## 5th Anniversary Celebration Book ##		
	             						
      ___           ___         ___         ___           ___           ___              
     /\  \         /\  \       /\  \       /\__\         /\__\         /\__\             
    /::\  \       /::\  \     /::\  \     /:/ _/_       /:/ _/_       /:/  /             
   /:/\:\  \     /:/\:\__\   /:/\:\__\   /:/ /\  \     /:/ /\__\     /:/  /              
  /:/ /::\  \   /:/ /:/  /  /:/ /:/  /  /:/ /::\  \   /:/ /:/ _/_   /:/  /  ___          
 /:/_/:/\:\__\ /:/_/:/  /  /:/_/:/  /  /:/_/:/\:\__\ /:/_/:/ /\__\ /:/__/  /\__\         
 \:\/:/  \/__/ \:\/:/  /   \:\/:/  /   \:\/:/ /:/  / \:\/:/ /:/  / \:\  \ /:/  /         
  \::/__/       \::/__/     \::/__/     \::/ /:/  /   \::/_/:/  /   \:\  /:/  /          
   \:\  \        \:\  \      \:\  \      \/_/:/  /     \:\/:/  /     \:\/:/  /           
    \:\__\        \:\__\      \:\__\       /:/  /       \::/  /       \::/  /            
     \/__/         \/__/       \/__/       \/__/         \/__/         \/__/             
               ___           ___                       ___           ___                 
              /\__\         /\__\                     /\  \         /\__\                
             /:/ _/_       /::|  |       ___          \:\  \       /:/ _/_               
            /:/ /\__\     /:/:|  |      /\__\          \:\  \     /:/ /\__\              
           /:/ /:/ _/_   /:/|:|  |__   /:/__/      _____\:\  \   /:/ /:/ _/_             
          /:/_/:/ /\__\ /:/ |:| /\__\ /::\  \     /::::::::\__\ /:/_/:/ /\__\            
          \:\/:/ /:/  / \/__|:|/:/  / \/\:\  \__  \:\~~\~~\/__/ \:\/:/ /:/  /            
           \::/_/:/  /      |:/:/  /   ~~\:\/\__\  \:\  \        \::/_/:/  /             
            \:\/:/  /       |::/  /       \::/  /   \:\  \        \:\/:/  /              
             \::/  /        |:/  /        /:/  /     \:\__\        \::/  /               
              \/__/         |/__/         \/__/       \/__/         \/__/                

  
   ### Weeks: 266 | Months: 60 | Years: 5 | Editions: 259 | Since: 31/01/2014 ###
   
0x52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d		

								

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 5 | Month: January | Year: 2014 | Release Date: 31/01/2014 | Edition: 1º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://homakov.blogspot.pt/2014/01/two-severe-wontfix-vulnerabilities-in.html
Description: Account Hijacking / New Methodologies.

URL: https://github.com/zumba/middleman.js
Description: A small library that lets you inject some code between a third party library and the execution context.

URL: http://securityaffairs.co/wordpress/21631/hacking/remote-command-execution-yahoo.html
Description: Discovered a Remote Command Execution Vulnerability in Yahoo!

URL: http://thehackerblog.com/samsung-com-account-takeover-vulnerability-write-up/
Description: Samsung.com Account Takeover Vulnerability Write-Up.

URL: http://miladbr.blogspot.pt/2013/04/exploiting-unexploitable-dom-based-xss.html (Old but good)
Description: Exploiting an unexploitable persistence DOM based XSS in feedly.com by using root domain cookies!


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques/Tools.


URL: https://www.dropbox.com/s/43iyug3ul8pre1w/FacbookHack.txt
Description: Facebook fun/social engineering circulating around: It auto-tagged friends & send them email, like page(es) etc.

URL: http://vxheaven.org/0x48k/
Description: Welcome Hell Knights Crew! (Oldies)

URL: https://github.com/DanMcInerney/wifijammer
Description: Let's put all Sys Admins Crazy!


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://netinfiltration.com/
Exploit: https://github.com/Mekanismen/pwnacle-fusion
Description: Oracle Reports Exploits Release.

URL: http://www.sensepost.com/blog/10178.html
Description: Revisiting XXE and abusing protocols.

URL: https://3vildata.com/?p=837
Description: From CSRF to credential Harvesting over SMS.

URL: http://talater.com/chrome-is-listening/
Description: Chrome Bugs Allow Sites to Listen to Your Private Conversations.

URL: http://www.vulnerability-lab.com/get_content.php?id=1182
Description: Mozilla Thunderbird - WireTap Remote 0Day Vulnerability.

URL: http://blog.mdsec.co.uk/2014/01/voip-attacks-skype-proof-of-concept.html
Description: VoIP Attacks - Skype Proof of Concept Released.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://www.youtube.com/watch?v=oJagxe-Gvpw
Description: World's Worst Hacker! (Learn something about: wget, tar, cd, more wget, cd, tar) :D

URL: http://it.toolbox.com/blogs/securitymonkey/the-worlds-worst-penetration-test-report-by-scumbagpentester-58747
Description: "IT Professionals" (facepalm).


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 6 | Month: February | Year: 2014 | Release Date: 07/02/2014 | Edition: 2º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://c0rni3sm.blogspot.pt/2014/02/youtube-stored-xss-strikes-back.html
Description: Youtube - Stored XSS Strikes Back!

URL: http://blog.saynotolinux.com/2014/02/05/whats-that-smell-sniffing-cross-origin-frames-in-firefox/
Description: What's That Smell? Sniffing Cross-origin Frame Content in Firefox Using Timing Attacks.

URL: https://blog.whitehatsec.com/flash-307-redirect-game-over/
Helper: http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/URLRequestHeader.html
PoC: http://pathonproject.com/zb/?de16dd15a8b996b3#JnIFpy6vaxJxfh9VO75Xx3+Ce3YaAALU83JVubmj5cA=
Description: Flash + 307 Redirect = Game Over.

URL: https://github.com/rapid7/metasploit-framework/pull/2942
Description: Android < 4.2 WebView addJavascriptInterface RCE. (😈 Epic!)


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques/Tools.


URL: https://github.com/saelo/cve-2014-0038 | http://pastebin.com/DH3Lbg54
Description: Local root exploit for CVE-2014-0038.

URL: https://www.scriptjunkie.us/2014/02/installing-linux-on-a-live-windows-system/
Description: Installing Linux on a Live Windows System. Hmm I don't like to have a Windows Pivot...

URL: http://insert-script.blogspot.co.at/2014/02/svg-fun-time-firefox-svg-vector.html
Description: SVG Fun Time - Firefox SVG Vector + Bypassing Chrome XSS Auditor.

URL: http://projectshellcode.com/?q=node/12
Description: How to write shellcode for beginners through to advanced.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://bugscollector.com/tricks/12/
Description: Valid png image which can execute as PHP file.

URL: http://blog.sucuri.net/2014/02/new-iframe-injections-leverage-png-image-metadata.html
Description: New iFrame Injection Method.

URL: http://www.troyhunt.com/2014/02/heres-how-bell-was-hacked-sql-injection.html
Description: Here’s how Bell was hacked – SQL injection blow-by-blow.

URL: http://blogs.law.harvard.edu/zeroday/2014/02/05/so-this-is-what-getting-pwned-is-like/
Description: #ASUSGATE: A story about thousands of crimeless victims


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://imgur.com/LiixgJ4
Description: Super Bowl 0WN4G3!

URL: https://www.schneier.com/blog/archives/2014/02/hacking_airline.html
Description: Hacking Airline Lounges for Free Meals.

URL: https://www.youtube.com/watch?v=tc4ROCJYbm0
Description: AT&T Archives: The UNIX Operating System.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 7 | Month: February | Year: 2014 | Release Date: 14/02/2014 | Edition: 3º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://homakov.blogspot.pt/2014/02/how-i-hacked-github-again.html
Description: How I hacked Github again. (Github lover!)

URL: http://insertco.in/2014/02/10/how-i-hacked-instagram/
Description: How I hacked Instagram to see your private photos.

URL: http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html
Exploit: http://pathonproject.com/zb/?492c38abb3eeba91#lq9B8AcoODREYhc8FExMI0ZaTHLl7DEsrIEqVdCfHjY=
Description: CVE-2014-0050 - Exploit with Boundaries, Loops without Boundaries. (Nice Writeup!)


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques/Tools.


URL: http://neosysforensics.blogspot.com.es/2010/02/la-papelera-de-reciclaje-en-windows.html
Description: The Recycle Bin in Windows Vista/7. Old but handy...

URL: https://github.com/hatRiot/clusterd
Description: Application Server Attack Toolkit (Automation: fingerprinting, reconnaissance, and exploitation phases).

URL: https://bitbucket.org/blackaura/browserfuzz
Description: A very simple browser fuzzer based on tornado.

URL: http://jeanphix.me/Ghost.py/
Description: Ghost.py is a webkit web client written in python.

URL: https://github.com/prasmussen/chrome-cli
Description: Control Google Chrome from the command line on OS X. (This can be handy :))

URL: http://16s.us/docs/sshlog/
Description: OpenSSH Patch to Log Passwords.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://www.us-cert.gov/ncas/alerts/TA14-017A
Description: UDP-based Amplification Attacks.

URL: http://www.lauradhamilton.com/random-lessons-online-poker-exploit
Description: When Random Isn't Random Enough: Lessons from an Online Poker Exploit.

URL: http://blog.alguien.at/2014/02/hackeando-el-router-zte-zxv10-w300-v21.html
Description: Hacking the ZTE router ZXV10 W300 v2.1 (SNMP Still Alive and Valid!)

URL: https://archive.org/details/shmoocon-2014
Description: Shmoocon (January 17-19, 2014) @Washington Hilton. This collection contains all recorded main area talks at the event.

URL: http://www.devttys0.com/2014/02/cracking-linksys-crypto/
Description: Cracking Linksys "Encryption". (No comments...)


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://www.youtube.com/watch?v=waEeJJVZ5P8
Description: NBC - All Visitors to Sochi Olympics Immediately Hacked! (rofl)
This is not a Movie: http://blog.erratasec.com/2014/02/that-nbc-story-100-fraudulent.html

URL: http://www.digitaljournal.com/news/world/13-year-old-defies-big-brother-and-refuses-to-be-fingerprinted/article/370009
Description: 13-year-old defies ‘big brother’ and refuses to be fingerprinted. (🐵 Monkey see monkey do! or not)


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 8 | Month: February | Year: 2014 | Release Date: 21/02/2014 | Edition: 4º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://www.hydrantlabs.org/Security/Google/Chrome/
Description: Exploiting the Google Chrome Developer Tools.

URL: http://blog.noobroot.com/2014/02/owncloud-600a-when-xss-vulnerability.html
Description: OwnCloud 6.0.0a: When a XSS Vulnerability Gives a Shell on the Server!

URL: http://gacksecurity.blogspot.co.uk/2014/02/beef-and-armitage-get-married.html
Description: BeEF and Armitage will get married. The priest will be Cortana.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques/Tools.


URL: http://forum.yubico.com/viewtopic.php?f=26&t=1171
Description: Yubikey NEO, OpenPGP, OpenSSH authentication. (Adding value to Yubikey Hardware.)

URL: http://blackhatlibrary.net/Azazel
Description: Azazel - New linux userland rootkit. Anti-debugging + new backdoors and pcap hiding.

URL: https://github.com/saelo/cve-2014-0038
Description: Linux local root exploit for CVE-2014-0038.

URL: http://blog.sucuri.net/2014/02/php-backdoors-hidden-with-clever-use-of-extract-function.html
Description: PHP Backdoors - Hidden With Clever Use of Extract Function. (Simple and Powerful!).

URL: http://www.devttys0.com/2014/02/wrt120n-fprintf-stack-overflow/
Description: WRT120N fprintf Stack Overflow.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://www.sjdjweis.com/linux/proxyarp/
Description: Proxy ARP with Linux.

URL: https://hackerone.com/reports/1356
Description: PHP Heap Overflow Vulnerability in imagecrop().

URL: http://vagosec.org/2014/02/google-drive-clickjacking-vulnerability/
Description: Why I removed my sensitive files from Google.

URL: http://www.tripwire.com/state-of-security/vulnerability-management/creating-iphone-rootkits-and-like-the-nsas-dropout-jeep/
Description: Create iPhone rootkits like you're the NSA.

URL: https://community.rapid7.com/community/metasploit/blog/2014/02/18/lets-talk-about-your-security-breach-with-metasploit-literally
Description: Let's Talk About Your Security Breach with Metasploit. Literally. In Real Time.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://grahamcluley.com/2014/02/passwords-leaked-live-tv-flood-emergency/
Description: Repeat after me: When TV crews visit, remember to wipe the whiteboard. (rotf)

URL: https://www.youtube.com/watch?v=VggwVuboLoo
Description: ATMs Pwnage! (Video and Card Reader 😕)

URL: http://www.zerodayclothing.com/
Description: Because hackers have a social life too...


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 9 | Month: February | Year: 2014 | Release Date: 28/02/2014 | Edition: 5º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://www.imperialviolet.org/2014/02/22/applebug.html
Extra: http://www.sektioneins.de/en/blog/14-02-22-Apple-SSL-BUG.html
Description: Apple's SSL/TLS bug.

URL: https://gist.github.com/joernchen/a7c031b6b8df5d5d0b61
Description: GitHub RCE by Environment variable injection Bug Bounty writeup.

URL: http://www.droidsec.org/news/2014/02/26/on-the-webview-addjsif-saga.html
Description: On the WebView addJavascriptInterface Saga. (Just awesome work!)


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/DanMcInerney/creds.py
Description: Harvest FTP/POP/IMAP/HTTP/IRC creds.

URL: https://code.google.com/p/littleblackbox/ | https://github.com/devttys0/littleblackbox
Description: Database of private SSL/SSH keys for embedded devices.

URL: https://github.com/PaulSec/HQLmap
Description: HQLmap, Automatic tool to exploit HQL injections.

URL: http://lanmaster53.com/2013/07/multi-post-csrf/
Description: Multi-POST Cross-Site Request Forgery.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://7h3ram.github.io/
Description: 7h3rAm's InfoSec Ramblings. (Nice Learning Resource!)

URL: http://blog.cassidiancybersecurity.com/post/2014/02/Bitcrypt-broken
Description: Bitcrypt broken, Bitcrypt ransomware author confused bytes and digits, ended up with a trivially-factorable 464 bit key.

URL: http://www.welivesecurity.com/2014/02/21/an-in-depth-analysis-of-linuxebury/
Description: An In-depth Analysis of Linux/Ebury (OpenSSH backdoor).

URL: http://bromiumlabs.files.wordpress.com/2014/02/bypassing-emet-4-1.pdf
Description: Bypass EMET 4.1 (Microsoft zero-day prevention capability).

URL: http://recon.cx/2013/schedule/schedule.html
Description: All the video from Recon 2013 are online now (Few video missing but they won't be released).

URL: http://labs.bromium.com/2014/02/25/dissecting-the-newest-ie10-0-day-exploit-cve-2014-0322/
Description: Dissecting the newest IE10 0-day exploit (CVE-2014-0322).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://r000t.com/who-hacked-ec-council/ | https://twitter.com/JamieCaitlin/status/438391518697512960
Description: Who Hacked EC-Council? And Again...

URL: https://github.com/torvalds/linux/blob/d158fc7f36a25e19791d25a55da5623399a2644f/fs/ext4/resize.c#L698-700
Description: Things you don't want to find in your filesystem's source code.

URL: http://www.w3.org/People/Raggett/book4/ch02.html
Description: History of HTML.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 10 | Month: March | Year: 2014 | Release Date: 07/03/2014 | Edition: 6º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://blog.saynotolinux.com/2014/03/01/yahoos-pet-show-of-horrors-abusing-a-crossdomain-proxy-to-leak-a-users-email/
Description: Yahoo's Pet Show of Horrors: Leaking a User's Emails Crossdomain!

URL: http://www.jakoblell.com/blog/2013/10/30/real-world-csrf-attack-hijacks-dns-server-configuration-of-tp-link-routers-2/
Description: Real-World CSRF attack hijacks DNS Server configuration of TP-Link routers. (Still Valid!)

URL: http://neocri.me/documentation/using-ssh-certificate-authentication/
Description: Using OpenSSH Certificate Authentication. (The Best Guide)


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/nodoraiz/DesktopBruteForcing/tree/master/DesktopBruteForcing
Description: Windows Desktop Applications Brute Forcer.

URL: https://github.com/PaulSec/CSRFT
Description: A lightweight CSRF Toolkit for easy Proof of concept.

URL: https://www.netspi.com/blog/entryid/220/dekrypto-padding-oracle-attack-against-ibm-websphere-commerce-cve-2013-05230
Description: DeKrypto - Padding oracle attack against IBM WebSphere Commerce (CVE-2013-05230).

URL: https://github.com/herrcore/punbup
Description: Python unbup script for McAfee .bup files (with some additional fun features).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://pwnrules.com/yahoo-suggestions-vulnerability/
Description: Vulnerability in Yahoo allowed me to delete more than 1 million and half records from Yahoo database.

URL: http://www.reddit.com/r/apple/comments/1zh3gw/iphone_5s_continues_to_track_your_motion_even/
Description: iPhone 5s continues to track your motion even when completely drained of battery.

URL: http://packetstormsecurity.com/files/125442/Office-365-Account-Hijacking.html
Description: Office 365 - Account Hijacking Cookie Re-Use Flaw, extended.

URL: https://github.com/pwntester/RSA_RESTing
Description: Demos for RSA talk: RESTing on your laurels will get you owned.

URL: http://www.netresec.com/?page=Blog&month=2013-10&post=Command-line-Forensics-of-hacked-PHP-net
Description: Command-line Forensics of hacked PHP.net (Nice!)

URL: http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Process-Introspection-with-Python/ba-p/6402821
Description: Process Introspection with Python. (Awesome Python Power)


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/god?tab=repositories
Description: ROFL 😂.

URL: http://libgen.org/scimag/
Description: Library Genesis - Scientific Articles, Huge Database.

URL: http://quals.sec.codebits.eu/cb/1487ab262e8deb6ec5b9dd49a18d8ac5a/
Description: Unlock your brain with some g33k/s3c exercices.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 11 | Month: March | Year: 2014 | Release Date: 14/03/2014 | Edition: 7º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://www.dimitrifourny.com/2014/03/08/how-i-have-fuzzed-php/
Description: How I have fuzzed PHP! (Quick and Nice Write-up.)

URL: https://github.com/poliva/random-scripts/blob/master/wifi/hotspot-bypass-android.sh
Description: Android Free Wi-Fi.

URL: http://pastebin.com/0EqWGmTi
Description: iOS 7.1 Security Update Details (Name,Available for, Impact, Description and CVE/Author).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://linuxaria.com/howto/ssh-in-2-steps-on-linux-with-google-authenticator?lang=en
Description: SSH in 2 steps on Linux with Google Authenticator. (Can be handy)

URL: http://console-cowboys.blogspot.co.uk/2014/03/the-curious-case-of-ninjamonkeypiratela.html
Description: The curious case of the ninjamonkeypiratelaser backdoor.

URL: http://bas.bosschert.nl/steal-whatsapp-database/
Description: Steal WhatsApp database (Android PoC).

URL: https://code.google.com/p/chromium/issues/detail?id=240058
Diff: https://bugs.webkit.org/attachment.cgi?id=164588&action=diff
Description: Chrome CSP bypass, for your collection.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://zairon.wordpress.com/2014/03/06/obfuscated-shellcode-inside-a-malicious-rtf-document/
Description: Obfuscated shellcode inside a malicious RTF document.

URL: http://www.palkeo.com/code/stealing-bitcoin.html
Description: How to steal Bitcoins.

URL: http://www.2uo.de/myths-about-urandom/
Description: Myths about /dev/urandom.

URL: http://0xa.li/php-date-is-xssable/
Description: [PHP] date() is evil (XSS’able). (Easy One!)

URL: https://intrepidusgroup.com/insight/2014/03/atv-password-log-bug/
Description: Sanitize your outputs: Apple ID Password Logfile Disclosure. (Apple TV Hacks)

URL: http://mreagle0x.blogspot.in/2014/03/how-can-i-get-your-facebook-account.html
Description: How can I get your Facebook account access_tokens by a MITM attack?


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://bugzilla.mozilla.org/show_bug.cgi?id=949446
Description: Bug 949446 - Source Code Disclosure of every possible project. 

URL: https://labs.portcullis.co.uk/blog/raspberry-ph0wn/
Description: Raspberry ph0wn. (Mossad Style)

URL: https://github.com/copy/v86
Description: x86 virtualization in JavaScript, running in your browser and NodeJS.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 12 | Month: March | Year: 2014 | Release Date: 21/03/2014 | Edition: 8º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://www.youtube.com/watch?v=Jk5Yad598vs
Description: A few practical notes on reverse-engineering. (Plus: Slides and Sources)

URL: https://plus.google.com/u/0/+AleksandrDobkin-Google/posts/JMwA7Y3RYzV
Description: Reverse Clickjacking Write-up.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://tinyhack.com/2014/03/12/implementing-a-web-server-in-a-single-printf-call/
Description: Implementing a web server in a single printf() call.

URL: http://www.debasish.in/2014/03/in-memory-kernel-driverioctlfuzzing.html
Description: In-Memory Kernel Driver(IOCTL)Fuzzing using Python.

URL: http://capstone-engine.org/bot.html
Description: CEbot - disasm from your Twitter account.

URL: http://www.scs.stanford.edu/brop/
Description: Blind Return Oriented Programming (BROP).

URL: http://blog.didierstevens.com/2014/03/20/xorsearch-finding-embedded-executables/
Description: XORSearch - Finding Embedded Executables.

URL: http://swfid.zz.mu/swfid
Description: SWF iD: Flash reverser companion.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://blog.includesecurity.com/2014/03/exploit-CVE-2014-0038-x32-recvmmsg-kernel-vulnerablity.html
Description: How to exploit the x32 recvmmsg() kernel vulnerability CVE 2014-0038.

URL: http://blog.shubh.am/ssrf-is-dangerous/
Description: Demonstrating the critical nature of SSRF – Accessing PayPal’s internal network.

URL: https://www.securusglobal.com/community/2014/03/17/how-i-got-root-with-sudo/
Description: How I got root with Sudo.

URL: http://blog.veracode.com/2014/03/introducing-the-ios-reverse-engineering-toolkit/
Description: Introducing the iOS Reverse Engineering Toolkit.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://sorting.at/
Description: Amazing Visualization of Sorting Algorithms.

URL: https://gist.github.com/homakov/9383241
Description: Learning Something New.

URL: https://github.com/tlrobinson/evil.css/
Description: Because CSS isn't evil enough already.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 13 | Month: March | Year: 2014 | Release Date: 28/03/2014 | Edition: 9º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://an7isec.blogspot.co.il/
Description: WinRar File extension spoofing ("0Day").

URL: http://gynvael.coldwind.pl/?lang=en&id=533
Description: Integer overflow into XSS and other fun stuff - a case study of a bug bounty.

URL: http://engineering.prezi.com/blog/2014/03/24/prezi-got-pwned-a-tale-of-responsible-disclosure/
Description: A Tale of Responsible Disclosure.

URL: https://blog.mozilla.org/security/2014/03/25/using-fuzzdb-for-testing-website-security/
Description: Using FuzzDB for Testing Website Security.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/mmozeiko/aes-finder
Description: Utility to find AES keys in running process memory. Works for 128, 192 and 256-bit keys.

