly/3QkdDYt (+)
+Description: Develop your own RAT - EDR + AV Defense.
+
+URL: https://github.com/Ph33rr/cirrusgo
+Description: A fast tool to scan SAAS,PAAS App written in Go.
+
+URL: https://github.com/janoglezcampos/DeathSleep
+Description: PoC of a novel Evasion Technique (ReadTeam Helpers).
+
+URL: https://github.com/tastypepperoni/RunAsWinTcb
+Description: Running Exploit As Protected Process Ligh From Userland.
+
+URL: https://github.com/veo/vbackdoor
+Description: Hide process,port,self under Linux using the ld_preload.
+
+URL: https://github.com/vladko312/SSTImap
+Description: Automatic SSTI detection tool with interactive interface.
+
+URL: https://github.com/Sh0ckFR/Lockbit3.0-MpClient-Defender-PoC
+Description: Lockbit3.0 Microsoft Defender MpClient.dll DLL Hijacking PoC.
+
+URL: https://gist.github.com/rqu1/8ed4f51fd90dd82fc89111340e26a756
+More: https://forum.spacehey.com/topic?id=83646
+Description: OS Command Injection in Simple Certificate Enrollment Protocol (CVE-2021-3060).
+
+URL: https://github.com/layer8secure/SilentHound
+Description: Enumerate an Active Directory Domain via LDAP parsing users, admins, groups ...
+
+URL: https://github.com/google/paranoid_crypto
+Description:  Library to check for weakenesses on crypto artifacts generated by black boxes.
+
+
+'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
+'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
+'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
+'  All about security issues.
+
+
+URL: https://xz.aliyun.com/t/11578
+Description: Zoho Password Manager Pro XML-RPC RCE (CVE-2022-35405).
+
+URL: https://link.medium.com/1frAdLJYDqb
+Description: Multi-factor Authentication In-The-Wild bypass methods.
+
+URL: https://eslam.io/posts/ejs-server-side-template-injection-rce/
+Description: EJS, Server side template injection RCE (CVE-2022-29078).
+
+URL: https://danielmangum.com/posts/risc-v-bytes-stack-use-after-return/
+Description: RISC-V Bytes - Stack Use After Return in C, Go, and Rust.
+
+URL: https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/
+Description: How we have pwned Root-Me in 2022.
+
+URL: https://engineering.mercari.com/en/blog/entry/20220729-the-mobile-attack-surface/
+Description: The Mobile Attack Surface.
+
+URL: https://rootdse.org/posts/active-directory-basics-1/
+More: https://rootdse.org/posts/active-directory-basics-2/ (basics-3/ and basics-4/)
+Description: AD Fundamentals - Basic Concepts, Objects, Group Policies and LDAP and more.
+
+URL: https://bit.ly/3OZag8e (+)
+Description: (ZOHO) ManageEngine Desktop Central - SQL Injection / Arbitrary File Write.
+
+URL: https://s1ckb017.github.io/2022/07/30/Discover-an-AntiDebug-feature-a-newbie-approach.html
+Description: Discover an AntiDebug feature - A newbie approach.
+
+URL: https://blog.syscall.party/2022/08/02/inside-windows-defender-system-guard-runtime-monitor
+Description: Inside Windows Defender System Guard Runtime Monitor.
+
+
+'  ╔═╗┬ ┬┌┐┌
+'  ╠╣ │ ││││
+'  ╚  └─┘┘└┘
+'  Spare time?
+
+
+URL: https://github.com/ranok/pdfchat
+Description: Silly proof-of-concept for a PDF chatroom.
+
+URL: https://dmitry.gr/?r=05.Projects&proj=33.%20LinuxCard
+Description: My business card runs Linux, yours can too.
+
+URL: https://lab.quantumflytrap.com/lab
+Description: Visualizing quantum mechanics in an interactive simulation (or not!).
+
+
+'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
+'  ║  ├┬┘├┤  │││ │ └─┐
+'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
+'  Content Helpers (0x)
+
+52656e61746f20526f64726967756573202d204073696d7073306e202d2068747470733a2f2f706174686f6e70726f6a6563742e636f6d
+
+https://pathonproject.com/zb/?28f0f8e9764d4f97#LhPfSm6ngTnSCfEFST9vD2xuTsFUeMb2vv0OPv+vFyQ=