URL: http://blog.veracode.com/2014/03/introducing-the-ios-reverse-engineering-toolkit/
Description: The iOS Reverse Engineering Toolkit.

URL: http://openzfsonosx.org/
Description: The open source port of OpenZFS on OS X.

URL: http://ropshell.com/
Description: Free online service for generating and searching for Return-Oriented-Programming (ROP) gadgets.

URL: https://github.com/buffer/thug
Description: Python low-interaction honeyclient.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://securehoney.net/blog/how-to-dissect-android-flappy-bird-malware.html#.UyxQzHV_spw
Description: How To Dissect Android Flappy Bird Malware.

URL: http://blog.safetechinnovations.com/pentest/ebay-authentication-bypass/
Description: eBay Authentication Bypass. (omg 😮)

URL: http://nginx.com/admin-guide/
Description: NGINX and NGINX Plus Admin Guide.

URL: http://mathiasbynens.be/notes/pbkdf2-hmac
Description: PBKDF2+HMAC hash collisions explained.

URL: https://github.com/tomparys/docker-skype-pulseaudio
Description: Run Skype inside an isolated Docker container on your Linux desktop!


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://geelen.github.io/x-gif/#/http://i.imgur.com/iKXH4E2.gif
Description: The GIF tag the internet deserves.

URL: https://github.com/DHrpcs3/rpcs3
Description: PS3 emulator/debugger.

URL: http://dorey.github.io/JavaScript-Equality-Table/
Description: JavaScript-Equality-Table.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 14 | Month: April | Year: 2014 | Release Date: 04/04/2014 | Edition: 10º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://manjeshboss.blogspot.in/2014/03/javascript-injection-on-facebook.html?m=1
Description: Javascript injection on Facebook.

URL: http://w00tsec.blogspot.gr/2014/03/wilcard-dns-content-poisoning-xss-and.html
Description: Wilcard DNS, Content Poisoning, XSS and Certificate Pinning.

URL: http://pathonproject.com/zb/?41f6d72f5c814c87#Rxm2PR7Xeig+ahawkW3Hn5NIkPvj4wKfuUCUYi5+oOM=
Description: Simple PHP XXE Example.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://www.gironsec.com/blog/2014/03/writing-your-own-keylogger-in-c/
Description: Writing Your Own Remote Key Logger in C.

URL: https://www.trustedsec.com/downloads/tools-download/
Description: Tools and Exploits by TrustedSec.

URL: https://github.com/emberjs/ember-inspector
Helper: http://emberjs.com/
Description: Adds an Ember tab to Chrome or Firefox Developer Tools that allows you to inspect Ember objects in your application. 

URL: http://blog.snort.org/2014/04/announcing-netvi-new-tool-from-snort.html
Description: netvi, a new tool from the Snort team for editing network packets in real time.

URL: https://github.com/defuse/dnsfs
Description: This is a script for hosting and downloading a static set of files over DNS without using a custom DNS server.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://github.com/lebinh/ngxtop
Description: Real-time metrics for NGINX server.

URL: http://nbviewer.ipython.org/github/neuromancer/neuromancer.github.io/blob/master/notebooks/Learning%20from%201.2k%20bugs.ipynb
Description: Learning from 1.2k bugs (part I: "It's a science experiment!").

URL: http://martin.swende.se/blog/HTTPChunked.html
Description: Chunked HTTP transfer encoding.

URL: http://www.cis.syr.edu/~wedu/Research/paper/xds_attack.pdf
Description: XDS - Cross-Device Scripting Attacks on Smartphones through HTML5-based Apps.

URL: http://ejj.io/keybase-io-vulnerability/
Description: Keybase.io vulnerability.

URL: http://isecpartners.github.io/publications/iSEC_Cryptocat_iOS.pdf
Description: CryptoCat iOS - Application Penetration Test.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://www.ponyos.org/
Description: A Hobby Operating System for Everypony!

URL: https://www.youtube.com/watch?v=BKorP55Aqvg
Description: The Expert (Short Comedy Sketch).

URL: https://pbs.twimg.com/media/BkHyByYIcAADPpY.jpg
Description: Access System Upgraded!


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 15 | Month: April | Year: 2014 | Release Date: 14/04/2014 | Edition: 11º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://morgawr.github.io/hacking/2014/03/29/shellcode-to-reverse-bind-with-netcat
Description: How to - Shellcode to reverse bind a shell with netcat.

URL: http://www.webinfosec.in/2014/04/google-feed-burner-csrf-and-spoof-email.html
Description: Google Feed Burner CSRF And Spoof Email (Insecure Client Captcha).

URL: http://pwnrules.com/google-drive-stored-xss/
Description: Stored XSS in Google Drive.

URL: http://heartbleed.com/
More: http://pathonproject.com/zb/?e8610d55fca0fcca#4NE7JNjCZj1oCvlySqLM8xuE05XtXUgqwqn+RcA4j8s=
Description: The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. 


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://owasp.github.io/NINJA-PingU/
Description: High performance network scanner tool for large scale analyses.

URL: http://www.thespanner.co.uk/2014/04/07/bypassing-the-xss-filter-using-function-reassignment/
Description: Bypassing the XSS filter using function reassignment.

URL: http://mohankallepalli.blogspot.in/2014/04/cross-site-scripting-through-callback.html
Description: Cross Site Scripting through callback functionality.

URL: https://github.com/draios/sysdig
Description: a system exploration and troubleshooting tool (strace + tcpdump + lsof + awesome sauce)

URL: http://www.hsc.fr/ressources/breves/passe-partout.html.en
Description: In-memory extraction of SSL private keys.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://thehackerblog.com/a-look-into-creating-a-truley-invisible-php-shell/
Description: A look into creating a truley invisible PHP Shell.

URL: http://hardsec.net/como-hacer-un-exploit-en-win32-desde-0-mini-httpd-sever/
Description: How to make an exploit in win32 from 0 (Mini HTTPD Sever).

URL: http://www.firefart.net/multiple-vulnerabilities-in-ioncube-loader-wizard/
Description: Multiple vulnerabilities in ioncube loader wizard.

URL: http://breaking.systems/blog/2014/04/avm-fritzbox-root-rce-from-patch-to-metasploit-module-i
More: http://breaking.systems/blog/2014/04/avm-fritzbox-root-rce-from-patch-to-metasploit-module-ii  
Description: AVM Fritz!Box root RCE: From Patch to Metasploit Module - I

URL: http://hatriot.github.io/blog/2014/04/02/lfi-to-stager-payload-in-coldfusion/
Description: LFI to Shell in Coldfusion 6-10.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://www.asscert.com/
Description: Certified Application Security Specialists.

URL: http://www.hackerstrip.com/
Description: Real stories, real hackers...

URL: https://github.com/musalbas/musicalpackets
Description: Convert internet traffic to music.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 16 | Month: April | Year: 2014 | Release Date: 21/04/2014 | Edition: 12º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://blog.detectify.com/post/82370846588/how-we-got-read-access-on-googles-production-servers
Description: How we got read access on Google’s production servers.

URL: http://pwnrules.com/flickr-from-sql-injection-to-rce/
Description: Flickr from SQL Injection to RCE.

URL: http://nahamsec.com/2014/04/paypal-marketing-remote-code-execution/
Description: Paypal marketing remote code execution (RCE), information disclosure and XSS.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/nccgroup/easyda
Description: Easy Windows Domain Access Script.

URL: https://www.unix-ag.uni-kl.de/~conrad/krypto/pkcrack.html
Description: PkCrack - Breaking PkZip-encryption.

URL: https://github.com/0xd4d/de4dot
Description: .NET deobfuscator and unpacker.

URL: http://www.sec-down.com/wordpress/?p=373
Description: WebPwn3r is a Web Applications Security Scanner.

URL: https://github.com/kevthehermit/RATDecoders
Description: Python Decoders for Common Remote Access Trojans.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://www.appsecconsulting.com/appsec-blog/searching-for-credit-card-track-data-in-memory/menu-id-193.html
Description: Searching for Credit Card Track Data in Memory.

URL: http://javascript.info/tutorial/clickjacking
Description: The Clickjacking attack, X-Frame-Options.

URL: http://n0where.net/basic-integer-overflows/
Description: Basic Integer Overflows.

URL: http://thehackerblog.com/crossdomain-xml-proof-of-concept-tool/
Description: Crossdomain.xml Proof of Concept Tool.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://www.ctnieves.com/blogpost.php?id=1
Description: Hacking the 3DS.

URL: http://phrack.org/papers/fall_of_groups.html
Description: The Fall of Hacker Groups.

URL: https://gist.github.com/epixoip/10570627
Description: How I obtained the private key for www.cloudflarechallenge.com.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 17 | Month: April | Year: 2014 | Release Date: 28/04/2014 | Edition: 13º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://community.rapid7.com/community/metasploit/blog/2014/04/15/exploiting-csrf-without-javascript
Description: Exploiting CSRF under NoScript Conditions.

URL: http://breaktoprotect.blogspot.in/2014/04/feedly-android-application-zero-day.html
Description: Feedly Android Application Zero-day Vulnerability - JavaScript Code Injection.

URL: https://github.com/apenwarr/sshuttle
Description: Transparent proxy server that works as a poor man's VPN.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/yarrick/iodine
Description: Tunnel IPv4 data through a DNS server.

URL: https://github.com/DiabloHorn/rdps2rdp
Description: Decrypt MITM SSL RDP and save to pcap.

URL: http://pyrasite.readthedocs.org/en/latest/CLI.html
Description: Inject arbitrary code into a running Python process.

URL: https://code.google.com/p/pdf-grapher/
Description: pdf-grapher graphs PDF objects and references to help aid in malicious PDF analysis.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://phrack.org/papers/revisiting-mac-os-x-kernel-rootkits.html
Description: Revisiting Mac OS X Kernel Rootkits.

URL: http://www.mehmetince.net/codeigniter-object-injection-vulnerability-via-encryption-key/
Description: Codeigniter Object Injection Vulnerability via Encryption Key.

URL: http://www.sodnpoo.com/posts.xml/spoofing_the_samsung_smart_tv_internet_check.xml
Description: Spoofing the samsung smart tv internet check.

URL: http://www.debasish.in/2014/04/attacking-audio-recaptcha-using-googles.html
Description: Attacking Audio reCaptcha using Google's Web Speech API.

URL: http://2014.hackitoergosum.org/slides/
Description: Hackito Ergo Sum 2014 Slides.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL http://smutefy.inacho.es/ | https://gist.github.com/pcworld/3198763
Description: Spotify Ad Mute (MacOS and Linux).

URL: https://www.youtube.com/watch?v=whEWE6WC1Ew
Description: I'm a C I Double S P (CISSP Parody).

URL: http://annasagrera.com/on-ascii-youtube-and-letting-go/
Description: On ascii, youtube and letting go.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###    Week: 18 | Month: May | Year: 2014 | Release Date: 02/05/2014 | Edition: 14º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://blog.tjll.net/ssh-kung-fu/
Description: SSH Kung Fu. (Quick Reference Guide)

URL: http://blog.gdssecurity.com/labs/2014/4/24/sql-injection-in-dynamically-constructed-images-and-other-sq.html
Description: SQL Injection In Dynamically Constructed Images (And Other Sql Related Mischief).

URL: http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html
Description: OAuth 2.0 and OpenID Covert Redirect.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://thehelpfulhacker.net/2011/11/15/virtual-box-openbsd-router/
Description: A Simple OpenBSD Router For Your Virtual Machines.

URL: https://www.netspi.com/blog/entryid/223/executing-msf-payloads-via-powershell-webshellery
Descritpion: Executing MSF Payloads via PowerShell Webshellery. (Webshells Easy Way)

URL: https://github.com/jmxploit/jmxploit
Description: Jmxploit is written in Java to audit the security level of the JMX API in Tomcat environment.

URL: https://github.com/routerkeygen/routerkeygenAndroid
Description: Router Keygen generate default WPA/WEP keys for several routers. (Android Application)


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://duartes.org/gustavo/blog/post/anatomy-of-a-program-in-memory/
Description: Anatomy of a Program in Memory.

URL: http://www.incapsula.com/blog/world-largest-site-xss-ddos-zombies.html
Description: Turns Visitors into “DDoS Zombies”.

URL: http://cert.inteco.es/extfrontinteco/img/File/intecocert/EstudiosInformes/INT_Telegram_EN.pdf
Description: Telegram - Bypassing the authentication protocol.

URL: http://blog.emaze.net/2014/04/attack-campaign-targeting-struts2.html
Description: Attack campaign targeting Apache Struts2 vulnerability.

URL: http://joxeankoret.com/blog/2014/05/02/a-vulnerability-that-wasnt/
Description: A vulnerability that wasn’t. (Not wasted time)


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://programmingexcuses.com/
Description: Excuses For Lazy Coders.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###    Week: 19 | Month: May | Year: 2014 | Release Date: 09/05/2014 | Edition: 15º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://penturalabs.wordpress.com/2014/05/04/reverse-dom-xss/
Description: Reverse DOM XSS (Nice Technique 😎).

URL: http://www.websecresearch.com/2014/05/a-way-to-bypass-authentication.html
Description: Authentication Bypass Using Login Validation Process Prediction.

URL: http://blog.flowdock.com/2014/05/07/how-we-found-a-directory-traversal-vulnerability-in-rails-routes/
PoC: $ curl localhost:3000/staraction/../../../../../../../../../../etc/passwd.txt 
Description: How we found a directory traversal vulnerability in Rails routes.

URL: http://makthepla.net/blog/=/plesk-sso-xxe-xss
Description: Plesk 10 & 11 SSO XXE/XSS.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://code.google.com/p/wfuzz/
Description: Wfuzz is a tool designed for bruteforcing Web Applications.

URL: http://www.frida.re/
Description: Inject JavaScript to explore native apps on Windows, Mac, Linux, iOS and Android.

URL: https://code.google.com/p/volafox/
Description: Volafox a.k.a 'Mac OS X Memory Analysis Toolkit'.

URL: http://blog.mrg-effitas.com/publishing-of-mrg-effitas-automatic-xor-decryptor-tool/
Description: Automatic XOR decryptor tool (Yet Another Tool).

URL: http://www.blisstonia.com/software/Decrypto/
Description: Decrypto 8.5 is a free program for solving cryptoquips.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://www.thespanner.co.uk/2014/05/06/mxss/
More: http://d.hatena.ne.jp/hasegawayosuke/20140508/p1
Description: Mutation XSS (mXSS) the beginning!

URL: http://www.nirgoldshlager.com/2013/02/how-i-hacked-facebook-oauth-to-get-full.html
Description: How I Hacked Facebook OAuth To Get Full Permission On Any Facebook Account (Without App "Allow" Interaction).

URL: http://car-online.fr/files/publications/2014-03-CODASPY/kameleonfuzz-evolutionary_blackbox_XSS_fuzzing-duchene-codaspy_2014-paper.pdf
Description: KameleonFuzz - Evolutionary Fuzzing for Black-Box XSS Detection.

URL: http://thehackpot.blogspot.ie/2014/04/android-hacking-using-armitage.html
Description: Android Hacking with Armitage.

URL: http://rce4fun.blogspot.pt/2014/05/windows-heap-overflow-exploitation.html
Description: Windows Heap Overflow Exploitation (Step by Step).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://pastebin.com/raw.php?i=gjkivAf3
Description:  OpenSSH sshd - memory leak (Legen...Wait For It...Dary).

URL: https://gist.github.com/quchen/5280339
Description: Trolling Haskell.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###    Week: 20 | Month: May | Year: 2014 | Release Date: 16/05/2014 | Edition: 16º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://www.oauthsecurity.com/
Description: OAuth Security Cheatsheet.

URL: http://www.securatary.com/Portals/0/Vulnerabilities/PayPal/Paypal%20Manager%20Account%20Hijack.pdf
Description: PayPal Manager Admin Account Hijack.

URL: http://bouk.co/blog/elasticsearch-rce/
PoC: http://www.exploit-db.com/exploits/33370/
Description: Insecure default in Elasticsearch enables remote code execution (RCE).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/enzolovesbacon/inficere
Description: Mac OS X rootkit (for learning purposes 😇).

URL: http://holloway.co.nz/steg/
Description: Steganography to hide secret messages in user’s tweets.

URL: https://blog.curesec.com/article/blog/32.html
Description: Heartbleed analysis daemon published.

URL: https://github.com/vboxme/Portable-VirtualBox
Description: Portable-VirtualBox run OSs from a usb stick without separate installation.

URL: https://github.com/hedaode/SmartProxy
Description: SmartProxy transparent TCP proxy client for Android 4.0++, without ROOT privileges.

URL: http://xip.io/
Description: Wildcard DNS for everyone.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://www.securityaegis.com/the-big-fat-metasploit-post/
Description: The Big Fat Metasploit Post (All in One).

URL: http://samsclass.info/124/proj14/p6x-NTP-DrDOS.htm
Description: Packet Amplification with NTP.

URL: http://www.aldeid.com/wiki/Fiddler#Example:_Decrypting_malware_HTTPS_traffic
Description: Decrypting malware HTTPS traffic.

URL: http://blog.ioactive.com/2014/05/glass-reflections-in-pictures-osint.html
Description: Glass Reflections in Pictures + OSINT = More Accurate Location. 

URL: http://www.jakoblell.com/blog/2014/05/07/hacking-contest-rootkit/
Description: Rootkit - Motivational Post.

URL: http://blog.ptsecurity.com/2014/05/obtaining-passwords-from-cisco-wireless.html
Description: Obtaining Passwords from Cisco Wireless LAN Controllers.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://www.adafruit.com/blog/2014/04/04/new-product-cupcade-the-raspberry-pi-powered-micro-arcade-cabinet-kit-beta/
Description: Micro Arcade Cabinet Kit.

URL: https://www.alchemistowl.org/pocorgtfo/spoiler03.html
Description: PoC||GTFO  0x03 Spoiler 😸.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###    Week: 21 | Month: May | Year: 2014 | Release Date: 23/05/2014 | Edition: 17º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://nahamsec.com/?p=210
Description: How I XSS'ed All Of Yahoo's Services.

URL: http://blog.shubh.am/how-i-bypassed-2-factor-authentication-on-google-yahoo-linkedin-and-many-others/
Description: How I bypassed 2-Factor-Authentication on Google, Facebook, Yahoo, LinkedIn, and many others.

URL: http://blog.techorganic.com/2014/05/14/from-fuzzing-to-0-day/
Description: From Fuzzing to 0-day.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/bdcht/amoco
Description: Yet another tool for analysing binaries.

URL: http://cybermashup.com/2014/05/01/jtag-debugging-made-easy-with-bus-pirate-and-openocd/
Description: JTAG debugging with Bus pirate and OpenOCD.

URL: http://www.room362.com/blog/2014/04/19/executing-code-via-smb-without-psexec/
Description: Executing Code via SMB / DCOM Without PSEXEC.

URL: https://github.com/sandrogauci/wafw00f
Description: WAFW00F identifies and fingerprints Web Application Firewall (WAF) products.

URL: https://github.com/theopolis/uefi-firmware-parser
Description: Parse BIOS/Intel ME/UEFI firmware related structures - Volumes, FileSystems, Files, etc.

URL: https://bitbucket.org/mihaila/bintrace/wiki/Home
Description: Tool to record and dump traces of an executable program and its data.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140508-0_AVG_Remote_Administration_Multiple_critical_vulnerabilities_v10.txt
Description: Multiple critical vulnerabilities in AVG Remote Administration.

URL: https://www.trustedsec.com/may-2014/moar-shellz/
Description: Moar Shellz! Metasploit psexec_command Tricks and Tips.

URL: https://doar-e.github.io/blog/2014/04/30/corrupting-arm-evt/
Description: Corrupting the ARM Exception Vector Table. 

URL: https://fail0verflow.com/blog/2014/enhancing-the-avic-5000nex.html
Description: Enhancing the AVIC-5000NEX.

URL: http://habrahabr.ru/company/dsec/blog/222993/
Description: VM escape - 101.

URL: http://int0xcc.svbtle.com/stripping-upatre-trojan-downloader
Description: Stripping Upatre Trojan Downloader.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://syncthing.net/
Description: Syncthing replaces Dropbox and BitTorrent Sync with something open, trustworthy and decentralized.

URL: http://blogs.msdn.com/b/debuggingtoolbox/archive/2014/05/14/hacking-minesweeper-for-windows-8.aspx
Description: Hacking Minesweeper for Windows 8.

URL: http://blog.cloudflare.com/bpf-the-forgotten-bytecode
Description: BPF - the forgotten bytecode (TCPDump History and Work flow).


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###    Week: 22 | Month: May | Year: 2014 | Release Date: 30/05/2014 | Edition: 18º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://op-co.de/blog/posts/hacking_the_nx300/
Description: Hacking the Samsung NX300 'Smart' Camera.

URL: http://cyvera.com/cve-2014-1776-how-easy-it-is-to-attack-these-days/
Description: CVE-2014-1776 - How easy it is to attack these days.

URL: http://insanecoding.blogspot.ro/2014/04/common-libressl-porting-mistakes.html
Description: Common LibreSSL porting mistakes.

URL: https://zyan.scripts.mit.edu/blog/wordpress-fail/
Description: Don't forget to secure cookies (WordPress accounts open to hijacking).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/samratashok/nishang
Description: Nishang is a framework and collection of scripts/payloads which enables usage of PowerShell.

URL: https://github.com/skepticfx/tlsjack
Description: A simple TLS forwarder that lets you intercept traffic and play with them.

URL: https://github.com/micahflee/onionshare
Description: Securely share a file of any size in Tails.

URL: http://rotlogix.com/2014/05/21/exploiting-local-file-includes-with-liffy/
Description: Exploiting LFI Vulnerabilities with Liffy.

URL: http://m-austin.com/blog/?p=118
Description: Google Docs "Clickjacking" (Information Disclosure).

URL: http://www.hexacorn.com/blog/2014/05/21/rce-list-of-64-bit-tools/
Description: Dump tool for reverse engineering of the PE32+ (x64 Platform).

URL: https://code.google.com/p/libbde/
Description: Library and tools to access the BitLocker Drive Encryption (BDE) encrypted volumes.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://eternal-todo.com/blog/cve-2013-2729-exploit-zeusp2p-gameover
Description: Attached CVE-2013-2729 exploit used to drop ZeuS-P2P/Gameover.

URL: http://www.vupen.com/blog/20140520.Advanced_Exploitation_Firefox_UaF_Pwn2Own_2014.php
Description: Advanced Exploitation of Mozilla Firefox Use-After-Free Vulnerability (Pwn2Own 2014).

URL: http://www.scriptjunkie.us/2013/11/adding-easy-ssl-client-authentication-to-any-webapp/
Description: Adding Easy SSL Client Authentication To Any Webapp.

URL: http://www.websec.mx/advisories/view/Generador-de-WPA-Huawei-HG8245-y-HG8247
Description: 'Generador de WPA Huawei HG8245 y HG8247.' (Spanish)


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/pickhardt/betty
Description: Friendly English-like interface for your command line.

URL: http://williamknowles.co.uk/?p=16
Description: PiTap - Automated Packet Capture on a Raspberry Pi.

URL: http://www.circl.lu/projects/CIRCLean/
Description: CIRCLean - USB key sanitizer.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 23 | Month: June | Year: 2014 | Release Date: 06/06/2014 | Edition: 19º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html
Description: How I discovered CCS Injection Vulnerability (OpenSSL CVE-2014-0224). 

URL: http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/
PoC: https://github.com/azet/CVE-2014-3466_PoC
Description: Technical Analysis Of The GnuTLS Hello Vulnerability.

URL: http://blog.internot.info/2014/05/facebook-skype-to-email-leak-3000-bounty.html
Description: Facebook "Skype-to-Email" leak ($3,000 Bounty).

URL: http://www.sysvalue.com/en/heartbleed-cupid-wireless/
More Information: https://confluence.terena.org/display/H2eduroam/heartbleed-note
Description: Heartbleed, Cupid and Wireless.

URL: https://henryhoggard.co.uk/?p=68
Description: Hijacking Paypal Accounts Using the SMS Feature.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/ralphje/imagemounter/
Description: CLI tool and Python package to ease the (un)mounting of EnCase, AFF and dd disk images (Forensics Helper).

URL: http://moscrack.sourceforge.net/
Description: Multifarious On-demand Systems Cracker.

URL: https://github.com/husam212/MITMer
Description: Automated man-in-the-middle attack tool.

URL: https://code.google.com/p/xssf/
Description: Cross-Site Scripting Framework.

URL: https://github.com/lostincynicism/FuzzAP
Description: A python script for obfuscating wireless networks.

URL: https://github.com/prezi/reddalert
Description: AWS risky security change detector based on EDDA.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://blog.j-michel.org/post/86992432269/from-nand-chip-to-files
Description: From NAND chip to files.

URL: http://www.securitybydefault.com/2012/07/backdooring-apache.html
Description: Backdooring Apache (Spanish).

URL: http://blog.opensecurityresearch.com/2014/05/acquiring-linux-memory-from-server-far.html
Description: Acquiring Linux Memory from a Server Far Far Away.

URL: http://www.securityartwork.es/2014/06/04/read-htaccess-file-through-blind-sql-injection/?lang=en
Description: Read htaccess file through Blind SQL injection.

URL: http://www.labofapenetrationtester.com/2014/06/introducing-antak.html
Description: Introducing Antak - A webshell which utilizes powershell.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://kukuruku.co/hub/nix/writing-a-file-system-in-linux-kernel
Description: Writing a File System in Linux Kernel.

URL: https://wireedit.com/
Description: Free Interactive Network Packet Builder.

URL: http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html
Description: A Stick Figure Guide to the Advanced Encryption Standard (AES).


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 24 | Month: June | Year: 2014 | Release Date: 13/06/2014 | Edition: 20º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://www.orenh.com/2014/06/one-token-to-rule-them-all-tale-of.html
Description: One Token to Rule Them All - The Tale of the Leaked Gmail Addresses.

URL: http://c0rni3sm.blogspot.pt/2014/06/xss-in-google-mapmaker.html
Description: XSS in Google MapMaker.

URL: https://cybersmartdefence.com/docs/Paypal-Safely-Double-your-Money.csd
Description: Safely double your money with PayPal.

URL: http://nahamsec.com/?p=267
Description: Single vulnerability to cause stored XSS in Yahoo, Google, Twitter, Amazon and more.

URL: https://zyan.scripts.mit.edu/blog/a-boring-xss-dissection/
Description: TweetDeck XSS Dissection.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/rfunix/Pompem
Description: Find exploit tool.

URL: https://github.com/secretsquirrel/the-backdoor-factory
Description: Patch win32/64 PE and linux32/64 binaries with shellcode.

URL: http://n0where.net/hexinject/
Description: HexInject is a very versatile packet injector and sniffer.

URL: https://github.com/Smaash/hostscan/
Description: PHP tool for scanning specific range of hosts.

URL: https://www.shellterproject.com/introducing-shellter/
Description: Shellter is a dynamic shellcode injection tool.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://blog.cylance.com/a-study-in-bots-lobotomy
Description: A Study in Bots - LoBOTomy.

URL: http://iss.oy.ne.ro/Aether
Description: Attacking the Internet using Broadcast Digital Television.

URL: http://blog.opensecurityresearch.com/2014/05/multi-stagedmulti-form-csrf.html
Description: Multi-Staged/Multi-Form CSRF (Simple and Useful).

URL: http://sirdarckcat.blogspot.pt/2014/05/matryoshka-web-application-timing.html
Description: Web Application Timing Attacks (or.. Timing Attacks against JS Applications in Browsers).

URL: http://labs.neohapsis.com/2014/06/02/smarttv-smartphone-dial-an-attack-surface/
Description: Smart TV + Smartphone = Shiny New Attack Surfaces.

URL: http://xn--thibaud-dya.fr/jenkins_credentials.html
Description: Credentials storage in Jenkins. (Nice writeup)


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://penturalabs.wordpress.com/2014/03/17/iclass-is-not-enough/
Description: iClass Is Not Enough.

URL: http://piratebox.cc/
Description: DIY anonymous offline file-sharing and communications system.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 25 | Month: June | Year: 2014 | Release Date: 22/06/2014 | Edition: 21º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://www.insinuator.net/2014/05/django-image-validation-vulnerability/
Description: Django Image Validation Vulnerability.

URL: http://blog.cyberint.com/2014/05/facebook-hidden-friends-vulnerability.html
Description: Facebook Hidden Friends Vulnerability (With "fb-hfc" released).

URL: http://blog.includesecurity.com/2014/06/exploit-walkthrough-cve-2014-0196-pty-kernel-race-condition.html
Description: Exploiting CVE-2014-0196 a walk-through of the Linux pty race condition PoC.

URL: http://hacksecproject.com/?p=73
Description: Yahoo! SSRF/XSPA Vulnerability.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/piscou/FuzzWin/
Description: Windows Fuzzer.

URL: https://github.com/sensepost/snoopy-ng
Description: Snoopy v2.0 - modular digital terrestrial tracking framework.

URL: https://github.com/ironbee/libhtp
Description: LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces.

URL: https://github.com/ChrisJohnRiley/PySC
Description: PySC - Shellcode from a DNS server or Internet Explorer into a specified process.

URL: https://github.com/1aN0rmus/TekDefense-Automater
Description: Automater - IP URL and MD5 OSINT Analysis.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://immunityservices.blogspot.pt/2014/06/from-patch-to-crash-story-of-ms13-089.html
Description: From Patch to Crash, the story of MS13-089.

URL: http://joe4security.blogspot.pt/2014/06/the-power-of-cookbooks-generic-https.html
Description: The Power of Cookbooks - generic HTTPS Analysis.

URL: http://itsecurity.telelink.com/dhcp-attacks/
Description: DHCP Attacks.

URL: https://code.google.com/p/ghost-usb-honeypot/
Description: A honeypot for USB malware

URL: http://blog.quarkslab.com/usb-fuzzing-basics-from-fuzzing-to-bug-reporting.html
Description: USB Fuzzing Basics - From fuzzing to bug reporting.

URL: http://hackerforhire.com.au/data-exfiltration-over-ssl-with-srvdir/
Description: Data exfiltration over SSL with srvdir.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://pastebin.com/raw.php?i=9s4TVqZq
Description: Only For The LULZ!

URL: http://lambdaops.com/rm-rf-remains
Description: rm -rf remains.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 26 | Month: June | Year: 2014 | Release Date: 30/06/2014 | Edition: 22º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://lab.onsec.ru/2014/06/xxe-oob-exploitation-at-java-17.html
Description: XXE OOB exploitation at Java 1.7+.

URL: http://blog.rop.io/http-cache-poisoning-explained.html
Description: HTTP Cache Poisoning Explained.

URL: http://www.freebuf.com/articles/terminal/36503.html
Description: Into Science - Secret how to hack TV (Android).

URL: https://www.duosecurity.com/blog/duo-security-researchers-uncover-bypass-of-paypal-s-two-factor-authentication
Description: Duo Security Researchers Uncover Bypass of PayPal’s Two-Factor Authentication.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://gist.github.com/willurd/5720255
Description: Big list of http static server one-liners. (Handy!)

URL: https://github.com/yukisov/php-owasp-zap-v2
Description: PHP client API for OWASP ZAP.

URL: http://www.sploitmonkey.com/2014/06/introducing-pyhashcat.html
Description: Introducing pyHashcat.

URL: http://sourceforge.net/projects/zeppoo/
Description: Zeppoo detect rootkits on i386 and x86_64 architecture.

URL: https://github.com/edix/LoadDll
Description: Better version of RunDll with GUI. 

URL: https://examplecode.github.io/tools/2014/06/20/the-tools-prevent-dns-cache-pollution/
Description: GFW DNS pollution principle - to prevent contamination gadget DNS.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://blog.crackpassword.com/2014/06/breaking-into-icloud-no-password-required/
Description: Breaking Into iCloud - No Password Required.

URL: http://www.labofapenetrationtester.com/2014/06/hacking-jenkins-servers.html
Description: Hacking Jenkins Servers With No Password - Powershell fun.

URL: http://www.harmj0y.net/blog/
Description: Audit client systems for common Windows privilege escalation vectors (Manual).

URL: http://hashcrack.org/index.html#190614
Description: CVE-2014-4014 - Linux Kernel Local Privilege Escalation "exploitation".

URL: http://yurichev.com/RE-book.html
Description: Reverse Engineering for Beginners book (Free).

URL: https://medium.com/@oleavr/build-a-debugger-in-5-minutes-1-5-51dce98c3544
Description: Build a debugger in 5 minutes (or not :D).

URL: https://www.technovelty.org/linux/what-actually-happens-when-you-plug-in-a-usb-device.html
Description: What actually happens when you plug in a USB device ?


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://dicesoft.net/projects/wildcard-code-execution-exploit.htm
Description: Exploiting Wildcard Expansion on Linux ;) Trolling Time!


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 27 | Month: July | Year: 2014 | Release Date: 04/07/2014 | Edition: 23º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html
PoC: http://pastebin.com/kG3AsUKP
Description: Raising Lazarus - The 20 Year Old Bug that Went to Mars.

URL: http://blog.h3xstream.com/2014/06/identifying-xml-external-entity.html
Description: Identifying Xml eXternal Entity vulnerability (XXE) in RunKeeper.

URL: http://kos.io/outlook/
Description: XSS in Outlook 2011 for Mac.

URL: http://blog.sucuri.net/2014/06/anatomy-of-a-remote-code-execution-bug-on-disqus.html
Description: Remote Code Execution Vuln in Disqus.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/tyranid/AxHell
Description: A simple exploitable ActiveX control for RE/VR.

URL: http://blog.nullmode.com/blog/2014/06/28/getting-personal-with-powershell/
Description: Getting Personal With PowerShell: Linux to PowerShell ;) (love)

URL: https://github.com/ohjeongwook/DumpFlash
Description: Dump Flash Memory.

URL: https://github.com/Flo354/iOSForensic/
Description: iOS Forensics Tool.

URL: https://github.com/nccgroup/UPnP-Pentest-Toolkit
Description: UPnP Pentest Toolkit for Windows.

URL: https://github.com/synack/knockknock
Description: Who's there ? Generically detect persist OS X malware.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://toastedcornflakes.github.io/blog/2014/06/28/static-analysis-of-cysca-2014-portknock-using-hopper-disassembler/
Description: Static analysis of CySCA 2014 portknock using Hopper Disassembler.

URL: http://www.mafiasecurity..com/install-guides/step-by-step-penetration-test/
Description: Step By Step Penetration Test.

URL: https://bitquark.co.uk/blog/2013/07/23/the_unexpected_dangers_of_preg_replace
Description: The unexpected dangers of preg_replace().

URL: http://www.hackwhackandsmack.com/?p=315
Description: JavaRMI Remote Class Loading Exploitation with AV Bypass.

URL: http://developers.mobage.jp/blog/2014/7/3/jsonsql-injection
Description: Measures against SQL Injection by unauthorized JSON data (Json.pm + SQL Query Builder). (JP)

URL: http://moyix.blogspot.co.uk/2014/07/breaking-spotify-drm-with-panda.html
Description: Breaking Spotify DRM with PANDA.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/kahun/awesome-sysadmin
Description: A curated list of amazingly awesome open source sysadmin resources inspired by Awesome PHP.

URL: http://cfenollosa.com/misc/tricks.txt
Description: Unix Tricks.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 28 | Month: July | Year: 2014 | Release Date: 11/07/2014 | Edition: 24º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://w00tsec.blogspot.pt/2014/07/foxit-pdf-reader-stored-xss.html
Description: Foxit PDF Reader Stored XSS.

URL: https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html
Description: phpinfo() Type Confusion Infoleak Vulnerability and SSL Private Keys.

URL: http://words.zemn.me/csp
Description: When Security Generates Insecurity.

URL: http://stephensclafani.com/2014/07/08/hacking-facebooks-legacy-api-part-1-making-calls-on-behalf-of-any-user/
Description: Hacking Facebook’s Legacy API - Making Calls on Behalf of Any User.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://www.shelliscoming.com/2014/07/ip-knock-shellcode-spoofed-ip-as.html
Description: IP-Knock Shellcode - Spoofed IP as authentication method.

URL: http://www.hackwhackandsmack.com/?p=345
Description: Metasploit Payload Generator Script.

URL: https://github.com/tyranid/IE11SandboxEscapes
Description: IE11 Sandbox Escapes PoC Dumps.

URL: http://blog.cyberis.co.uk/2013/08/egresser-enumerate-outbound-firewall.html
Description: Egresser - Tool to Enumerate Outbound Firewall Rules.

URL: https://twindb.com/recover-innodb-table-after-drop-table-innodb/
Description: Recover after DROP TABLE. (DFIR)


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
Description: Abusing JSONP with Rosetta Flash.

URL: http://vamsoft.com/downloads/articles/vamsoft-headless-browsers-in-forum-spam.pdf
Description: Case study - Headless Browsers in Web Forum Spam.

URL: http://bogus.jp/wp/?p=1687
Description: RegEx Power, using domain names for fun and profit! 

URL: https://community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbox-filename-command-execution-via-gksu
Description: GKsu and VirtualBox Root Command Execution by Filename (CVE-2014-2943).

URL: http://www.acunetix.com/blog/web-security-zone/block-automated-scanners/
Description: How to Block Automated Scanners from Scanning your Site.

URL: https://community.qualys.com/blogs/securitylabs/2014/02/27/mediawiki-djvu-and-pdf-file-upload-remote-code-execution-vulnerability-cve-2014-1610
Description: MediaWiki DjVu and PDF File Upload Remote Code Execution Vulnerability (CVE-2014-1610).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://gist.github.com/danielrehn/d2e6f2129e5f853c3166
Description: See You Space Cowboy.

URL: https://medium.com/@manicho/7af5d5f28038
Description: How a password changed my life.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 29 | Month: July | Year: 2014 | Release Date: 18/07/2014 | Edition: 25º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://vinicius777.github.io/blog/2014/07/14/truecrypt-privilege-escalation/
Description: TrueCrypt - Privilege Escalation.

URL: http://www.tripwire.com/state-of-security/featured/analysis-for-phpmyadmin-xss-cve-2014-1879/
Description: Analysis for phpMyAdmin XSS CVE-2014-1879.

URL: http://blog.sucuri.net/2014/07/disclosure-insecure-nonce-generation-in-wptouch.html
PoC: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wp_wptouch_file_upload.rb
Description: Wordpress WPTouch Authenticated File Upload.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://home.regit.org/2014/06/pshitt-collect-passwords-used-in-ssh-bruteforce/
Description: pshitt - Collect Passwords used in SSH bruteforce.

URL: http://www.commonexploits.com/penetration-testing-scripts/
Description: Pen Testing Scripts.

URL: http://www.viper.li/
Description: Viper is a binary management and analysis framework dedicated to malware and exploit researchers. 

UR: https://github.com/byt3bl33d3r/MITMf
Description: Framework for Man-In-The-Middle attacks.

URL: http://blogs.telerik.com/fiddler/posts/14-07-10/capturing-traffic-via-virtual-router
Description: Capturing Traffic via Virtual Router (Handy for Windows!).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://archive.org/details/OISFOhioInformationSecurityForum2014
Description: OISF (Ohio Information Security Forum) 2014 Video Dump.

URL: http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Hacking-POS-Terminal-for-Fun-and-Non-profit/ba-p/6540620
Description: Hacking POS Terminal for Fun and Non-profit.

URL: http://www.vulcanproxy.com/
Description: Tools for building dynamic and easilly expandable HTTP reverse proxies.

URL: https://github.com/kbandla/APTnotes
Description: Various public documents, whitepapers and articles about APT campaigns.

URL: http://drimel.org/2014/07/14/shellcode-analysis-like-a-semi-pro/
Description: Shellcode analysis like a semi-PRO.

URL: http://deadliestwebattacks.com/2013/10/21/a-default-base-of-xss/
Description: A Default Base of XSS.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=30475
Description: Bug 30475 - assert(int+100 > int) optimized away (Fun!)

URL: http://vimeo.com/4530161
Description: GOBBLES Security "Wolves Among Us", Speech at Defcon X (2002).

URL: http://tholman.com/giflinks/
Description: The design paradigm that's sweeping the world.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 30 | Month: July | Year: 2014 | Release Date: 25/07/2014 | Edition: 26º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://sethsec.blogspot.gr/2014/07/crossdomain-bing.html
Description: Real world exploitaiton of a misconfigured crossdomain.xml at Bing.com.

URL: http://www.skycure.com/blog/malicious-profiles-the-sleeping-giant-of-ios-security/
Description: Malicious Profiles – The Sleeping Giant of iOS Security.

URL: https://bitbucket.org/orbit-burg/nfc-emv/wiki/Home
Description: Reverse engineering of contactless NFC-EMV payments.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/c0r3dump3d/osueta
Description: OpenSSH User Enumeration Timing Attack.

URL: https://github.com/arisada/stunnel_xp
Description: Stunnel 4.56 (CVE2014-0017) proof of concept.

URL: http://lab.onsec.ru/2014/07/pamsteal-plugin-released.html
Description: PAM_steal plugin released.

URL: http://shell-storm.org/shellcode/
Description: Shellcodes database.

URL: http://penturalabs.wordpress.com/2014/07/18/execute-shellcode-bypassing-anti-virus/
Description: Execute Shellcode, Bypassing Anti-Virus.

URL: http://igurublog.wordpress.com/downloads/script-sandfox/
Helpers: https://github.com/nullxerror/i3Arch/tree/master/etc/systemd/system
Description: Apps in a sandbox, limiting their access to the filesystem.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://archive.today/23mBC
Description: How I gained access to Amazon EC2 servers from Github Search.

URL: https://lilithlela.cyberguerrilla.org/?p=6620
Description: Steganography - The Art of Hiding Information (Introduction).

URL: http://www.irongeek.com/i.php?page=videos/bsidescleveland2014/mainlist
Description: BSides Cleveland 2014 (Video Dump).

URL: http://hashcrack.org/page?n=21072014
Description: CVE-2014-4699 - Linux Kernel ptrace/sysret vulnerability analysis.

URL: https://www.netspi.com/blog/entryid/235/stealing-unencrypted-ssh-agent-keys-from-memory
Description: "Stealing" unencrypted SSH-agent keys from memory.

URL: https://www.pentestgeek.com/2014/07/22/phishing-frenzy-hta-powershell-attacks-with-beef/
Description: Phishing Frenzy - HTA PowerShell Attacks with BeEF.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/icebreaker/floppybird
Description: Floppy Bird (OS).

URL: https://github.com/bishopfox/rickmote
Description: The Rickmote Controller - Hijack TVs using Google Chromecast.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 31 | Month: August | Year: 2014 | Release Date: 04/08/2014 | Edition: 27º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://soroush.secproject.com/blog/2014/07/upload-a-web-config-file-for-fun-profit/
Description: Upload a web.config File for Fun & Profit.

URL: http://ibrahimbalic.com/2014/sqlmap-ile-csrf-bypass/
Description: Sqlmap CSRF Bypass.

URL: http://tomforb.es/exploiting-xpath-injection-vulnerabilities-with-xcat-1
Description: Exploiting XPath injection vulnerabilities with XCat.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://www.relentless-coding.org/projects/jsdetox/
Description: A Javascript malware analysis tool.

URL: https://github.com/arisada/midgetpack
Description: Midgetpack is a multiplatform secure ELF packer (Pentester Tools).

URL: http://hive.ccs.neu.edu/
Description: HiVE — Hidden Volume Encryption.

URL: https://lzo.securitymouse.com/lzo
Description: LZO Video Payload Generator.

URL: https://github.com/infodox/python-pty-shells/blob/master/sctp_pty_shell_handler.py
Description: Create sctp_pty_shell_handler.py.

URL: https://github.com/cure53/Flashbang
Description: Find the flashVars of a naked SWF and display them.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://blog.oddbit.com/2014/07/21/tracking-down-a-kernel-bug-wit/
Description: Tracking down a kernel bug with git bisect.

URL: http://googleprojectzero.blogspot.pt/2014/07/pwn4fun-spring-2014-safari-part-i_24.html
Description: Pwn4fun Spring 2014 - Safari Part I. (Project Zero's first technical blog post!)

URL: http://atredispartners.blogspot.pt/2014/07/atredis-blackhat-2014-contest-after_24.html
Description: Atredis BlackHat 2014 Contest After Action Report. (Spoiler Alert!)

URL: http://diablohorn.wordpress.com/2014/07/26/writing-your-own-blind-sqli-script/
Description: Writing your own blind SQLi script.

URL: http://blogs.mcafee.com/mcafee-labs/dropping-files-temp-folder-raises-security-concerns
Description: Dropping Files Into Temp Folder Raises Security Concerns.

URL: http://slides.com/mscasharjaved/on-breaking-php-based-cross-site-scripting-protections-in-the-wild#/
Description: On Breaking PHP-Based Cross-Site Scripting Protections In The Wild. (XSS 2014 Overview)


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://www.ghacks.net/2014/07/28/repair-extract-broken-rar-archives/
Description: How to repair and extract broken RAR archives. (Can be handy!)

URL: http://gsmmap.org/
Description: The GSM Security Map compares the protection capabilities of mobile networks.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 32 | Month: August | Year: 2014 | Release Date: 12/08/2014 | Edition: 28º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://m4x0n3.blogspot.pt/2014/07/password-reset-code-bruteforce-account.html
Description: Password reset code bruteforce account takeover on membership.motorola.com site.

URL: https://plus.google.com/+AlexisImperialLegrandGoogle/posts/f9gm2G2BH5g
Description: Escaping is tricky, learning with Gmail Mobile!

URL: http://javascript.info/tutorial/clickjacking
Description: The Clickjacking attack, X-Frame-Options. (Overview)


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/wireghoul/htshells
Description: HTSHELLS - Self contained web shells and other attacks via .htaccess files.

URL: http://habrahabr.ru/post/231369/
Description: Overview of Intercepter-NG.

URL: https://github.com/alienwithin/0x88
Description: 0x88 exploit pack Decoded.

URL: http://www.matriux.com/index.php?page=home
Description: Fully featured security linux distribution.

URL: https://github.com/MatusKysel/EMVemulator
Description: Collects Mag-Stripe data and CVC3 codes from PayPass cards and emulates that informations.

URL: http://lcamtuf.coredump.cx/p0f3/
Description: P0f is a tool for passive traffic fingerprinting.

URL: http://lcamtuf.blogspot.gr/2014/08/a-bit-more-about-american-fuzzy-lop.html
Description: American fuzzy lop (Not Just a Fuzzer!).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://www.garage4hackers.com/entry.php?b=3072
Description: Analysis of a Android RAT. (Not real Malware but...)

URL: http://blog.ptsecurity.com/2014/08/cell-phone-tapping-how-it-is-done-and.html
Description: Cell Phone Tapping: How It Is Done and Will Anybody Protect Subscribers.

URL: http://blog.internot.info/2014/06/paypals-2-factor-authentication2fa-good.html
Description: The Good, The Bad, And The Ugly. (Incl. full 2FA bypass without security questions)

URL: http://blog.dornea.nu/2014/08/05/android-dynamic-code-analysis-mastering-droidbox/
Description: Android Dynamic Code Analysis - Mastering DroidBox.

URL: http://www.dirk-loss.de/python-tools.htm
Description: Python tools for penetration testers.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://usbdescriptors.com/
Description: Collection of all the USB descriptors, from all USB devices out there. 

URL: https://github.com/psobot/ipsumcrypt
Description: A small C program to embed binary data into the whitespace between words.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 33 | Month: August | Year: 2014 | Release Date: 15/08/2014 | Edition: 29º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://www.primalsecurity.net/python-tutorials/
Description: Python tutorial series for InfoSec professionals.

URL: https://github.com/lynuxsource/DendroidSource/tree/master/master
Description: Dendroid Source with a working panel and APK. (Android Rat 😈)


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/F-Secure/Sulo
Description: Dynamic instrumentation tool for Adobe Flash Player built on Intel Pin.

URL: https://github.com/pwnieexpress/raspberry_pwn
Description: A Raspberry Pi pentesting suite by Pwnie Express.

URL: https://bitbucket.org/mattinfosec/wordhound/
Description: tool that allows for the automated and targeted construction of wordlists and dictionaries for use in conjunction with password attacks.

URL: https://github.com/JohnTroony/php-webshells
Description: Common php webshells. Do not host the file(s) in your server!

URL: https://github.com/patrickdw123/ParanoiDF
Description: PDF Analysis & Password Cracking Tool.

URL: https://fuzion24.github.io/android/gradle/xposed/jar/java/build/sdk/2014/08/15/android-gradle-xposed/
Description: Building Xposed Modules using Gradle.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://dustri.org/b/torbrowserbundleorg.html
Description: How to Check for Malware. (Nice Write-up)

URL: http://www.room362.com/blog/2014/08/14/milkman-creating-processes-as-any-currently-logged-in-user/
Description: Creating Processes as Any Currently Logged in User. (Bingo!)

URL: https://www.miknet.net/security/optimizing-birthday-attack/
Description: Optimizing a Birthday Attack. (Generic attack on hash functions)

URL: http://www.ioactive.com/pdfs/Remote_Automotive_Attack_Surfaces.pdf
Description: A Survey of Remote Automotive Attack Surfaces. (Hot!)

URL: http://docs.cs.up.ac.za/programming/asm/derick_tut/syscalls.html
Description: Linux System Call Table.

URL: https://isc.sans.edu/forums/diary/Web+Server+Attack+Investigation+-+Installing+a+Bot+and+Reverse+Shell+via+a+PHP+Vulnerability/18543
Description: Web Server Attack Investigation - Installing a Bot and Reverse Shell via a PHP Vulnerability.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://jvns.ca/blog/2014/08/12/what-happens-if-you-write-a-tcp-stack-in-python/
Descriptions: What happens if you write a TCP stack in Python?

URL: https://doegox.github.io/ElectronicColoringBook/
Description: ./ElectronicColoringBook 😅.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 34 | Month: August | Year: 2014 | Release Date: 22/08/2014 | Edition: 30º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://blog.opensecurityresearch.com/2014/08/learning-exploitation-with-fsexploitme.html
Description: Learning Exploitation with FSExploitMe.

URL: http://ccsir.org/how-to-ddos-through-facebook-datacenter-with-almost-1gbs-theyve-started-to-care/
Description: How to DDoS through Facebook Datacenter with almost 1Gbps. They’ve started to care! 


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/jlund/streisand
Description: Auto-configure an IPSEC/OpenSSH/OpenVPN/Shadowsocks/Stunnel/Tor Server.

URL: https://github.com/secretsquirrel/BDFProxy
Description: Patch Binaries via MITM - BackdoorFactory + mitmProxy.

URL: https://github.com/secmobi/BackupDroid
Description: Slides and PoC code of the "Insecure Internal Storage in Android" at HITCON 2014.

URL: https://github.com/yehia-mamdouh/XSSYA
Description: XSSYA (Cross Site Scripting Scanner & Vulnerability Confirmation).

URL: https://pypi.python.org/pypi/ooniprobe
Description: Open Observatory of Network Interference.

URL: https://github.com/sektioneins/pcc
Description: PHP Secure Configuration Checker.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://recon.cx/2014/video/
Description: REcon Video Dump!

URL: https://www.youtube.com/watch?v=___jEOjGCOY
Description: Reverse Engineering an Xbox360 Game (Dead Space).

URL: https://jordan-wright.github.io/blog/2013/11/07/how-to-pentest-iphone-apps-with-burp/
Description: How to Pentest iPhone Apps With Burp.

URL: https://www.netsparker.com/blog/web-security/ruby-on-rails-security-basics/
Description: Ruby on Rails Security Basics.

URL: http://zenhax.com/viewtopic.php?f=16&t=87
Description: Get the IP addresses of Steam users playing DOTA2 and others.

URL: http://w00tsec.blogspot.pt/2014/08/scan-internet-screenshot-all-things.html
Description: Scan the Internet & Screenshot All the Things.

URL: http://www.bsdnow.tv/tutorials/openvpn
Description: Protecting traffic with a BSD-based VPN. (How To)


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://www.nsaplayset.org/
Description: NSA Playset.

URL: http://h4des.org/blog/index.php?/archives/345-Introducing-alertR-Open-Source-alerting-system.html
Description: Open-Source alerting system.

URL: https://www.google.com/?hl=xx-hacker&gws_rd=ssl
Description: Google l33t.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 37 | Month: September | Year: 2014 | Release Date: 15/09/2014 | Edition: 31º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://deadliestwebattacks.com/2013/12/03/selector-the-almighty-subjugator-of-elements/
Description: All about jQuery Selectors!

URL: http://marc.durdin.net/2014/09/risks-with-third-party-scripts-on-internet-banking-sites/
Description: Risks with third party scripts on Internet Banking sites.

URL: http://securitysucks.info/exploit-phps-mail-to-get-remote-code-execution/
Description: Exploit PHP's mail() to get remote code execution.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://www.cert.org/blogs/certcc/post.cfm?EntryID=203
Description: CERT Tapioca (VM) for MITM Analysis.

URL: https://github.com/deed02392/vigenere
Description: Tabula recta generator and Vigenère decrypter.

URL: http://xmodulo.com/2014/08/sniff-http-traffic-command-line-linux.html
Description: Sniff HTTP traffic from the command line on Linux. (Tool)

URL: https://github.com/nccgroup/WebFEET
Description: Web Filter External Enumeration Tool. (WebFEET)

URL: https://gist.github.com/jedisct1/e63d46822b9d95fe6702
Description: DNS DDOS.

URL: http://www.exploresecurity.com/wp-content/uploads/custom/SSL_manual_cheatsheet.html
Description: SSL Checklist for Pentesters - the Manual Cheatsheet.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://blog.tadaweb.com/2014/08/how-to-find-not-so-secret-documents-with-search-engines/
Description: How to find (not so) secret documents with Search Engines.

URL: http://blog.dornea.nu/2014/08/21/howto-debug-android-apks-with-eclipse-and-ddms/
Description: Debug Android APKs with Eclipse and DDMS.

URL: http://h30499.www3.hp.com/t5/Fortify-Application-Security/The-BREACH-attack-explained/ba-p/6605030
Description: The BREACH attack explained.

URL: https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1
Description: Why Google is Hurrying the Web to Kill SHA-1.

URL: http://www.skfu.xxx/2014/09/ps4-state-of-things-part-i-titleids.html
Description: PS4 Security Overview. 


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://medium.com/@tareksiddiki/story-of-a-beg-bounty-hunter-e9a1f58ddf9e
Description: Story of a #begBounty Hunter.

URL: http://fuzzinginfo.files.wordpress.com/2012/05/ben_nagy_how_to_fail_at_fuzzing.pdf
Description: How to FAIL at Fuzzing, Prospector. 😅

URL: https://code.google.com/p/corkami/source/detail?r=1906
Description: A JPEG that becomes a PNG after AES encryption and a PDF after 3DES decryption 😲.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 38 | Month: September | Year: 2014 | Release Date: 19/09/2014 | Edition: 32º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://b.fl7.de/2014/09/amazon-stored-xss-book-metadata.html
Description: Amazon.com Stored XSS via Book Metadata.

URL: http://blog.nativeflow.com/the-futex-vulnerability
Part II: http://blog.nativeflow.com/escalating-futex
Description: The Futex Vulnerability (Android Security).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/hackappcom/iloot
Description: OpenSource tool for iCloud backup extraction (https://hackapp.com/).

URL: https://github.com/jipegit/OSXAuditor
Description: OS X Auditor is a free Mac OS X computer forensics tool.

URL: http://cultofthedyingsun.wordpress.com/2014/09/12/death-by-magick-number-fingerprinting-kippo-2014/
Description: Death By Magick Number – Fingerprinting Kippo 2014.

URL: http://www.pugo.org/project/pshttpd/
Description: PS-HTTPD The PostScript web server.

URL: http://vicenteaguileradiaz.com/tools/
Description: tinfoleak – Get detailed information about a Twitter user activity.

URL: http://www.nosqlmap.net/
Description: NoSQLMap-Automated NoSQL Database Pwnage.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://media.ccc.de/browse/conferences/mrmcd/mrmcd14/
Description: MetaRheinMainConstructionDays 2014 (Video Dump!).

URL: http://www.contextis.co.uk/resources/blog/hacking-canon-pixma-printers-doomed-encryption/
Description: Hacking Canon Pixma Printers - Doomed Encryption.

URL: https://www.youtube.com/playlist?list=PLmfJypsykTLVGqTWJMu4ybJPiew7PUkH2
Description: SteelCon 2014 (Video Dump!).

URL: http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html
Description: Leveraging LFI To Get Full Compromise On WordPress Sites.

URL: http://blog.opensecurityresearch.com/2014/09/hostapd-wpe-now-with-more-pwnage.html
Description: hostapd-wpe Now with More Pwnage!

URL: http://insert-script.blogspot.co.at/2014/09/sitekiosk-breakout.html
Description: SiteKiosk - Breakout.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://dfir.org/?q=node/8/
Description: Recommended Reading. (Dump!)

URL: http://www.whited00r.com/
Description: Old Apple Devices get new life.

URL: http://pwnable.kr/
Description: Shell we play a game?


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 39 | Month: September | Year: 2014 | Release Date: 26/09/2014 | Edition: 33º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://pathonproject.com/zb/?5b343c33591c9cc9#Pc9t/zKg8zWJUNkqqvYhuuL7Lofz8PGTX7R3qat0i/8=
Description: All About Bash Bug - CVE-2014-6271. (ShellShock!)

URL: http://blog.binamuse.com/2014/09/coregraphics-memory-corruption.html
PoC: https://github.com/feliam/CVE-2014-4377
Description: Apple CoreGraphics Memory Corruption.

URL: http://avlidienbrunn.se/angular.txt
Description: Quick AngularJS sandbox bypass.

URL: https://erenyagdiran.github.io/I-was-just-asked-to-crack-a-program-Part-1/
Description: I was just asked to crack a program in a job interview!


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://code.google.com/p/miasm/
Plugin: https://github.com/cea-sec/Sibyl
Description: Reverse engineering framework in python.

URL: http://breenmachine.blogspot.ca/2014/09/transfer-file-over-dns-in-windows-with.html
Description: Transfer File Over DNS in Windows (with 13 lines of PowerShell).

URL: http://forensic.n0fate.com/?page_id=1180
Description: Keychain Analysis with Mac OS X Memory Forensics.

URL: https://github.com/chinoogawa/fbht
Description: Facebook Hacking Tool.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://thehackernews.com/2014/09/hacking-ebay-accounts.html
Original: http://yasserali.com/?p=28
Description: Hacking any eBay Account in Just 1 Minute.

URL: http://www.cloudscan.me/2014/09/cve-2014-4406-apple-sa-2014-09-17-5-os.html
Description: XSS vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1.

URL: http://www.martinvigo.com/a-look-into-lastpass/
Description: A look into LastPass.

URL: https://blog.cloudflare.com/keyless-ssl-the-nitty-gritty-technical-details/
Description: Understand SSL Technical Specs.

URL: http://countuponsecurity.com/2014/09/22/malicious-documents-pdf-analysis-in-5-steps/
Description: Malicious PDF Documents, Analysis in 5 steps.

URL: http://www.theamazingking.com/crypto.php
Description: Tutorials, videos, and source code explaining various forms of cryptanalysis.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://javahacker.com/a-javascript-challenge-for-nordic-js/
Description: A JavaScript challenge for Nordic.js.

URL: https://gist.github.com/ethicalhack3r/cb06f575c6ba28644e9a
Description: who.is XSS.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 40 | Month: October | Year: 2014 | Release Date: 03/10/2014 | Edition: 34º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://github.com/adamcaudill/Psychson
BG Information: http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/
Description: Custom USB Firmwares and Existing USB Firmwares Patches.

URL: http://www.rafayhackingarticles.net/2014/10/a-tale-of-another-sop-bypass-in-android.html
Description: A Tale Of Another SOP Bypass In Android Browser < 4.4 (New Vectors!).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://hexed.it/
Description: Client-Side JavaScript based hex editor.

URL: http://lansec.net/project/scoutbot/
Description: ScoutBot is a completely unattended network scanner. (Raspberry Pi Distro)

URL: https://github.com/lnxg33k/misc/blob/master/shellshock.py
Description: PoC for CVE-2014-6271 shellshock with Proxy/Tor Support.

URL: https://github.com/feross/SpoofMAC
Description: Easily spoof your MAC address (OS X, Windows, Linux).

URL: http://marketplace.eclipse.org/content/contrast-eclipse
Description: Free Security Scanner for Eclipse Plugin Java IDE.

URL: https://github.com/DanMcInerney/xsscrapy
Description: XSScrapy - fast, thorough XSS vulnerability spider.

URL: http://pastebin.com/VyMs3rRd
Description: OpenVPN ShellShock PoC.

URL: http://d.uijn.nl/?p=32
Description: PineShock - Abusing Shellshock via a Pineapple.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://marc.info/?l=qmail&m=141183309314366&w=2
Description: qmail is a vector for CVE-2014-6271 (bash "shellshock").

URL: https://diablohorn.wordpress.com/2011/10/19/8009-the-forgotten-tomcat-port/
Description: 8009 the forgotten Tomcat port.

URL: http://opensecuritytraining.info/HTID.html
Description: Free Computer and Network Security Training.

URL: https://dnsleaktest.com/
Description: What is a DNS leak and why should I care?

URL: http://blog.cobaltstrike.com/2014/10/01/user-driven-attacks/
Description: User-driven Attacks.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://shirt.codes/
Description: You sometimes love some piece code so much that you want to print it on a t-shirt. As art.

URL: http://www.cs.bham.ac.uk/~exr/lectures/opsys/10_11/lectures/os-dev.pdf
Description: Writing a Simple Operating System — from Scratch.

URL: http://www.righto.com/2014/09/mining-bitcoin-with-pencil-and-paper.html
Description: Mining Bitcoin with pencil and paper - 0.67 hashes per day.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 41 | Month: October | Year: 2014 | Release Date: 10/10/2014 | Edition: 35º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://www.futuresouth.us/yahoo_hacked.html
Description: Yahoo! Has been HACKED!

URL: http://blog.valverde.me/2014/01/03/reverse-engineering-my-bank's-security-token
Description: Reverse engineering my bank's security token. (Old but Gold!)


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/znb/Scripts/blob/master/Security/Wordpress/wpplugin-check.py
Description: Simple script to query the WPScan VulnDB for WP Plugins.

URL: http://handleopenurl.com/scheme
Description: URL Schmes Database.

URL: https://github.com/cure53/jPurify
Description: jPurify is a plugin that automatically adds XSS-safety to jQuery.

URL: https://github.com/yymax/x509test
Description: A Python3 software that validates a client's side SSL/TLS application's X509 verification process.

URL: http://www.powershellmagazine.com/2014/10/03/building-netcat-with-powershell/
Description: Building Netcat with PowerShell.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://www.irongeek.com/i.php?page=videos/derbycon4/mainlist
Description: Derbycon 2014 Videos Dump.

URL: http://blog.logrhythm.com/security/do-you-trust-your-computer/
Description: Do You Trust Your Computer? (Social Engineering).

URL: http://www.cyrozap.com/2014/09/29/reversing-the-symantec-vip-access-provisioning-protocol/
Description: Reversing the Symantec VIP Access Provisioning Protocol.

URL: http://vagmour.eu/persistence-1/
Description: Persistence - 1 (Stack Canary(SSP) + NX bypass) - Spoiler Alert!

URL: http://thejh.net/misc/website-terminal-copy-paste
Description: Copy Past Trick (Oldies... 😒).

URL: http://nahamsec.com/2014/10/a-tale-of-2-yahoo-bug-bounty-reports/
Description: A Tale of 2 SQL Injections in Yahoo Contributors.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://tosdr.org/
Description: Terms of Service Didn’t Read.

URL: http://q.viva64.com/
Description: C++ Quiz: are you a code guru?


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 42 | Month: October | Year: 2014 | Release Date: 17/10/2014 | Edition: 36º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://plus.google.com/+AlexisImperialLegrandGoogle/posts/gJDrVSuteUT
Description: DOM XSS in Google Zeitgeist.

URL: http://ceukelai.re/?p=11
Description: Gmail's SMTPUTF8 prone to homographic attacks (thanks, 4chan!).

URL: http://googleonlinesecurity.blogspot.pt/2014/10/this-poodle-bites-exploiting-ssl-30.html
More: https://security.stackexchange.com/questions/70719/ssl3-poodle-vulnerability
Description: This POODLE bites - exploiting the SSL 3.0 fallback.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/programa-stic/snapchat-decrypt
Description: Decrypting Android Snapchat images.

URL: https://github.com/irsdl/IIS-ShortName-Scanner
Description: Scanner for IIS short file name (8.3) disclosure vulnerability by using the tilde (~) character.

URL: http://www.bsk-consulting.de/2014/10/04/smart-dll-execution-malware-analysis-sandbox-systems/
Description: Smart DLL execution for Malware Analysis in Sandbox Systems.

URL: http://seclists.org/fulldisclosure/2014/Oct/53
Description: DNS Reverse Lookup as a vector for the Bash vulnerability.

URL: https://www.drupal.org/SA-CORE-2014-005
PoC: http://pastebin.com/nDwLFV3v
Description: Drupal 7.x SQL Injection SA-CORE-2014-005.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://securityaffairs.co/wordpress/29104/hacking/authentication-vulnerability-paypal-mobile.html
Description: Authentication vulnerability in PayPal mobile API allows access to restricted Accounts.

URL: http://blog.toft.io/exploiting-unsecure-web-servers-with-svn-directories/
Description: Exploiting unsecure web servers with .svn directories.

URL: http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Hacking-my-smart-TV-an-old-new-thing/ba-p/6645844
Description:  Hacking my smart TV - an old new thing.

URL: http://www.appliednsm.com/introducing-flowbat/
Description: Introducing FlowBAT, the Flow Analysis GUI.

URL: http://conference.hitb.org/hitbsecconf2014kul/materials/
Description: HITBSecConf2014 - Malaysia Materials (Dump).

URL: https://sysforensics.org/2014/10/forensics-in-the-amazon-cloud-ec2.html
Description: Forensics in the Amazon Cloud – EC2.

URL: http://applidium.com/en/news/hacking_the_navigo/
Description: Hacking the Navigo.

URL: https://www.securusglobal.com/community/2014/10/13/bypassing-wafs-with-svg/
Description: Bypassing WAFs with SVG.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://gist.github.com/anonymous/64ba9e34a018ebd86f70
Description: Messing with Python.

URL: http://openideals.com/2014/10/13/linux-commands-for-bluetooth-namespace-messaging/
Description: Bluetooth name meshyness on a Linux machine.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 43 | Month: October | Year: 2014 | Release Date: 24/10/2014 | Edition: 37º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://www.websecuritylog.com/2014/10/facebook--bug-bounty.html
Description: Facebook Web Security Bug Bounty - Directory Traversal Vulnerability-RCE In Parse.com.

URL: http://brutelogic.wordpress.com/2014/10/14/an-ssh-short-story-hack/
Description: An SSH Short Story Hack (Don’t LEARN to hack, HACK to learn!).

URL: http://blog.detectify.com/post/100600514143/hostile-subdomain-takeover-using-heroku-github-desk
Description: Hostile Subdomain Takeover using Heroku/Github/Desk + more.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://corkami.googlecode.com/svn/trunk/src/angecryption/
PoC: https://github.com/cryptax/angeapk (Hide APK in Images BHEU14)
Description: AES Tricks and Tips.

URL: https://dutzi.github.io/tamper/
Description: Tamper locally edit files served from the web directly from devtools.

URL: http://cyberarms.wordpress.com/2014/10/16/mana-tutorial-the-intelligent-rogue-wi-fi-router/
Description: Mana Tutorial - The Intelligent Rogue Wi-Fi Router.

URL: http://digital-forensics.sans.org/community/downloads
Description: SANS Investigative Forensic Toolkit (SIFT) Workstation Version 3.0.

URL: http://www.roe.ch/SSLsplit
Description: Transparent and scalable SSL/TLS interception.

URL: https://github.com/Konloch/bytecode-viewer
Description: Bytecode Viewer is a Java Bytecode Viewer and More.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://www.agarri.fr/blog/
Description: Bypassing blacklists based on IPy (Fuzz all the things).

URL: https://ruxcon.org.au/slides/
Description: Ruxcon 2014 Materials (Dump).

URL: https://ruxconbreakpoint.com/slides/
Description: Breakpoint 2014 Materials (Dump).

URL: http://securityaffairs.co/wordpress/29302/hacking/serious-flaw-addthis.html
Description: How to gain control of any Addthis user account.

URL: https://blog.prakharprasad.com/2014/10/hackerone-vulnerability-common-response.html
Description: HackerOne Vulnerability - Common Response Title Leak through Triggers.

URL: http://www.securitysift.com/passive-reconnaissance/
Description: Passive Reconnaissance.

URL: https://github.com/fix-macosx/yosemite-phone-home
Description: Corpus of data automatically shared with Apple by a standard installation of OS X Yosemite.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://cylonjs.com/
Description: Next generation robotics framework with support for 27 different platforms.

URL: https://amp.twimg.com/v/7cb46f6d-9589-43c1-9ac9-3ac1ab697413
Description: $AMMi is world’s best hacker ever. You never catch me. I have mysterious ways. 😆


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 44 | Month: October | Year: 2014 | Release Date: 03/11/2014 | Edition: 38º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://dhowe.github.io/AdNauseam/
Description: Clicking ads so you don't have to.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/hubert3/iSniff-GPS
Description: Passive sniffing tool for capturing and visualising WiFi location data disclosed by iOS devices.

URL: http://blog.dornea.nu/2014/09/17/generate-all-ip-addresses-from-asn/
Description: Generate all IP addresses from ASN (Clean and Easy :D).

URL: https://github.com/joxeankoret/nightmare
Description: A distributed fuzzing testing suite with web administration.

URL: http://www.sectechno.com/2014/10/26/balbuzard-malware-analysis-tool/
Description: Balbuzard – Malware Analysis Tool (Python)

URL: https://github.com/m4rco-/dorothy2
Description: A malware/botnet analysis framework written in Ruby.

URL: https://github.com/sektioneins/pcc/wiki/PHP-htaccess-injection-cheat-sheet
Helper: https://www.stopthehacker.com/2012/02/14/experts-explain-htaccess-attacks/
Description: PHP htaccess injection cheat sheet.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://www.apple.com/privacy/docs/iOS_Security_Guide_Oct_2014.pdf
Description: iOS Security Guide (Oct 2014).

URL: http://blog.dornea.nu/2014/07/07/disect-android-apks-like-a-pro-static-code-analysis/
Description: Disect Android APKs like a Pro - Static code analysis.

URL: http://blog.infobytesec.com/2014/10/abusing-dialog-for-fun-and-profit.html
Description: Abusing « DIALOG » For Fun and Profit.

URL: http://www.net-security.org/insecure-archive.php
Description: Insecure Magazine Dump (until issue 43).

URL: http://n0where.net/how-to-iptables-firewall/
Description: IPTables Firewall 101.

URL: http://rationallyparanoid.com/articles/diskless-ssh-honeypot-alpine-linux.html
Description: Diskless true SSH honeypot using Alpine Linux.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://ezprompt.net/
Description: Easy Bash PS1 Generator. (Handy Stuff)

URL: http://packetlife.net/library/cheat-sheets/
Description: Networks Protocols, Syntax, Technologies and more Cheat Sheets.

URL: https://security.stackexchange.com/questions/56181/hack-into-a-computer-through-mac-and-ip-address
Description: Hack into a computer through MAC and IP address.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 45 | Month: November | Year: 2014 | Release Date: 07/11/2014 | Edition: 39º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://blog.it-securityguard.com/bugbounty-the-5000-google-xss/
Description: The 5000$ Google XSS.

URL: http://iamajin.blogspot.in/2014/11/when-gifs-serve-javascript.html
Description: When GIF serve JavaScript!

URL: http://features.jsomers.net/how-i-reverse-engineered-google-docs/
Description: How I reverse-engineered Google Docs to play back any document's keystrokes.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://code.facebook.com/posts/844436395567983/introducing-osquery/
Description: Osquery exposes an operating system as a high-performance relational database.

URL: http://edge-security.blogspot.com.es/2014/10/wfuzz-21-released.html
Description: Wfuzz 2.1 is a tool designed for bruteforcing Web Applications.

URL: http://cultofthedyingsun.wordpress.com/2014/11/01/antivirus-evading-executable-and-post-exploitation-with-the-veil-evasion-framework-and-metasploit/
Description: AntiVirus-evading Executable and Post-Exploitation with the Veil-Evasion Framework and Metasploit.

URL: https://github.com/AnimeshShaw/Hash-Algorithm-Identifier
Description: A python tool to identify different Hash Function Algorithms.

URL: https://www.sektioneins.de/en/blog/14-11-03-drupal-sql-injection-vulnerability-PoC.html
Description: Drupal 7.32 SQL Injection two weeks later - PoC.

URL: http://digi.ninja/projects/http_traceroute.php
Description: HTTP Traceroute.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://blog.badtrace.com/post/how-i-got-a-root-shell-in-my-nas-0day-inside/
Description: How I got a root shell in my NAS, 0day inside.

URL: https://medium.com/@oleavr/anatomy-of-a-code-tracer-b081aadb0df8
Description: Anatomy of a code tracer.

URL: https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access
Description: GNU Wget FTP Symlink Arbitrary Filesystem Access.

URL: http://cyber.bgu.ac.il/content/how-leak-sensitive-data-isolated-computer-air-gap-near-mobile-phone-airhopper
Description: How to leak sensitive data from an isolated computer (air-gap) to a near by mobile phone (AirHopper).

URL: http://randomthoughts.greyhats.it/2014/10/osx-local-privilege-escalation.html
PoC: http://packetstormsecurity.com/files/128942/pwn.c
Description: Mac OS X local privilege escalation (IOBluetoothFamily).

URL: http://acez.re/ps-vita-level-1-webkitties-3/
Description: PS Vita Level 1 - Webkitties (Hacking PS Vita).

URL: https://timtaubert.de/blog/2014/10/http-public-key-pinning-explained/
Description: HTTP Public-Key-Pinning explained.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/freddyb/nethack-3.4.3-js
Description: NetHack 3.4 is an enhancement to the dungeon exploration game NetHack.

URL: http://crimsonglow.ca/~kjiwa/x86-dos-boot-sector-in-c.html
Description: x86 DOS Boot Sector Written in C.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 46 | Month: November | Year: 2014 | Release Date: 14/11/2014 | Edition: 40º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://packetstormsecurity.com/files/129081/VL-936.txt
Description: PayPal Arbitrary Code Execution.

URL: https://labs.integrity.pt/articles/from-0-day-to-exploit-buffer-overflow-in-belkin-n750-cve-2014-1635/
Description: From 0-Day to Exploit - Buffer Overflow in Belkin N750 (CVE-2014-1635).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/google/nogotofail
Blog: http://googleonlinesecurity.blogspot.in/2014/11/introducing-nogotofaila-network-traffic.html
Description: nogotofail—a network traffic security testing tool.

URL: https://mozilla.github.io/server-side-tls/ssl-config-generator/
Description: Generate Mozilla Security Recommended Web Server Configuration Files.

URL: http://decalage.info/vba_tools
Description: Tools to extract VBA Macro source code from MS Office Documents.

URL: http://sourceforge.net/projects/justniffer/
Blog: https://isc.sans.edu/diary/justniffer+a+Packet+Analysis+Tool/18907
Description: Justniffer is a packet sniffer with some interesting features. 

URL: http://www.irongeek.com/xss-sql-injection-fuzzing-barcode-generator.php
Description: XSS, SQL Injection and Fuzzing Barcode Cheat Sheet.

URL: https://github.com/pwntester/cheatsheets/blob/master/radare2.md
Description: radare2 cheatsheet.

URL: https://github.com/covertcodes/multitun
Description: Tunnel arbitrary traffic through an innocuous WebSocket.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://ferdogan.net/PDF-Malware-Analiz-Teknikleri/
Description: PDF Malware Analysis Techniques.

URL: https://www.paloaltonetworks.com/content/dam/paloaltonetworks-com/en_US/assets/pdf/reports/Unit_42/unit42-wirelurker.pdf
Detector: https://github.com/PaloAltoNetworks-BD/WireLurkerDetector
Description: A New Era in iOS and OS X Malware.

URL: http://argus-sec.com/blog/remote-attack-aftermarket-telematics-service/
Description: A remote attack on an aftermarket telematics service.

URL: http://tyranidslair.blogspot.co.uk/2014/11/whens-documenturl-not-documenturl-cve.html
Description: When's document.URL not document.URL? (CVE-2014-6340).

URL: https://opensource.srlabs.de/projects/badusb
Description: BadUSB Exposure (Wiki).

URL: http://forensicsfromthesausagefactory.blogspot.ae/2014/11/imaging-drives-protected-with-apple.html
Description: Imaging drives protected with Apple FileVault2 encryption (Forensics).

URL: http://tonyarcieri.com/cream-the-scary-ssl-attack-youve-probably-never-heard-of
Description: CREAM - the scary SSL attack you’ve probably never heard of.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://nethack4.org/blog/building-c.html
Description: Building C Projects.

URL: http://lcamtuf.blogspot.pt/2014/11/pulling-jpegs-out-of-thin-air.html
Description: Pulling JPEGs out of thin air.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 47 | Month: November | Year: 2014 | Release Date: 21/11/2014 | Edition: 41º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://www.fredericb.info/2014/11/exploitation-of-philips-smart-tv.html
Description: Exploitation of Philips Smart TV.

URL: http://sijmen.ruwhof.net/weblog/256-cross-site-scripting-in-millions-of-web-sites
Description: Cross-site scripting in millions of web sites. (jQuery ❤)


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/MalwareTech/UACElevator
Description: Passive UAC elevation using DLL infection.

URL: http://www.fruitywifi.com/
Description: FruityWifi is an open source tool to audit wireless networks.

URL: https://github.com/jklmnn/imagejs
Description: Small tool to package javascript into a valid image file. 

URL: http://www.procdot.com/index.htm
Description: ProcDOT, a new way of visual malware analysis.

URL: https://wireedit.com
Description: A Full Stack WYSIWYG Editor for Network Packets.

URL: https://github.com/mrrrgn/simple-rootkit
Description: A simple attack against gcc and Python via kernel module (rootkit).

URL: http://forensic.n0fate.com/tools/chainbreaker/
Description: Chainbreaker can extract encrypted user credentials in OS X Keychain and decrypt it using one of the Master Key.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://www.jssec.org/dl/android_securecoding_en_20140701.pdf
Description: Android Application, Secure Design/Secure Coding Guidebook. 

URL: http://huaweihg612hacking.wordpress.com/2012/11/07/jtaging-the-broadcom-bcm6368-hg612/
Description: JTAG’ing the Broadcom BCM6368-HG612 ("Tutorial").

URL: http://bartblaze.blogspot.pt/2014/11/malware-spreading-via-steam-chat.html
Description: Malware spreading via Steam chat.

URL: https://www.trustedsec.com/november-2014/meterssh-meterpreter-ssh/
Description: MeterSSH – Meterpreter over SSH.

URL: http://www.swordsec.com/download/20FantasticKaliLinuxTools.pdf
Description: 20 Fantastic Kali Linux Tools.

URL: http://blog.h3xstream.com/2014/11/remote-code-execution-by-design.html
Description: Remote Code Execution by design.

URL: http://2014.zeronights.org/conference-materials.html
Description: Zero Nights 2014 Materials (Dump).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://xmodulo.com/access-linux-command-cheat-sheets-command-line.html
Description: How to access Linux command cheat sheets from the command line.

URL: http://www.openvim.com/tutorial.html
Description: Interactive VIM.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 48 | Month: November | Year: 2014 | Release Date: 28/11/2014 | Edition: 42º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://www.coalfire.com/The-Coalfire-Blog/November-2014/Reverse-Shells-and-Your-Car
Description: Reverse Shells and Your Car.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/moyix/panda
Presentation: http://www.cs.columbia.edu/~brendan/PANDA_THREADS.pdf
Description: Platform for Architecture-Neutral Dynamic Analysis.

URL: https://github.com/kevinburke/hamms
Description: Malformed servers to test your HTTP client.

URL: https://github.com/tylertreat/Comcast
Description: Simulating shitty network connections so you can build better systems.

URL: https://opensoc.github.io/
Description: Big Data Security Analytics Framework.

URL: https://bitbucket.org/al14s/rawr/wiki/Home
Description: RAWR - Rapid Assessment of Web Resources.

URL: http://hasherezade.net/IAT_patcher/
Description:  Persistent IAT hooking, made fast and easy.

URL: https://github.com/rebootuser/LinEnum
Description: Linux Enumeration & Privilege Escalation Tool.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://goo.gl/AkU519 (+)
Description: Wifi adventure continues, ManaPi.

URL: http://webstersprodigy.net/2014/11/19/use-after-free-exploits-for-humans-part-1-exploiting-ms13-080-on-ie8-winxpsp3/
Description: Use After Free Exploits for Humans Part 1 – Exploiting MS13-080 on IE8 winxpsp3.

URL: http://smealum.net/ninjhax/
Description: ninjhax is a piece of software that allows you to run unsigned code on your 3DS.

URL: http://klikki.fi/adv/wordpress.html
Description: WordPress 3 Persistent Script Injection.

URL: http://tyranidslair.blogspot.co.uk/2014/11/stupid-is-as-stupid-does-when-it-comes.html
Description: Stupid is as Stupid Does When It Comes to .NET Remoting.

URL: http://www.nosuchcon.org/talks/2014/
Description: NoSuchCon 2014 Slides (Dump).

URL: https://www.youtube.com/user/unixfreaxjp/videos
Description: MalwareMustDie Videos Dump.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://unibios.free.fr/cdsystem.html
Description: the Universe Bios for the Neo Geo CD systems is 3.2.

URL: http://screeps.com/
Description: The world's first MMO strategy sandbox game for programmers.

URL: http://mtayseer.net/2014/11/06/your-python-smells-like-java/
Description: Your Python smells like Java.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 49 | Month: December | Year: 2014 | Release Date: 05/12/2014 | Edition: 43º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://googleonlinesecurity.blogspot.pt/2014/12/are-you-robot-introducing-no-captcha.html
More: http://homakov.blogspot.pt/2014/12/the-no-captcha-problem.html
Bypass: https://homakov.github.io/nocaptcha.html
Description: Are you a robot? Introducing "No CAPTCHA reCAPTCHA".

URL: http://www.anandprakash.pw/search/label/bug%20bounty
Description: Hacking Facebook.com/thanks Posting on behalf of your friends! (Easy Money)

URL: http://securityaffairs.co/wordpress/30755/hacking/hacking-paypal-account-poc.html
Description: Hacking PayPal Account with a single exploit.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/DanMcInerney/wifijammer
Description: Continuously jam all wifi clients/routers.

URL: https://github.com/swdunlop/AndBug
Description: A Scriptable Android Debugger.

URL: https://github.com/Yelp/osxcollector
Description: A "How'd that malware get there?" tool for OS X.

URL: https://github.com/c0r3dump3d/wp_drupal_timing_attack
Description: Python scripts to exploit CVE-2014-9016 (Drupal) and CVE-2014-9034 (Wordpress).

URL: https://github.com/CoreSecurity/Agafi
Description: A gadget finder and a ROP-Chainer tool for x86 platforms.

URL: https://github.com/iagox86/dnscat2
Description: DNS tunnel that WON'T make you sick and kill you!


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://www.labofapenetrationtester.com/2014/11/powershell-for-client-side-attacks.html
Description: Using PowerShell for Client Side Attacks.

URL: https://pacsec.jp/psj14archive.html
Description: PacSec 2014 Speakers and Slides (Dump).

URL: http://blog.fox-it.com/2014/11/18/cryptophp-analysis-of-a-hidden-threat-inside-popular-content-management-systems/
Helper: https://github.com/fox-it/cryptophp
Description: CryptoPHP - Analysis of a hidden threat inside popular content management systems.

URL: http://www.behindthefirewalls.com/2014/12/cve-2014-9016-and-cve-2014-9034-PoC.html
Description: CVE-2014-9016 and CVE-2014-9034 Proof of Concept.

URL: https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-011/-entrypass-n5200-credentials-disclosure
Description: EntryPass N5200 Credentials Disclosure (Non Sense).

URL: http://farlight.org/
Description: Combined exploit-db.com and osvdb.org unofficial mirror.

URL: http://wafbypass.me/w/index.php/Main_Page
Description: "Everything" about WAFs.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://www.qemu-advent-calendar.org/
Description: An amazing QEMU disk image every day!

URL: http://pdos.csail.mit.edu/scigen/
Description: SCIgen - An Automatic CS Paper Generator.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 50 | Month: December | Year: 2014 | Release Date: 12/12/2014 | Edition: 44º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://blog.dewhurstsecurity.com/2014/12/09/how-i-hacked-facebook.html
Description: How I hacked Facebook.

URL: http://josipfranjkovic.blogspot.pt/
Description: Reading local files from Facebook's server (fixed).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://gist.github.com/worawit/84ab41358b8465966224
Description: CVE-2014-6332 PoC to get shell (packed everything in one html).

URL: https://github.com/inaz2/roputils
Description: A Return-oriented Programming toolkit.

URL: https://github.com/c0r3dump3d/Parsero
Description: Robots.txt audit tool.

URL: https://github.com/bidord/pykek
Description: Kerberos Exploitation Kit MS14-068 (CVE-2014-6324).

URL: http://cxsecurity.com/issue/WLB-2014120030
Description: tnftp in MacOS X 10.10 & FreeBSD10 RCE Exploit.

URL: https://securityreliks.wordpress.com/2010/08/20/devtcp-as-a-weapon/
Description: /dev/tcp as a weapon. 😊

URL: http://desowin.org/usbpcap/tour.html
Description: USB Packet capture for Windows.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://cybersecurity.upv.es/attacks/offset2lib/offset2lib.html
Description: Offset2lib - bypassing full ASLR on 64bit Linux.

URL: http://securityintelligence.com/spoofedme-social-login-attack-discovered-by-ibm-x-force-researchers/
Description: SpoofedMe Social Login Attack Discovered by IBM X-Force Researchers.

URL: https://evil32.com/
Description: Stay away from 32-bit key IDs in GPG.

URL: http://pen-testing.sans.org/blog/pen-testing/2014/12/04/cross-site-scripting-through-file-metedata
Description: Finding "Zero-Day" XSS Vulns via Doc Metadata.

URL: http://samiux.blogspot.pt/2014/12/howto-arpon-on-kali-linux-109a.html
Description: How - ArpON on Kali Linux 1.0.9a (Free Tips).

URL: https://forsec.nl/2014/12/reading-outlook-using-metasploit/
Description: Reading Outlook using Metasploit.

URL: http://h30499.www3.hp.com/t5/Fortify-Application-Security/Leveraging-SimpleHTTPServer-as-a-Simple-Web-Honeypot/ba-p/6682905
Description: Leveraging SimpleHTTPServer as a Simple Web Honeypot.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://www.jfedor.org/aaquake2/
Description: Text Mode Quake II.

URL: http://alexnisnevich.github.io/untrusted/
Description: The continuing adventures of Dr. Eval.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 51 | Month: December | Year: 2014 | Release Date: 19/12/2014 | Edition: 45º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://researchcenter.paloaltonetworks.com/2014/12/google-chrome-exploitation-case-study/
Description: Google Chrome Exploitation – A Case Study.

URL: https://blog.gaborszathmari.me/2014/12/10/wordpress-exploitation-with-xss/
Description: WordpreXSS Real Exploitation using CVE-2014-9031.

URL: http://securityaffairs.co/wordpress/31120/hacking/fixed-critical-flaw-blogger-allows-write-posts-blog.html
Description: Fixed a critical flaw in Blogger that allows to write posts on any blog.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://morris.guru/detecting-kippo-ssh-honeypots/
Description: Detecting Kippo SSH honeypots, bypassing patches, and all that jazz.

URL: https://github.com/shipcod3/sapConfigServlet_rce
Description: SAP ConfigServlet Unauthenticated Remote Code Execution Vulnerability.

URL: https://github.com/joernchen/DeviseDoor
More: https://github.com/plataformatec/devise/issues/3371
Description: RoR - Devise PoC in memory Backdoor.

URL: https://github.com/Prochainezo/xss2shell
Description: Tool for abusing XSS vulnerabilities on Wordpress and Joomla! installations

URL: https://github.com/JonathanSalwan/abf
Description: Abstract Binary Format Manipulation - ELF, PE and Mach-O format.

URL: http://briskinfosec.blogspot.in/2014/12/reverce-shells-for-exploit-command.html?m=1
Description: Reverse Shell's for exploit command execution attack

URL: https://github.com/seastorm/PuttyRider
Description: Hijack Putty sessions in order to sniff conversation and inject Linux commands.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://www.cipherdyne.org/blog/2014/12/ram-disks-and-saving-your-ssd-from-afl-fuzzing.html
Description: RAM Disks and Saving Your SSD From AFL Fuzzing (Tips and Tweaks).

URL: http://homakov.blogspot.gr/2014/11/hacking-file-uploaders-with-race.html
Description: Hacking file uploaders with race condition.

URL: https://blog.whitehatsec.com/hackerkast-11-bonus-round/
Description: The Latest with Clickjacking!

URL: http://blog.opensecurityresearch.com/2012/02/json-csrf-with-parameter-padding.html
Description: JSON CSRF with Parameter Padding. (Old but Gold!)

URL: http://dogber1.blogspot.fr/2009/05/table-of-reverse-engineered-bios.html
Description: BIOS Password Backdoors in Laptops. (Stil Works 😈)

URL: http://insert-script.blogspot.co.at/2014/12/multiple-pdf-vulnerabilites-text-and.html
Description: Multiple PDF Vulnerabilites - Text and Pictures on Steroids.

URL: http://blog.malwaretracker.com/2014/12/cve-2014-4114cve-2014-6352-evade-av-by.html?spref=tw
Description: CVE-2014-4114/CVE-2014-6352 Evade AV by removing read access in zip structure.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://robertheaton.com/2014/12/08/fun-with-your-friends-facebook-and-tinder-session-tokens/
Description: Fun with your friend's Facebook and Tinder sessions.

URL: http://js1k.com/2014-dragons/demo/1854
Description: Minecraft in 1k JavaScript showing water, hills, trees and fog.

URL: http://nathanfriend.io/inspirograph/
Description: Inspirograph!


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 52 | Month: December | Year: 2014 | Release Date: 26/12/2014 | Edition: 46º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://git-blame.blogspot.pt/2014/12/git-1856-195-205-214-and-221-and.html
More: https://github.com/blog/1938-vulnerability-announced-update-your-git-clients
PoC: https://gitcasefail.googlecode.com/svn/trunk/repo/ (Vulnerable Repo)
Description: Update your Git clients! 

URL: http://sintheticlabs.com/blog/a-look-inside-facebooks-source-code.html
Description: A look inside Facebook's "source code". 😆

URL: http://hak-it.blogspot.pt/2014/12/stored-xss-on-facebook-and-twitter_18.html
Description: Stored XSS on facebook and twitter!


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://pen-testing.sans.org/blog/pen-testing/2014/12/10/awkward-binary-file-transfers-with-cut-and-paste
Description: Awkward Binary File Transfers with Cut and Paste.

URL: http://hooked-on-mnemonics.blogspot.pt/p/injdmp.html
Description: injdmp is a tool for dumping injected processes and dumping process memory that is marked as RWX. 

URL: http://www.darknet.org.uk/2014/12/bluemaho-project-bluetooth-security-testing-suite/
Description: BlueMaho Project – Bluetooth Security Testing Suite.

URL: https://github.com/droope/droopescan
Description: A plugin-based scanner to identifying issues in several CMSs, mainly Drupal and Silverstripe.

URL: https://github.com/k33nteam/cc-shellcoding
Blog: http://www.k33nteam.org/blog.htm
Description: Framework dedicated to avoiding shellcoding in your project (focused on PoC for vulnerability response).

URL: http://xgusix.com/blog/analyzing-a-malicious-excel-file-with-oledump-py/
Tool: http://blog.didierstevens.com/2014/12/17/introducing-oledump-py/
Description: Analyzing a malicious Excel file with oledump.py.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://titanous.com/posts/docker-insecurity
Description: Docker Image Insecurity.

URL: http://lifeat.tetrane.com/2014/12/ie-crash-analysis.html
Description: IE crash analysis.

URL: http://breenmachine.blogspot.gr/2014/12/raining-shells-ambari-0-day.html
Description: Raining Shells - Ambari "0-day".

URL: https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/
Description: Analysis of the CVE-2013-6435 Flaw in RPM.

URL: http://www.justanotherhacker.com/2011/12/writing-a-stealth-web-shell.html
Description: Writing a stealth web shell.

URL: http://web-in-security.blogspot.pt/2014/11/detecting-and-exploiting-xxe-in-saml.html
Description: Detecting and exploiting XXE in SAML Interfaces.

URL: https://media.defcon.org/DEF%20CON%2022/DEF%20CON%2022%20video%20and%20slides/
Description: DEF CON 22 (Dump 😃).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://www.keurighack.com/
Description: Hacking Coffe Machines!

URL: https://www.druid.es/content/gopro-firmware-forensic
Description: GoPro firmware forensic.

URL: http://hackertyper.com/
Description: Hackishhh.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 01 | Month: January | Year: 2015 | Release Date: 02/01/2015 | Edition: 47º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://trmm.net/thunderstrike
Description: Apple EFI firmware security vulnerability.

URL: http://attack-secure.com/hacked-facebook-word-document/
Description: How I Hacked Facebook with a Word Document.

URL: http://mis.fortunecook.ie/
Slides: http://mis.fortunecook.ie/too-many-cooks-exploiting-tr069_tal-oppenheim_31c3.pdf
Description: Critical vulnerability present on millions of residential gateway (SOHO router).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://www.signedness.org/tools/
Description: MITM-SSH, MITM-SSL, IWsniff and More.

URL: https://code.google.com/p/google-security-research/issues/detail?id=118
Description: Windows - Elevation of Privilege in ahcache.sys/NtApphelpCacheControl (Unpatched).

URL: http://www.wains.be/pub/networking/tcpdump_advanced_filters.txt
Description: tcpdump Advanced Filters.

URL: http://aluigi.altervista.org/mytoolz.htm
Description: Network, Reverse, Packers and More (Tools Dump).

URL: http://dnscrypt.org/
Blog: http://www.exploit-monday.com/2014/12/encrypting-and-viewing-dns-connections.html
Description: Encrypting and Viewing DNS Connections Using DNSCrypt for Windows.

URL: http://khr0x40sh.wordpress.com/2014/06/10/moftastic_powershell/
Description: MOF-tastic tricks or how to use MOF and powershell together.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://gkbrk.com/blog/read?name=reverse_engineering_the_speedtest_net_protocol
Description: Reverse Engineering the Speedtest.net Protocol.

URL: http://www.vanimpe.eu/2014/12/13/using-elk-dashboard-honeypots/
Description: Using ELK as a dashboard for honeypots.

URL: http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html
Description: Predicting Struts CSRF Token (CVE-2014-7809).

URL: http://blog.xbc.nz/2014/12/lastpass-attempt-at-client-side-android.html
Description: LastPass' attempt at client-side Android encryption with JavaScript - a breakdown.

URL: http://breenmachine.blogspot.gr/2014/12/mssql-mitm-ftw-ettercap-and-responder.html
Description: MSSQL MITM FTW - Ettercap and Responder to Intercept (plaintext!) MSSQL Creds.

URL: https://blog.hboeck.de/archives/863-Dont-update-NTP-stop-using-it.html
Description: Don't update NTP - stop using it.

URL: https://bettercrypto.org/
Description: Best Practices regarding the configuration of cryptographic tools and online communication.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://www.montulli.org/theoriginofthe%3Cblink%3Etag
Description: The Origins of the  Tag.

URL: http://www.its.caltech.edu/~costis/sgb_hack/
Description: The quest for dumping GameBoy Boot ROMs!


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 02 | Month: January | Year: 2015 | Release Date: 09/01/2015 | Edition: 48º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://github.com/jduck/asus-cmd
Background: http://dnlongen.blogspot.pt/2014/10/CVE-2014-2718-Asus-RT-MITM.html
Why: https://github.com/RMerl/asuswrt-merlin/blob/master/release/src/router/infosvr/common.c#L177
Fun: https://github.com/RMerl/asuswrt-merlin/blob/master/release/src/router/infosvr/common.c#L240
Description: ASUS Router UDP Broadcast Command Execution.

URL: https://stribika.github.io/2015/01/04/secure-secure-shell.html
Description: Secure Secure Shell - Guide!


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/Octosec/tckfc
Description: TrueCrypt key file cracker.

URL: https://github.com/sophron/wifiphisher
Description: Fast automated phishing attacks against WPA networks.

URL: https://code.google.com/p/usboblivion/
Description: An utility designed to erase all traces of USB drives from Windows registry.

URL: https://github.com/shazow/ssh-chat
Description: Chat over SSH.

URL: https://github.com/m1el/esdeobfuscate
Description: PoC JavaScript AST deobfuscator based on partial evaluation. (MSF Reverse)

URL: https://github.com/lgandx/PCredz
Description: Extraction tool from live interface or pcap file.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://endrift.com/mgba/2014/12/28/classic-nes/
Description: Classic NES Series Anti-Emulation Measures.

URL: http://www.insinuator.net/2014/12/revisiting-an-old-friend-shell-globbing/
Description: Revisiting an Old Friend - Shell Globbing.

URL: https://blog.haschek.at/post/fd9bc
Description: Why are free proxies free?

URL: http://ednolo.alumnos.upv.es/?p=1883
Description: Reverse-engineering the default WPA key generation algorithm for Pirelli routers in Argentina.

URL: http://ednolo.alumnos.upv.es/papers/advisories/CVE-2015-0554_pirelli.txt
Description: ADB BroadBand Pirelli ADSL2/2+ Wireless Router P.DGA4001N  remote information disclosure HomeStation Movistar.

URL: http://www.ifc0nfig.com/moonpig-vulnerability/
Description: Moonpig vulnerability.

URL: https://hatriot.github.io/blog/2015/01/06/ntpdc-exploit/
Description: Ntpdc Local Buffer Overflow.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://hackerschool.org/DefconCTF/17/B300.html
Description: We've created a write-up for b300 as a cartoon.

URL: http://moviecode.tumblr.com/
Description: Source Code in TV and Films.

URL: https://cmd.fm/
Description: Command-line radio for computer geeks.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 03 | Month: January | Year: 2015 | Release Date: 16/01/2015 | Edition: 49º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://habrahabr.ru/company/pt/blog/247709/
Description: Another vulnerability in Facebook (CRLF).

URL: http://zoczus.blogspot.de/2015/01/yammercom-same-origin-method-execution.html?spref=tw
Description: yammer.com - Same Origin Method Execution.

URL: http://rtwaysea.net/blog/blog-2013-10-18-long.html
Description: Another methodology for bypassing the XSS filter in all versions of MSIE browser. 


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/rodionovd/liblorgnette
Description: Lorgnette is a library for locating symbols of any running process on OSX.

URL: http://michenriksen.com/blog/gitrob-putting-the-open-source-in-osint/
Description: Gitrob - Putting the Open Source in OSINT.

URL: http://seclist.us/inception-is-a-physical-memory-manipulation-and-hacking-tool-exploiting-pci-based-dma.html
Description: Inception is a physical memory manipulation and hacking tool exploiting PCI-based DMA.

URL: http://networkfilter.blogspot.pt/2015/01/be-your-own-vpn-provider-with-openbsd.html
Description: Be your own VPN provider with OpenBSD.

URL: http://www.hexacorn.com/blog/2015/01/08/decompiling-compiled-autoit-scripts-64-bit-take-two/
Description: Decompiling compiled AutoIT scripts (64-bit), take two.

URL: https://github.com/WillYee/syscall_hooker
Description: A library for hooking system calls globally on OS X 10.9.5

URL: https://milo2012.wordpress.com/2015/01/08/proxy-tester-script/
Description: Proxy Tester Script.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://blog.sucuri.net/2015/01/website-backdoors-leverage-the-pastebin-service.html
Description: Website Backdoors Leverage the Pastebin Service.

URL: https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/
Description: Linux DDoS Trojan hiding itself with an embedded rootkit.

URL: http://web-in-security.blogspot.pt/2015/01/save-your-cloud-exploiting-eucalyptus.html?spref=tw
Description: Save Your Cloud - Exploiting Eucalyptus 4.0.0 and 4.0.1.

URL: http://www.giac.org/paper/gpen/6684/aix-penetration-testers/125890
Description: AIX for Penetration Testers.

URL: http://randomthoughts.greyhats.it/2015/01/osx-bluetooth-lpe.html
Description: Time to fill OSX (Blue)tooth - Local privilege escalation vulnerabilities in Yosemite.

URL: http://www.shortbus.ninja/phishbait-scraping-the-web-for-email-addresses/
Description: Scraping the Web for Email Addresses.

URL: http://smealum.net/?p=517
Description: Run homebrew software on their 3DS/2DS/New 3DS .


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://blog.lse.epita.fr/articles/75-sstpinball.html
Description: Sega Starship Troopers Pinball Overview.

URL: http://script-ed.org/?p=1671
Description: Can CSIRTs Lawfully Scan for Vulnerabilities?


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 04 | Month: January | Year: 2015 | Release Date: 23/01/2015 | Edition: 50º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://drops.wooyun.org/papers/4621#yjs_add_arg=9893
PoC: http://pastebin.com/XXVai0rD (Clean!)
Description: MS15-002 telnet service buffer overflow vulnerability analysis.

URL: http://breakingbits.net/2015/01/18/taking-over-godaddy-accounts-using-csrf
Description: GoDaddy CSRF Vulnerability Allows Domain Takeover.

URL: http://potatohatsecurity.tumblr.com/post/108756906604/admin-google-com-reflected-cross-site-scripting
Description: admin.google.com Reflected Cross-Site Scripting (XSS).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/programa-stic/barf-project
Description: A multiplatform open source Binary Analysis and Reverse engineering Framework (BARF).

URL: http://omriher.blogspot.co.il/2015/01/captipper-malicious-http-traffic.html
Description: CapTipper - Malicious HTTP traffic explorer tool.

URL: http://www.hackwhackandsmack.com/?p=452
Description: Python Share Enumerator.

URL: https://github.com/Gallopsled/pwntools
Description: This is the CTF framework used by Gallopsled in every CTF.

URL: https://github.com/junegunn/fzf
Description: Fuzzy finder for your shell.

URL: https://github.com/hatRiot/zarp
Description: Network Attack Tool.

URL: http://www.labofapenetrationtester.com/2015/01/fun-with-dns-txt-records-and-powershell.html
Description: Fun with DNS TXT Records and PowerShell.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://blog.defragger.org/radare-max++.html
Description: First steps in malware reversing.

URL: http://resources.infosecinstitute.com/intelligence-information-gathering-collecting-twitter-followers-25-lines-python/
Description: Intelligence Information Gathering - Collecting Twitter Followers with 25 lines of Python.

URL: https://github.com/GDSSecurity/Docker-Secure-Deployment-Guidelines
Description: Docker Secure Deployment Guidelines.

URL: http://www.checkpoint.com/downloads/partners/TCC-Silverlight-Jan2015.pdf
Description: Diving into a Silverlight Exploit and Shellcode - Analysis and Techniques.

URL: https://github.com/enaqx/awesome-pentest
Description: A collection of awesome penetration testing resources, tools and other shiny things.

URL: http://sectooladdict.blogspot.co.il/2014/12/el-30-injection-java-is-getting-hacker.html
Description: EL 3.0/Lambda Injection - Hacker Friendly Java.

URL: http://raidersec.blogspot.ca/2013/06/how-browsers-store-your-passwords-and.html
Description: How Browsers Store Your Passwords (and Why You Shouldn't Let Them).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/alex/what-happens-when
Description: What happens when you type google.com into your browser and press enter?

URL: http://packetstormsecurity.com/files/122655/LIXIL-Satis-Toilet-Hard-Coded-Bluetooth-PIN.html
Description: LIXIL Satis Toilet Hard-Coded Bluetooth PIN.

URL: http://www.lofibucket.com/articles/oscilloscope_quake.html
Description: Quake on an oscilloscope - A technical report.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 05 | Month: January | Year: 2015 | Release Date: 31/01/2015 | Edition: 51º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://chargen.matasano.com/chargen/2015/1/27/vulnerability-overview-ghost-cve-2015-0235.html
PoC: https://gist.github.com/koelling/ef9b2b9d0be6d6dbab63
Notes: http://blog.erratasec.com/2015/01/you-shouldnt-be-using-gethostbyname.html
Fix: http://product.reverb.com/2015/01/28/patching-cve-2015-0235-aka-ghost-2/
Description: Ghost Overview (CVE-2015-0235).

URL: https://hackerone.com/reports/44146
Description: Make API calls on behalf of another user (Vimeo CSRF protection bypass).

URL: http://potatohatsecurity.tumblr.com/post/108197611404/yahoo-root-access-sql-injection-tw-yahoo-com
Description: Yahoo - Root Access SQL Injection.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/nccgroup/CrossSiteContentHijacking
Description: Content hijacking proof-of-concept using Flash, PDF and Silverlight. 😈

URL: https://gitweb.torproject.org/user/jvoisin/mat.git
Description: Metadata Anonymisation Toolkit.

URL: http://www.gironsec.com/blog/2015/01/owning_modems_and_routers_silently/
Description: Owning Modems And Routers Silently.

URL: https://github.com/Hykem/psxtract
Description: Tool to decrypt and convert PSOne Classics from PSP/PS3.

URL: https://github.com/PentesterES/Delorean
Description: NTP Main-in-the-Middle Tool.

URL: https://forsec.nl/2015/01/bash-data-exfiltration-through-dns-using-bash-builtin-functions/
Description: Bash data exfiltration through DNS (using bash builtin functions).

URL: http://securitycafe.ro/2014/12/19/how-to-intercept-traffic-from-java-applications/
Description: How to intercept traffic from Java applications.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://chichou.0ginr.com/blog/1023
Description: A real case study of XSS through EXIF headers.

URL: https://capsop.com/phpmyadmin
Description: PHPMYADMIN PMA VULN CVE-2009-1151 (Yep Still the same!)

URL: http://www.malwaretech.com/2015/01/using-kernel-rootkits-to-conceal.html
Description: Using Kernel Rootkits to Conceal Infected MBR.

URL: http://wouter.coekaerts.be/2015/resurrecting-phantomreference
Description: Resurrecting a PhantomReference (Java Necromancy).

URL: https://fail0verflow.com/blog/2014/hubcap-chromecast-root-pt1.html (-root-pt2.html)
Description: Pwning the ChromeCast! (Part I and II).

URL: https://milo2012.wordpress.com/2015/01/09/pentesting-firebird-database/
Description: Pentesting Firebird Databases.

URL: http://kukuruku.co/hub/infosec/backdoor-in-a-public-rsa-key
PoC: https://gist.github.com/ryancdotorg/18235723e926be0afbdd
Description: Backdoor in a Public RSA Key.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://www.rfcreader.com/
Description: RFC Reader.

URL: http://js-dos.com/
Description: On this site you can play in famous old dos games in browser.

URL: https://github.com/joaojeronimo/rimrafall
Description: npm install could be dangerous.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 06 | Month: February | Year: 2015 | Release Date: 06/02/2015 | Edition: 52º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://innerht.ml/blog/ie-uxss.html
Original PoC: http://www.deusen.co.uk/items/insider3show.3362009741042107/
Description: Bypass of the Same-Origin Policy (SOP) on Internet Explorer. 😈

URL: http://www.bulbsecurity.com/more-book-exercises-guessable-credentials-apache-tomcat/
Description: Guessable Credentials-Apache Tomcat.

URL: http://wiki.secarmour.com/2013/02/ssi-injection-attack.html
Description: SSI Injection Attack.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/StalkR/dns-reverse-proxy
Blog: http://blog.stalkr.net/2015/01/dns-reverse-proxy.html
Description: DNS Reverse Proxy.

URL: https://github.com/dotcppfile/DAws
Description: Advanced Web Shell.

URL: https://github.com/ant4g0nist/lisa.py
Description: An Exploit Dev Swiss Army Knife.

URL: https://binjitsu.readthedocs.org/en/latest/
Description: Binjitsu is a CTF framework and exploit development library. 

URL: https://github.com/diafygi/webrtc-ips
Description: STUN IP Address requests for WebRTC, get local and external IP.

URL: https://github.com/rurapenthe/hashfind
Description: Tool to search files for matching password hash types and other data.

URL: https://github.com/USArmyResearchLab/Dshell
Description: Dshell is a network forensic analysis framework.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://0x00string.com/hacktionary/index.php?title=AllShare_Cast
Description: AllShare Cast Security Research.

URL: http://securitycafe.ro/2015/01/05/understanding-php-object-injection/
Description: Understanding PHP Object Injection.

URL: http://argus-sec.com/blog/remote-attack-aftermarket-telematics-service/
Description: A remote attack on an aftermarket telematics service (Car Hacking).

URL: https://blog.netspi.com/advisory-xxe-injection-oracle-database-cve-2014-6577/
Description: XXE Injection in Oracle Database (CVE-2014-6577).

URL: http://www.davidlitchfield.com/Privilege_Escalation_via_Oracle_Indexes.pdf
Description: Privilege Escalation via Oracle Indexes.

URL: http://h30499.www3.hp.com/t5/Fortify-Application-Security/Owning-SQLi-vulnerability-with-SQLmap/ba-p/6698577
Description: Owning SQLi vulnerability with SQLmap.

URL: http://drops.wooyun.org/papers/4762
Description: Linux symbolic link attacks.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://keygenmusic.net/
Description: Music from keygens, cracks, trainers, intros.

URL: https://github.com/madrobby/secure.js
Description: Better and more secure JavaScript!

URL: http://shipyourenemiesglitter.com/
Description: We send glitter to the people you hate. 😸


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 07 | Month: February | Year: 2015 | Release Date: 13/02/2015 | Edition: 53º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://danlec.com/blog/hackerones-first-xss
Description: HackerOne's First XSS.

URL: http://zoczus.blogspot.pt/2015/02/evercookieswf-stored-cross-site.html
Description: evercookie.swf - Stored Cross-Site Scripting (Flash XSS).

URL: http://potatohatsecurity.tumblr.com/post/110024705384/google-com-mobile-feedback-url-redirect
Description: Google.com - Mobile Feedback URL Redirect Regex/Validation Flaw.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/rmitton/incbin
Description: Tiny cross-platform utility for including binaries into C source.

URL: https://github.com/dev-zzo/exploits-nt-privesc
Description: Exploit collection for NT privilege escalation.

URL: https://github.com/NorthernSec/CVE-Scan
Description: Scan systems with NMap and parse the output to a list of CVE's, CWE's and DPE's.

URL: https://github.com/ddcc/samsung_ssd
Description: Samsung SSD Firmware Deobfuscation Utility.

URL: http://samdmarshall.com/re.html
Description: Reverse Engineering Resources (MacOSX).

URL: https://gitlab.maikel.pro/maikeldus/WhatsSpy-Public/wikis/home
Description: Proof of Concept that Whatsapp is broken in terms of privacy.

URL: https://net-ninja.net/article/2010/Oct/04/taking-control-of-a-jsp-environment/
Description: Taking control of a JSP environment (l33t).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://breakingmalware.com/vulnerabilities/one-bit-rule-bypassing-windows-10-protections-using-single-bit/
Description: One-Bit To Rule Them All - Bypassing Windows'10 Protections using a Single Bit.

URL: https://www.checkmarx.com/2014/08/20/swift-security-issues/
Description: Swift Vulnerabilities - What the New Language Did Not Fix.

http://blog.gdssecurity.com/labs/2015/1/26/badsamba-exploiting-windows-startup-scripts-using-a-maliciou.html
Description: BadSamba - Exploiting Windows Startup Scripts Using A Malicious SMB Server.

URL: https://rateip.com/blog/sql-injections-in-mysql-limit-clause/
Description: SQL Injections in MySQL LIMIT clause.

URL: http://adsecurity.org/?p=1275
Description: Attackers Can Now Use Mimikatz to Implant Skeleton Key on Domain Controllers & BackDoor Your AD Forest.

URL: https://isc.sans.edu/forums/diary/Finding+Privilege+Escalation+Flaws+in+Linux/19207/
Description: Finding Privilege Escalation Flaws in Linux (Tools).

URL: http://labs.bromium.com/2015/02/02/exploiting-badiret-vulnerability-cve-2014-9322-linux-kernel-privilege-escalation/
Description: Exploiting "BadIRET" vulnerability (CVE-2014-9322, Linux kernel privilege escalation).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://saijogeorge.com/css-puns/
Description: CSS Puns & CSS Jokes

URL: http://vanilla-js.com/
Description: Vanilla JS is a fast, lightweight, cross-platform framework for building incredible, powerful JS applications.

URL: https://github.com/MrMEEE/bumblebee-Old-and-abbandoned/issues/123
Description: Install script does "rm -rf /usr" for Ubuntu.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 08 | Month: February | Year: 2015 | Release Date: 20/02/2015 | Edition: 54º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://github.com/cryptostorm/leakblock/tree/master/superfish.com
Why Not: https://blog.filippo.io/make-your-own-superfish-infected-vm/
Blog: http://blog.erratasec.com/2015/02/extracting-superfish-certificate.html
Certificate: https://gist.github.com/mathiasbynens/7a13a467b22c42505490#file-private-key-pem
Description: Lenovo SuperFish Awesomeness 😂.

URL: http://danlec.com/blog/hacking-stackoverflow-com-s-html-sanitizer
Description: Hacking stackoverflow.com's HTML sanitizer.

URL: http://philippeharewood.com/paging-cursors-leaking-data-in-graph-api/
Description: Paging Cursors leaking data in Graph API (Facebook).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://www.shellcheck.net/
Description: Automatically detects problems with sh/bash scripts and commands.

URL: https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/
Description: Decrypting TLS Browser Traffic With Wireshark - The Easy Way!

URL: https://github.com/wapiflapi/exrs
Description: Exercises for learning Reverse Engineering and Exploitation.

URL: https://github.com/citronneur/rdpy
Description: Remote Desktop Protocol in twisted python. (Handy!)

URL: https://github.com/clymb3r/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1
Description: Invoke-Mimikatz in Memory Only with PowerShell.

URL: http://seclists.org/fulldisclosure/2015/Feb/56
Description: NetGear Routers Pownage.

URL: http://sourceforge.net/projects/packeth/
Description: packETH is a Linux GUI packet generator tool for ethernet.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://shubh.am/exploiting-markdown-syntax-and-telescope-persistent-xss-through-markdown-cve-2014-5144/
Description: Exploiting Markdown Syntax and Telescope Persistent XSS through Markdown (CVE-2014-5144).

URL: http://blog.sucuri.net/2015/02/creative-evasion-technique-against-website-firewalls.html
Description: Creative Evasion Technique Against Website Firewalls.

URL: https://www.trustedsec.com/january-2015/account-hunting-invoke-tokenmanipulation/
Description: Account Hunting for Invoke-TokenManipulation (Pentesting).

URL: http://www.evilsocket.net/2015/01/29/nike-fuelband-se-ble-protocol-reversed/
Description: Nike+ FuelBand SE BLE Protocol Reversed.

URL: http://www.insinuator.net/2015/01/evasion-of-cisco-acls-by-abusing-ipv6-discussion-of-mitigation-techniques/
Description: Evasion of Cisco ACLs by (Ab)Using IPv6 & Discussion of Mitigation Techniques.

URL: https://rh0dev.github.io/blog/2015/fun-with-info-leaks/
Description: Fun With Info-Leaks.

URL: http://haxelion.eu/article/LD_NOT_PRELOADED_FOR_REAL/
Description: LD_NOT_PRELOADED_FOR_REAL (LD_PRELOAD the Other Side).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/yaronn/blessed-contrib
Description: Build terminal dashboards using ascii/ansi art and javascript.

URL: http://pixelscommander.com/en/javascript/nasa-coding-standarts-for-javascript-performance/
Description: Applying NASA coding standards to JavaScript.

URL: https://littleosbook.github.io/
Description: The little book about OS development.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 09 | Month: February | Year: 2015 | Release Date: 27/02/2015 | Edition: 55º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://jasminderpalsingh.info/single.php?p=84
Description: Youtube Editor Stored DOM Based and Self Executed XSS Vulnerability.

URL: http://sekurak.pl/xss-w-domenie-www-google-com-postini-header-analyzer/
Description: www.google.com domain XSS (Postini Header Analyzer).

URL: http://www.7xter.com/2015/02/how-i-hacked-your-facebook-photos.html
Description: How I Hacked Your Facebook Photos.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/nccgroup/loki
Description: LOKI (Limited Obstructive Keyboard Impersonator) is a RDP File Transfer Tool Using Keypresses.

URL: https://github.com/Neo23x0/Loki
Description: Loki - Simple IOC Scanner (Malware Security Research).

URL: https://github.com/Atticuss/SQLViking
Description: Sniff/log database traffic or actively execute arbitrary queries via TCP injection.

URL: https://github.com/sensepost/Jack
Blog: http://www.sensepost.com/blog/11105.html
Description: ClickJacking PoC development assistance tool.

URL: http://blog.cobaltstrike.com/2015/02/25/my-favorite-powershell-post-exploitation-tools/
Description: My Favorite PowerShell Post-Exploitation Tools (Post-Exploitation Helper).

URL: https://github.com/akiym/pedal
Description: PEDAL - Python Exploit Development Assistance for GDB Lite.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://infosec42.blogspot.de/2015/02/exploit-seagate-blackarmor-network.html
Description: Seagate BlackArmor Business Storage Network Storage System (RCE).

URL: http://blog.secureideas.com/2015/02/adventures-in-ldap-injection-exploiting.html
Description: Adventures in LDAP Injection - Exploiting and Fixing.

URL: http://s1gnalcha0s.com/node/2015/01/31/SSJS-webshell-injection.html
Description: SSJS Web Shell Injection.

URL: http://www.en.pentester.es/2015/02/from-case-insensitive-to-rce.html
Description: From Case-Insensitive to RCE. (Ninja)

URL: http://www.proteansec.com/linux/installing-using-cuckoo-malware-analysis-sandbox/
Description: Installing and Using Cuckoo Malware Analysis Sandbox.

URL: https://blogs.rsa.com/dns-poisoning-used-boleto-fraud/
Description: DNS Poisoning Used In Boleto Fraud.

URL: http://w00tsec.blogspot.pt/2015/02/firmware-forensics-diffs-timelines-elfs.html
Description: Firmware Forensics: Diffs, Timelines, ELFs and Backdoors.

URL: http://www.vulnerability-lab.com/get_content.php?id=1432
Description: Facebook Bug Bounty #23 - Session ID & CSRF Vulnerability.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://xmodulo.com/presentation-command-line-linux.html
Description: How to create and show a presentation from the command line on Linux.

URL: https://github.com/hgarc014/git-game
Description: Terminal game to test git skills.

URL: http://twitterbiogenerator.com/
Description: Don't think too hard about it. Use this thingy to generate a Twitter bio for yourself.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 10 | Month: March | Year: 2015 | Release Date: 09/03/2015 | Edition: 56º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://github.com/opencart/opencart/issues/1534
Background: https://prezi.com/5hif_vurb56p/php-object-injection-revisited/
Description: PHP Object Injection Vulnerability. (This is Not a vulnerability!) 😆

URL: https://beyondbinary.io/advisory/seagate-nas-rce/
Description: Advisory - Seagate NAS Remote Code Execution Vulnerability.

URL: https://www.smacktls.com/#freak
More: https://freakattack.com/
Description: FREAK - Factoring RSA Export Keys.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/jfoote/exploitable
Description: GDB extension that classifies Linux application bugs by severity. 

URL: https://github.com/ohjeongwook/FlashHacker
Description:  ActionScript Bytecode instrumentation framework. 

URL: http://thorly.batr.am/
Description: Flash security scanner.

URL: https://gist.github.com/worawit/33cc5534cb555a0b710b
Description: "PoC" for Samba vulnerabilty (CVE-2015-0240).

URL: https://github.com/afaqurk/linux-dash
Description: A drop-in, low-overhead monitoring web dashboard for a linux machine.

URL https://github.com/dionach/CMSmap
Description: Tool that automates the process of detecting security flaws of the most popular CMSs.

URL: http://blog.rootshell.be/2015/03/04/phpmoadmin-0-day-nmap-script/
Description: phpMoAdmin 0-day Nmap Script.

URL: https://blog.whitehatsec.com/dnstest-monitor-your-dns-for-hijacking/
Description: Monitor Your DNS for Hijacking.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://samsclass.info/124/proj14/norton.htm
Description: Norton vs Python.

URL: http://secureornot.blogspot.co.il/2015/03/gopro-update-mechanism-exposes-multiple.html
Description: GoPro update mechanism exposes multiple users Wi-Fi passwords.

URL: https://barrebas.github.io/blog/2015/02/22/maximum-overkill-two-from-format-string-vulnerability-to-remote-code-execution/
Description: Maximum Overkill Two - From Format String Vulnerability to Remote Code Execution.

URL: http://securitycafe.ro/2015/02/23/bypassing-windows-lock-screen-via-flash-screensaver/
Description: Bypassing Windows Lock Screen via Flash Screensaver.

URL: http://www.xexexe.cz/2015/02/bruteforcing-tp-link-routers-with.html
Description: Bruteforcing TP-Link routers with JavaScript.

URL: http://www.vnsecurity.net/research/2015/02/12/msie-vuln-analysis.html
Description: Ms IE 9-11 Windows 7-8.1 Vulnerability (Uninitialized Memory Corruption Lead to Code Execution).

URL: http://www.contextis.com/resources/blog/automating-removal-java-obfuscation/
Description: Automating Removal of Java Obfuscation.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://pixelambacht.nl/2015/sans-bullshit-sans/
Description: Sans Bullshit Sans - leveraging the synergy of ligatures.

URL: https://github.com/zku/PwnAdventure3Hacks
Description: A tiny hacking framework for the PwnAdventure3 - Pwnie Island game created.

URL: https://github.com/sqall01/alertR
Description: An unified client/server based alerting system (RPi).


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 11 | Month: March | Year: 2015 | Release Date: 13/03/2015 | Edition: 57º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://drops.wooyun.org/papers/5107
Blog: https://jordan-wright.github.io/blog/2015/03/08/elasticsearch-rce-vulnerability-cve-2015-1427/
PoC: https://github.com/XiphosResearch/exploits/tree/master/ElasticSearch
Description: ElasticSearch Groovy script RCE analysis (CVE-2015-1427).

URL: https://hackerone.com/reports/48516
Description: Redirect URL in /intent/ functionality is not properly escaped (Twitter XSS).

URL: http://sakurity.com/blog/2015/03/05/RECONNECT.html
Description: RECONNECT - Critical bug in websites with Facebook Login.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/DanMcInerney/net-creds
Description: Sniffs sensitive data from interface or pcap.

URL: https://github.com/pentestgeek/phishing-frenzy-templates
Description: Phishing Scenarios Used for Phishing Frenzy.

URL: https://manifestsecurity.com/appie/
Description: Appie – Android Pentesting Portable Integrated Environment.

URL: https://github.com/ohjeongwook/Samsung-TV-Hacks
Description: Samsung-TV-Hacks.

URL: https://github.com/jingchunzhang/backdoor_rootkit/tree/master/mod_rootme-0.4
Description: mod_rootme - making Apache almost as insecure as IIS 5.

URL: https://github.com/erwanlr/Fingerprinter
Description: Tool to find the version of the remote application/third party script.

URL: https://github.com/wishstudio/flinux
Description: Dynamic binary translator and a Linux system call interface emulator for the Windows platform.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://christian-schneider.net/ChromeSopBypassWithSvg.html
Description: Chrome SOP Bypass with SVG (CVE-2014-3160).

URL: https://lqdc.github.io/making-finfisher-undetectable.html
Description: Making Finfisher Undetectable.

URL: https://www.nccgroup.com/media/481815/technical-advisory-multiple-vulnerabilities-in-mailenable.pdf
Description: Multiple Vulnerabilities in MailEnable.

URL: http://theelectronjungle.com/2015/02/15/use-after-free-in-vlc-2.1.x/
Description: Use-After-Free in VLC 2.1.x ∞.

URL: https://github.com/80vul/phpcodz
Description: PHP Codz Hacking - Security Research Overview.

URL: http://w00tsec.blogspot.pt/2015/02/extracting-raw-pictures-from-memory.html
Description: Extracting RAW pictures from memory dumps.

URL: http://www.malwaretech.com/2014/04/coding-malware-for-fun-and-not-for.html
Description: Coding Malware for Fun and Not for Profit (Because that would be illegal) 😍.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/apuigsech/wargames/tree/master/matasano/crypto-challenges
Description: Wargames by Matasano (Crypto-Challenges Set 1).

URL: https://keboch.wordpress.com/2008/11/09/please-accept-this-spider-as-payment/
Description: Please accept this spider as payment.

URL: https://gist.github.com/dchest/7225cf79c1ea2166489c
Description: Swift HashDoS.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 12 | Month: March | Year: 2015 | Release Date: 20/03/2015 | Edition: 58º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://googleprojectzero.blogspot.pt/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
PoC I: https://github.com/google/rowhammer-test 
PoC II: https://github.com/CMU-SAFARI/rowhammer 
PoC III: http://packetstormsecurity.com/files/130715/rowhammer.tgz
Mitigation: http://blogs.cisco.com/security/mitigations-available-for-the-dram-row-hammer-vulnerability
Description: Exploiting the DRAM rowhammer bug to gain kernel privileges.

URL: http://www.7xter.com/2015/03/how-i-exposed-your-private-photos.html
Description: How I Exposed Your Private Photos - Facebook Private Photos Hack.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/certsocietegenerale/FIR
Description: Fast Incident Response (FIR) is an cybersecurity incident management platform.

URL: https://github.com/CIRCL/url-abuse
Description: A Versatile Software for URL review, analysis and black-list reporting.

URL: https://github.com/saelo/armpwn
Description: Repository to train/learn memory corruption on the ARM platform.

URL: https://github.com/joelpx/reverse
Description: Reverse engineering (x86/elf) to pseudo-C.

URL: https://github.com/jpillora/chisel
Description: A fast TCP tunnel over HTTP.

URL: https://github.com/skepticfx/wshook
Description: Easily hook into WebSocket request and response.

URL: http://nullsecurity.net/tools.html
Description: Selection of security and hacking tools (NullSecurity Dump).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/
Related: https://www.nettitude.co.uk/bypassing-av-easy-way/
Description: An Experiment in AV Evasion (w/ PoC).

URL: http://www.pritect.net/blog/esc_sql-doh-wordpress-sql-injection-vulnerability
Description: esc_sql Doh! WordPress SQL Injection Vulnerability.

URL: http://jumpespjump.blogspot.in/2013/01/making-usb-flash-drive-hw-trojan.html
Description: Making a USB flash drive HW Trojan.

URL: http://secniche.blogspot.pt/2015/03/a-real-world-story-of-cve-2014-6332-rce.html
Description: A Real World Story of CVE-2014-6332 - RCE and Malware Download via VBScript!

URL: http://www.halfdog.net/Security/2015/HavingFunWithDmesg/
Description: Having Fun With Dmesg.

URL: http://0xthem.blogspot.gr/2015/03/hijacking-ssh-to-inject-port-forwards.html
Description: Hijacking SSH to Inject Port Forwards.

URL: http://securitycafe.ro/2015/01/28/intercepting-functions-from-statically-linked-libraries/
Description: Intercepting functions from statically linked libraries.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/duckinator/meep
Description: Polyglot program - Hello World in Ruby, C, PHP, and JavaScript.

URL: https://github.com/veltman/clmystery
Description: A command-line murder mystery.

URL: http://www.hackersusethis.com/
Description: Hackers Use This.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 13 | Month: March | Year: 2015 | Release Date: 27/03/2015 | Edition: 59º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html
Description: The old is new, again. CVE-2011-2461 is back!

URL: http://sekurak.pl/kolejny-xss-w-www-google-com-custom-search-engine/
Description: Another XSS in www.google.com (Custom Search Engine).

URL: http://netwars-project.com/webdoc
Description: Web series exploring the impending threat of cyberwarfare.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/botherder/cryptoletter
Description: Simple script for PGP encrypted newsletter.

URL: https://github.com/g0tmi1k/os-scripts/blob/master/kali.sh
Description: Personal (g0tmilk) post install script for Kali Linux.

URL: https://github.com/slimm609/checksec.sh
Description: Bash script to check executable properties like (PIE, RELRO, PaX, Canaries, ASLR, Fortify Source).

URL: https://x-ryl669.github.io/Frost/
Description: I needed a tool I can rely on to backup my work and personal data.

URL: https://github.com/SecurityObscurity/cve-2015-0313
Description: Adobe Flash vulnerability source code (CVE-2015-0313) from Angler Exploit Kit.

URL: https://github.com/stealth/troubleshooter
Description: SELinux vulnerabiliteis (80's style exploit techniques).

URL: https://mozillasecurity.github.io/dharma/
Description: A generation-based, context-free grammar fuzzer.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://breakingmalware.com/vulnerabilities/vulnerability-patching-learning-from-avg-on-doing-it-right/
Description: Vulnerability Patching - Learning from AVG on Doing it Right.

URL: http://labs.detectify.com/post/114572572966/stealing-files-from-web-servers-by-exploiting-a
Description: Stealing files from web servers by exploiting a popular PDF generator.

URL: http://highon.coffee/blog/ssh-meterpreter-pivoting-techniques/
Description: SSH & Meterpreter Pivoting Techniques.

URL: http://www.security-explorations.com/en/SE-2014-02-details.html
Description: Google App Engine Java security sandbox bypasses (with PoC code).

URL: http://carnal0wnage.attackresearch.com/2015/03/devooops-revision-control-git.html
Description: DevOoops - Revision Control (git).

URL: http://ultimatehackingarticles.blogspot.pt/2013/01/error-based-sql-injection-tutorial.html
Description: Error based sql injection tutorial - Double query injection.

URL: https://bughardy.me/a-ghost-tale/
Description: A Ghost Tale (Ghost Blog Platform Security Assessment).

URL: https://www.nccgroup.com/en/blog/2015/02/abusing-blu-ray-players-pt-1-sandbox-escapes/
Description: Abusing Blu-ray Players Pt. 1 – Sandbox Escapes.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/mozumder/HTML6
Description: An HTML6 proposal for single-page apps without Javascript.

URL: http://shrigley.com/source_code_archive/
Description: SEGA Megadrive/Genesis source codes.

URL: https://www.reddit.com/r/networking/comments/2gjzof/its_been_a_rough_week/
Description: It's been a rough week 😆. 


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 14 | Month: April | Year: 2015 | Release Date: 03/04/2015 | Edition: 60º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://danlec.com/blog/xss-via-a-spoofed-react-element
Description: XSS via a spoofed React element.

URL: http://tomforb.es/dell-system-detect-rce-vulnerability
Description: Dell System Detect RCE vulnerability.

URL: http://kamil.hism.ru/posts/about-vrg-and-delete-any-youtube-video-issue.html
Description: How I could delete any video on YouTube.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://blackarch.org/index.html
Description: BlackArch Linux is an Arch Linux-based distro for penetration testers and security researchers.

URL: http://packetstormsecurity.com/files/131185/jbossjmx-exec.txt
Description: JBoss JMXInvokerServlet Remote Command Execution.

URL: https://github.com/moha99sa/EvilAP_Defender
Description: Protect your Wireless Network from Evil Access Points!

URL: https://github.com/securitytube/wifiscanvisualizer/
Description: Airodump-NG Scan Visualizer (GUI).

URL: http://shadow-file.blogspot.pt/2015/02/bowcaster-feature-multipartform-data.html
Description: Need to reverse engineer or exploit a file upload vulnerability in an embedded web server?


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://www.netresec.com/?page=Blog&month=2015-03&post=China%27s-Man-on-the-Side-Attack-on-GitHub
Description: China's Man-on-the-Side Attack on GitHub.

URL: http://blog.lumberlabs.com/2012/04/why-app-developers-should-care-about.html
Description: Why app developers should care about SSL pinning.

URL: https://blog.netspi.com/all-you-need-is-one-a-clickonce-love-story/
Description: All You Need Is One – A ClickOnce Love Story.

URL: https://hsmr.cc/palinopsia/
Description: Is your VirtualBox reading your E-Mail? Reconstruction of FrameBuffers from VRAM.

URL: https://github.com/demi6od/Smashing_The_Browser
Description: Smashing The Browser - From Vulnerability Discovery To Exploit.

URL: http://www.tuxmealux.net/2015/03/10/code-injection/
Description: Injecting code into remote process (Windows).

URL: http://h30499.www3.hp.com/t5/Fortify-Application-Security/XPATH-Assisted-XXE-Attacks/ba-p/6721576
Description: XPATH Assisted XXE Attacks.

URL: https://code.google.com/p/google-security-research/issues/detail?id=222
Description: Windows - Local WebDAV NTLM Reflection Elevation of Privilege.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://bugzilla.redhat.com/show_bug.cgi?id=1202858
Description: Service squid restart.

URL: https://github.com/angea/PDF101
Description: Learn and Play with PDF Source Code.

URL: https://github.com/getify/You-Dont-Know-JS/blob/master/README.md#you-dont-know-js-book-series
Description: You Don't Know JS (book series).

URL: http://marcoramilli.blogspot.pt/2015/02/notorious-hacking-groups.html
Description: Notorious Hacking Groups.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 15 | Month: April | Year: 2015 | Release Date: 10/04/2015 | Edition: 61º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://www.mreagle0x.xyz/2015/01/the-tricky-vineco-xss-and-how-to-filter.html
Description: The tricky vine.co XSS, and how to filter inputs the wrong way.

URL: http://nahamsec.com/lack-of-domain-verification-by-google/
Description: Email Spoofing via Google Admin Console.

URL: http://pouyadarabi.blogspot.pt/2015/03/facebook-bypass-ads-account-roles.html
Description: Facebook - bypass ads account roles vulnerability.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/simplephishingtoolkit/sptoolkit-rebirth
Description: Simple Phishing Toolkit Rebirth Project.

URL: http://www.parrotsec.org/
Description: Parrot Security OS.

URL: https://github.com/AdamLaurie/RFIDIOt
Description: Collection of tools and libraries for exploring RFID technology.

URL: http://nullonerror.org/2015/04/05/escondendo-informacoes-dentro-de-imagens/
Description: Steganography Helper.

URL: https://github.com/paldepind/dffptch
Description: A micro library for diffing and patching JSON objects using a compact diff format.

URL: https://github.com/Microsoft/IEDiagnosticsAdapter/
Helper: http://blogs.msdn.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-38-71-metablogapi/4150.emdtwteosda_2D00_image1.gif
Description: IE Diagnostics Adapter is a standalone exe that enables tools to debug and diagnose IE11 using the Chrome remote debug protocol.

URL: http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772
Description: Android new root method for LG devices (Including Nexus5).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://hackerone.com/reports/46916
Description: Markdown parsing issue enables insertion of malicious tags and event handlers.

URL: https://sploitfun.wordpress.com/
Description: Awesome resource to understand Overflows issues.

URL: http://smerity.com/articles/2015/amazon_information_leakage.html
Description: The lack of HTTPS at Amazon - identifying items purchased using information leakage.

URL: https://www.reddit.com/r/netsec/comments/2xl412/abusing_rfc_5227_to_dos_windows_hosts/
Description: Abusing RFC 5227 to DoS Windows hosts.

URL: https://haiderm.com/column-truncation-sql-injection-vulnerability/
Description: Column Truncation SQL Injection Vulnerability.

URL: http://www.websegura.net/advisories/facebook-rfd-and-open-file-upload/
Description: Facebook Reflected Filename Download and Open File Upload.

URL: https://stackoverflow.com/questions/3115559/exploitable-php-functions
Description: Exploitable PHP functions.

URL: http://blog.loadzero.com/blog/tracking-down-a-segfault-in-grep/
Description: Tracking down a segfault in grep.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://cachemonet.com/
Description: Random! 😆

URL: http://sixteencolors.net/
Description: ANSI and ASCII Artwork Archive.

URL: https://dougvitale.wordpress.com/2011/12/21/deprecated-linux-networking-commands-and-their-replacements/
Description: Deprecated Linux networking commands and their replacements.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 16 | Month: April | Year: 2015 | Release Date: 17/04/2015 | Edition: 62º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://intothesymmetry.blogspot.ch/2015/04/open-redirect-in-rfc6749-aka-oauth-20.html
Description: Open redirect in rfc6749 aka 'The OAuth 2.0 Authorization Framework'.

URL: https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/
Description: Hidden backdoor API to root privileges in Apple OSX.

URL: https://ma.ttias.be/remote-code-execution-via-http-request-in-iis-on-windows/
Oficial: https://technet.microsoft.com/library/security/MS15-034
PoC: $ curl -v Vulnerable_IP/ -H "Host: irrelevant" -H "Range: bytes=0-18446744073709551615" (It will DoS) 😈
Description: Remote Code Execution via HTTP Request in IIS (Windows 7 to Server 2012 R2).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://www.openwall.com/lists/oss-security/2015/04/14/4
PoC CVE-2015-1862: https://gist.github.com/taviso/fe359006836d6cd1091e (raceabrt.c)
Execution: https://gist.github.com/taviso/d0f673bbd5093ffcafb7
PoC CVE-2015-1318: https://gist.github.com/taviso/0f02c255c13c5c113406 (newpid.c)
Description: Race condition exploit for Fedora and Ubuntu.

URL: https://github.com/gdbinit/can_I_suid
Description: A TrustedBSD module to control execution of binaries with suid bit set.

URL: https://blog.criticalstack.com/envdb-ask-your-environment-questions/
Description: Envdb - Ask your environment questions.

URL: https://github.com/Shopify/toxiproxy
Description: A proxy to simulate network and system conditions.

URL: https://github.com/analog-nico/hpp
Description: Express middleware to protect against HTTP Parameter Pollution attacks.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://blog.h3xstream.com/2015/04/crossdomainxml-beware-of-wildcards.html
Description: crossdomain.xml - Beware of Wildcards.

URL: http://0xdabbad00.com/2015/04/12/looking_for_security_trouble_spots_in_go_code/
Description: Looking for security trouble spots in Go code.

URL: http://blog.maintenancewindow.ca/post/2015/03/29/Making-Smart-Locks-Smarter-%28aka.-Hacking-the-August-Smart-Lock%29
Description: Making Smart Locks Smarter (aka. Hacking the August Smart Lock).

URL: http://niiconsulting.com/checkmate/2015/04/server-side-request-forgery-ssrf/
Description: Server Side Request Forgery (SSRF).

URL: http://www.labofapenetrationtester.com/2015/02/using-windows-screensaver-as-backdoor.html
Description: Using Windows Screensaver as a Backdoor with PowerShell.

URL: http://beginners.re/
Description: "Reverse Engineering for Beginners" free book.

URL: http://sirdarckcat.blogspot.hk/2014/05/matryoshka-web-application-timing.html
Description:  Web Application Timing Attacks (or.. Timing Attacks against JavaScript Applications in Browsers).

URL: http://blog.0x3a.com/post/110052845124/an-in-depth-analysis-of-the-fiesta-exploit-kit-an
Description: An In-depth analysis of the Fiesta Exploit Kit - An infection in 2015.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://8088mph.blogspot.pt/2015/04/cga-in-1024-colors-new-mode-illustrated.html
Description: CGA in 1024 Colors - the Illustrated Guide.

URL: http://crpgaddict.blogspot.pt/2015/04/game-183-shadowforge-1989.html
Description: John D. Carmack 1st Game.

URL: http://visualgo.net/
Description: Visualising data structures and algorithms through animation.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 17 | Month: April | Year: 2015 | Release Date: 24/04/2015 | Edition: 63º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://xn--mric-bpa.fr/blog/blackjack.html
Description: WPS PIN with fixed PIN (printed on sticker) can be broken in 18 packets, and they knew it. 

URL: https://miki.it/blog/2015/4/20/the-power-of-dns-rebinding-stealing-wifi-passwords-with-a-website/
Description: The power of DNS rebinding - Stealing WiFi passwords with a website.

URL: http://blog.innerht.ml/twitter-crlf-injection/
Description: CRLF injection on Twitter or why blacklists fail.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/cure53/HTTPLeaks
Description: This project aims to enumerate all possible ways, a website can leak HTTP requests.

URL: https://binary.ninja/
Description: Binary Ninja is a set of tools to make the life of a vulnerability researcher easier.

URL: http://www.kitploit.com/2015/04/rekall-most-complete-memory-analysis.html
Description: Rekall - The Most Complete Memory Analysis Framework.

URL: https://github.com/dsrbr/cace
Description: CMS Admin Command Execution.

URL: http://tfpwn.com/files/fd-wnr2000v4.txt
Description: Vulnerabilities for the WNR2000v4 Netgear router.

URL: https://github.com/stasinopoulos/commix
Description: Automated All-in-One OS Command Injection and Exploitation Tool.

URL: http://www.openwall.com/lists/oss-security/2015/04/22/12
Description: USBCreator D-Bus service root Exploit (Ubuntu - Unpatched).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://hashcat.net/misc/postgres-pth/postgres-pth.pdf
More: https://hashcat.net/forum/thread-4148.html
Descripton: PostgreSQL Pass­The­Hash protocol design weakness.

URL: https://blog.netspi.com/playing-content-type-xxe-json-endpoints/
Description: Playing with Content-Type – XXE on JSON Endpoints.

URL: http://bartblaze.blogspot.co.uk/2015/03/c99shell-not-dead.html
Description: C99Shell not dead.

URL: https://github.com/darkarnium/secpub/tree/master/Multivendor/ncc2
Description: D-Link and TRENDnet 'ncc2' service - multiple vulnerabilities.

URL: http://www.malcolmstagg.com/bdp-s390.html
Description: Project bdp, this is a project to modify the Sony Blu-ray BDP firmware.

URL: http://v0ids3curity.blogspot.de/2015/04/exploiting-php-bug-66550-sqlite.html
Description: Exploiting PHP Bug #66550 - SQLite prepared statement Use-After-Free (local PHP exploit).

URL: https://reclaim-your-privacy.com/wiki/Anonabox_Analysis
Description: Anonabox Analysis (Easy root by IPv6).

URL: http://www.s3cur1ty.de/node/687
Description: Multiple Vulnerabilities in D'Link DIR-615 - Hardware revision D3/DIR-300 - Hardware revision A.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://www.reddit.com/r/PHP/comments/1l7baq/creating_a_user_from_the_web_problem/
Description: Creating a user from the web problem.

URL: https://github.com/SecUpwN/Spotify-AdKiller
Description: Your Party with Spotify - but without ads!


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 18 | Month: May | Year: 2015 | Release Date: 01/05/2015 | Edition: 64º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://blog.malerisch.net/2015/04/pwning-hp-thin-client.html
Description: Pwning a thin client in less than two minutes.

URL: http://www.rafayhackingarticles.net/2015/04/sucuri-waf-xss-filter-bypass.html
Description: Sucuri WAF XSS Filter Bypass.

URL: http://klikki.fi/adv/wordpress2.html
More: https://blog.anantshri.info/temp_fix_wordpress_comment_xss
Description: WordPress 4.2 Stored XSS.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt
Description: wpa_supplicant P2P SSID processing vulnerability (CVE-2015-1863 - DoS-RCE).

URL: https://github.com/hfiref0x/UACME
Description: Defeating Windows User Account Control.

URL: https://github.com/guitarman0831/Onyx
Description: A simple Linux keylogger.

URL: https://github.com/GleeBug/GleeBug
Description: Debugging Framework for Windows.

URL: https://github.com/x64dbg/x64dbg
Description: An open-source x64/x32 debugger for windows.

URL: https://github.com/glastopf/glastopf
Description: Web Application Honeypot.

URL: https://cisofy.com/lynis/
Description: Lynis is an open source security auditing tool.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://www.paulosyibelo.com/2015/04/facebooks-parse-dom-xss.html
Description: Facebook's Parse – DOM XSS.

URL: https://haiderm.com/oracle-sql-injection-guides-and-whitepapers/
Description: Oracle SQL Injection Guides and Whitepapers (Dump).

URL: http://www.devttys0.com/2015/04/what-the-ridiculous-fuck-d-link/
Description: What the Ridiculous F..., D-Link?!

URL: https://www.idontplaydarts.com/2011/11/decrypting-suhosin-sessions-and-cookies/
Description: Decrypting suhosin sessions and cookies (PHP). 

URL: http://www.secgeek.net/youtube-vulnerability/
Description: Vulnerability in Youtube allowed moving comments from any video to another.

URL: http://bobao.360.cn/learning/detail/357.html
Description: Adobe Flash FLV Aduio Nellymoser Decoding Heap Buffer Overflow Vulnerability (CVE-2015-3043).

URL: https://chentiangemalc.wordpress.com/2015/04/17/patching-a-null-pointer-access-violation/
Description: Patching a Null Pointer Access Violation.

URL: http://www.floyd.ch/?p=584
Description: Exploiting Python's Eval.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://www.gameofhacks.com/
Description: See How Good You Are.

URL: https://github.com/mappum/gitbanner
Description: Generates a git repo to show a cool banner on your Github profile.

URL: http://feross.org/hacks/ahh-windows/
Description: Old Times 😀.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 19 | Month: May | Year: 2015 | Release Date: 08/05/2015 | Edition: 65º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://blog.bentkowski.info/2015/05/xss-via-file-upload-wwwgooglecom.html
Description: XSS via file upload - www.google.com (Postini Header Analyzer).

URL: https://hackerone.com/reports/14883
Description: Twitter CSRF protection bypass via Google Analytics.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/hephaest0s/usbkill
Description: Anti-forensic kill-switch USB based.

URL: https://github.com/cea-sec/Sibyl
Description: A Miasm2 based function divination (RE Helper).

URL: https://github.com/wiire/pixiewps
Helper: https://www.youtube.com/watch?v=8f6oClT7Wp4
Description: Tool for bruteforce offline the WPS pin (Not all routers).

URL: https://github.com/ShawnDEvans/smbmap
Description: SMBMap is a handy SMB enumeration tool.

URL: https://github.com/x0r1/jellyfish
Description: GPU rootkit PoC by Team Jellyfish.

URL: https://github.com/x0r1/Demon
Description: GPU keylogger PoC by Team Jellyfish.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://www.firefart.at/how-to-crack-mifare-classic-cards/
Description: How to crack mifare classic cards (NFC).

URL: https://blog.sucuri.net/2015/04/critical-persistent-xss-0day-in-wordpress.html
Description: Critical Persistent XSS 0day in WordPress.

URL: http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/
Description: Analyzing the Magento Vulnerability (Updated).

URL: http://malware-unplugged.blogspot.ie/2015/01/hunting-and-decrypting-communications.html
Description: Hunting and Decrypting Communications of Gh0st RAT in Memory.

URL: http://www.vulnerability-lab.com/get_content.php?id=1474
Description: PayPal Inc Bug Bounty #114 - JDWP RCE Vulnerability.

URL: http://synacktiv.ninja/ressources/synacktiv_drupal_xxe_services.pdf
Description: Pre-authentication XXE vulnerability in the Services Drupal module.

URL: http://blog.atx.name/reverse-engineering-radio-weather-station/
Description: Reverse engineering radio weather station.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://drive.google.com/a/ase/folderview?id=0B2G2LjIu7WbdfjhaUmVzc1lCR2hUdk5fZllCOHdtbFItbU5qYzdqZGVxdmlnRkJyYVQ4VU0
Epic: https://raw.githubusercontent.com/HackerFantastic/Public/master/exploits/leehseinloong.cpp (😂)
Description: Prime minster of Singapore published a Sudoku solver C++ code (With a Stack Overflow 😈).

URL: http://io.smashthestack.org/
Description: O wargame, one of the wargames of the smashthestack network.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 20 | Month: May | Year: 2015 | Release Date: 15/05/2015 | Edition: 66º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://natmchugh.blogspot.co.uk/2015/05/how-to-make-two-binaries-with-same-md5.html
Description: How to make two binaries with the same MD5 hash.

URL: https://deya2diab.wordpress.com/2015/02/21/yahoo-main-domain-xss/
Description: How did i XSS all Yahoo Main domains!! (facepalm)

URL: http://seclist.us/poodle-attack-poc-implementation-of-the-poodle-attack.html
Description: PoC implementation of the POODLE attack.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/MaLeLabTs/RegexGenerator
Description: Tool for generating regular expressions for text extraction.

URL: https://github.com/mafintosh/chromecasts
Description: Query your local network for Chromecasts and have them play media.

URL: https://github.com/telerik/JustDecompileEngine
Description: .NET decompiler JustDecompile.

URL: https://git.hacklab.kr/snippets/13
Description: Flash CVE-2015-0359 PoC.

URL: https://github.com/jekyc/wig
Description: WebApp Information Gatherer.

URL: https://github.com/securelyfitz/USBSanitizer
Description: Small and cheap standalone USB sanitizer.

URL: https://bokken.re/
Description: Open Source Reverse Code Engineering.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://blog.netspi.com/forcing-xxe-reflection-server-error-messages/
Description: Forcing XXE Reflection through Server Error Messages.

URL: http://blog.bentkowski.info/2015/04/xss-via-host-header-cse.html
Description: XSS via Host header - www.google.com/cse (IE Power!).

URL: http://hextechsecurity.com/?p=123
Description: Hospira PCA3 Drug Infusion Pump Remote Exploits.

URL: http://blog.silentsignal.eu/2015/05/07/cve-2014-3440-symantec-critical-system-protection-remote-code-execution/
Description: Symantec Critical System Protection Remote Code Execution (CVE-2014-3440).

URL: http://www.viva64.com/en/a/0084/
Description: Errors that we find in open source projects with PVS-Studio analyzer (Dump).

URL: https://blog.cloudflare.com/an-introduction-to-javascript-based-ddos/
Description: Introduction to JavaScript-based DDoS.

URL: http://blog.amossys.fr/Automated%20Reverse%20Engineering%20of%20Cryptographic%20Algorithms.html
Description: Automated Reverse Engineering of Cryptographic Algorithms.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://www.windows93.net/
Description: Yup No Comments.

URL: http://code.snipcademy.com/tutorials/command-line/steak/cooking
Description: Cooking the perfect steak.

URL: https://github.com/mrkrstphr/illacceptanything
Description: The project where literally* anything goes.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 21 | Month: May | Year: 2015 | Release Date: 22/05/2015 | Edition: 67º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://weakdh.org/
Description: The Logjam Attack (Diffie-Hellman key exchange weakness).

URL: http://blog.bentkowski.info/2015/05/xss-via-windowstop-google-safen-up.html
Description: XSS via window.stop() - Google Safen Up.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/stealth/opmsg
Description: Replacement for gpg which can encrypt/sign/verify your mails or create/verify detached signatures of local files.

URL: https://github.com/juergh/lqs2mem
Description: Convert libvirt-QEMU-save (LQS) files to raw memory files.

URL: https://github.com/sam-b/pilloc
Description: A pin tool to visualise heap operations.

URL: https://github.com/java-decompiler/jd-gui
Description: JD-GUI, a standalone graphical utility that displays Java sources from CLASS files.

URL: https://dnsdumpster.com/
Description: dns recon & research, find & lookup dns records.

URL: https://github.com/aol/moloch
Description: Moloch is a open source large scale IPv4 full PCAP capturing, indexing and database system.

URL: https://github.com/zcutlip/bowcaster
Description: Bowcaster Exploit Development Framework (Python).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://www.contextis.com/resources/blog/manually-testing-ssltls-weaknesses/
Description: Manually Testing SSL/TLS Weaknesses.

URL: http://jumpespjump.blogspot.ca/2015/05/many-ways-of-malware-persistence-that.html
Description: Many ways of malware persistence (that you were always afraid to ask).

URL: http://www.kazamiya.net/en/artifact/wipe/deletedsc
Description: Deleted Shadow Copies.

URL: https://rya.nc/cert-tricks.html
Description: Stupid certificate tricks.

URL: http://security.cs.rpi.edu/courses/binexp-spring2015/
Description: Modern Binary Exploitation (Spring 20105).

URL: http://blog.gdssecurity.com/labs/2015/4/29/automated-data-exfiltration-with-xxe.html
Description: Automated Data Exfiltration With XXE.

URL: http://www.adlice.com/bho-a-spy-in-your-browser/
Description: BHO - A spy in your browser.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://drive.google.com/a/share/folderview?id=0B7rtSe_PH_fTWDQ0RC1DeWVoVUE&usp=sharing#
Description: Mobile Challenges (Dump).

URL: http://www.manuel-strehl.de/dev/minimal_git_folder
Description: Min­imal con­tents of a .git folder.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 22 | Month: May | Year: 2015 | Release Date: 29/05/2015 | Edition: 68º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://instantlyfuzzyshark.tumblr.com/post/119456076505/unauthorized-deletion-of-google-collections
Description: Unauthorized deletion of Google+ Collections.

URL: http://sakurity.com/blog/2015/05/21/starbucks.html
Description: Hacking Starbucks for unlimited coffee.

URL: http://www.benhayak.com/2015/05/stealing-private-photo-albums-from-Google.html
Description: Stealing Private Photo Albums from Google - Same Origin Method Execution.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://www.kitploit.com/2015/05/remote-dll-injector-v20-command-line.html
Description: Remote DLL Injector v2.0 - Command-line Tool to Inject DLL into Remote Process.

URL: https://github.com/sstjohn/thundergate
Description: An open source toolkit for PCI bus exploration.

URL: https://github.com/hfiref0x/CVE-2015-1701
Description: Win32k LPE vulnerability used in APT attack (CVE-2015-1701).

URL: http://www.binvul.com/viewthread.php?tid=508
More:  http://blogs.360.cn/blog/fixed_three_0days_in_may/
Description: CVE-2015-1674 CNG.SYS PoC.

URL: http://ab0files.com/writing-a-metasploit-post-exploitation-module
Description: Writing a Metasploit post exploitation module.

URL: http://www.backerstreet.com/rec/rec.htm
Description: REC Studio 4 - Reverse Engineering Compiler (Win, Linux and Mac OS X).

URL: http://seclist.us/updates-windows-exploit-suggester-revision-v-2-5.html
Description: Windows-Exploit-Suggester revision v-2.5.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://www.pagerduty.com/blog/the-discovery-of-apache-zookeepers-poison-packet/
Description: The Discovery of Apache ZooKeeper’s Poison Packet.

URL: http://sakurity.com/blog/2015/05/08/pusher.html
Patch: https://gist.github.com/mdpye/f062cacb8a9d5e3d102c
Description: Hacking Pusher with simple crypto vulnerability.

URL: https://stackoff.ru/pochemu-reklama-v-skajpe-ne-tolko-urodliva-no-eshhe-i-opasna/
Description: Why is advertising on Skype is not only ugly but also dangerous.

URL: http://securityinside.info/evitando-hsts-una-cuestion-de-tiempo/
Description: Breaking HSTS! (Spanish).

URL: http://venom.crowdstrike.com/
PoC: https://marc.info/?l=oss-security&m=143155206320935&w=2
Description: Virtualized Environment Neglected Operations Manipulation (VENOM).

URL: http://cory.li/bytecode-hacking/
Description: Java bytecode hacking for fun and profit.

URL: https://www.altsci.com/ipsec/
Description: IPsec Vulnerabilities and Software Security Prediction.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://blog.netspi.com/gpu-cracking-rebuilding-box/
Description: GPU Cracking - Rebuilding the Box.

URL: http://stacksmasher.me/tutorials/browser-anonymity-and-security/
Description: Browser anonymity and security.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 23 | Month: June | Year: 2015 | Release Date: 05/06/2015 | Edition: 69º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-how-your-mac-firmware-security-is-completely-broken/
Description: The Empire Strikes Back Apple – how your Mac firmware security is completely broken.

URL: http://labs.detectify.com/post/120088174539/building-an-xss-polyglot-through-swf-and-csp
Description: Building an XSS polyglot through SWF and CSP.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/zardus/preeny
Description: Some helpful preload libraries for pwning stuff 😈.

URL: https://www.exploit-db.com/docs/35152.pdf
PoC: http://1337day.com/exploit/23642
Description: Windows 8.0-8.1 x64 TrackPopupMenu Privilege Escalation (MS14-058 | CVE 2014-4113).

URL: https://github.com/carlosgprado/JARVIS
Description: JARVIS means "Just Another ReVersIng Suite" (IDA Pro Plugin).

URL: https://github.com/XiphosResearch/exploits/tree/master/suiteshell
Description: Exploit for SuiteCRM Post-Authentication Shell Upload.

URL: http://caca.zoy.org/wiki/zzuf
Description: Zzuf is a transparent application input fuzzer.

URL: https://github.com/letoram/senseye
Description: Dynamic Visual Debugging - Reverse Engineering Toolsuite.

URL: https://github.com/CIFASIS/VDiscover
Description: Vulnerability discovery using Machine Learning techniques.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://samy.pl/opensesame/
Description: OpenSesame is a device that can wirelessly open virtually any fixed-code garage door in seconds.

URL: http://hackerhurricane.blogspot.nl/2015/05/defending-against-powershell-shells.html
Description: Detecting and Defending against PowerShell Shells.

URL: http://xn--thibaud-dya.fr/robots.txt.html
Description: What one may find in robots.txt.

URL: http://web-in-security.blogspot.de/2015/05/how-to-attack-xml-encryption-in-ibm.html
Description: How to attack XML Encryption in IBM Datapower (and other Web Services) with WS-Attacker.

URL: https://blog.whitehatsec.com/magic-hashes/
Description: Magic Hashes (Research). 

URL: http://blog.balicbilisim.com/gomulu-cihaz-guvenligi-ve-zollard-botnet-analizi/
Description: Embedded Security and Zollard Botnet Analysis.

URL: http://jaanuskp.blogspot.cz/2015/05/cve-2015-3200.html
Description: Log injection vulnerability in mod_auth (CVE-2015-3200).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1219337
Description: Popcorn Time!

URL: https://github.com/zsaleeba/picoc
Description: A very small C interpreter (Can be Handy 😏).


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 24 | Month: June | Year: 2015 | Release Date: 12/06/2015 | Edition: 70º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://labs.detectify.com/post/120855545341/google-xss-turkey
Description: Google XSS Turkey (Youtube, Translate and Docs).

URL: http://topolik-at-work.blogspot.cz/2015/06/cve-2015-3096-rosetta-flash-fix-bypass.html
Description: Rosetta Flash fix bypass using UTF-8 (CVE-2015-3096).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/DynamoRIO/drmemory
Description: Memory Debugger for Windows, Linux, and Mac.

URL: https://github.com/trustedsec/ptf
Description: The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

URL: https://github.com/AlessandroZ/LaZagne
Description: Credentials recovery project.

URL: https://github.com/0xsauby/yasuo
Description: A ruby script that scans for vulnerable&exploitable 3rd-party web applications on a network.

URL: http://ddecode.com/phpdecoder/
Description: This tool will attempt to decode any PHP hidden code, including eval(base64_decode), eval(gzinflate) and more.

URL: https://github.com/j91321/rext
Description: Router EXploitation Toolkit.

URL: https://www.exploit-db.com/exploits/37098/
Description: Microsoft Windows - Local Privilege Escalation (MS15-010).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://cxsecurity.com/issue/WLB-2015050153
Description: Apache Jackrabbit WebDAV XXE (CVE-2015-1833).

URL: http://blog.jpcert.or.jp/.s/2015/05/a-new-uac-bypass-method-that-dridex-uses.html
Description: A New UAC Bypass Method that Dridex Uses.

URL: http://media.ccc.de/browse/conferences/camp1999/
Description: Chaos Communication Camp 1999 (Old but Gold 😌).

URL: https://blog.coresecurity.com/2015/05/18/ms15-011-microsoft-windows-group-policy-real-exploitation-via-a-smb-mitm-attack/
Description: MS15-011 – Microsoft Windows Group Policy real exploitation via a SMB MiTM attack.

URL: https://www.anfractuosity.com/projects/timeshifter/
Description: Transmissions of data through time based covert channels across a network (Stenography).

URL: http://www.defenceindepth.net/2013/11/oracle-listener-11107-information.html
Description: Oracle Listener 11.1.0.7 Information Disclosure.

URL: https://github.com/HaifeiLi/HardenFlash
Description: HardenFlash - Patching Flash binary to stop Flash exploits and zero-days.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/search?q=$_GET+sudo&ref=cmdform&type=Code
Description: No Comments! 😔

URL: http://n0where.net/best-onion-links-deep-web/
Description: Best Onion Links @Deep Web.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 25 | Month: June | Year: 2015 | Release Date: 19/06/2015 | Edition: 71º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://hackerone.com/reports/52042
Description: HTTP Response Splitting (CRLF injection) in report_story (Unicode Magic!).

URL: http://mksben.l0.cm/2015/06/bypassing-xss-filter-showmodaldialog.html
Description: Bypassing IE's XSS Filter with showModalDialog.

URL: http://www.benhayak.com/2015/06/same-origin-method-execution-some.html
Description: Same Origin Method Execution (SOME).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://seclists.org/fulldisclosure/2015/May/122
Description: Local SWF files can leak arbitrary local files to the internet (Not Patched!).

URL: https://html5sec.org/cspbypass/
Description: CSP Bypass in Chrome Canary + AngularJS.

URL: https://github.com/BreakingMalware/Selfie
Description: A Tool to Unpack Self-Modifying Code using DynamoRIO.

URL: https://github.com/JamesHabben/evolve
Description: Web interface for the Volatility Memory Forensics Framework.

URL: https://github.com/Cr4sh/ioctlfuzzer/
Description: IOCTL Fuzzer is a tool to automate searching vulnerabilities in Windows kernel drivers.

URL: https://github.com/hellman/libformatstr
Description: Simplify format string exploitation.

URL: https://forum.bugcrowd.com/t/sqlmap-tamper-scripts-sql-injection-and-waf-bypass/423
Description: SQLMap Tamper Scripts (SQL Injection and WAF bypass).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://cheeky4n6monkey.blogspot.pt/2015/06/extracting-pictures-from-ms-office-2007.html
Description: Extracting Pictures from MS Office (2007).

URL: http://www.shelliscoming.com/2015/06/tls-injector-running-shellcodes-through.html
Description: TLS Injector - running shellcodes through TLS callbacks 😈.

URL: https://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/
Description: Redis EVAL Lua Sandbox Escape.

URL: http://0xdabbad00.com/2015/04/18/go_code_auditing/
Description: Go code auditing (Ok vs Bad).

URL: https://expdev-kiuhnm.rhcloud.com/2015/05/11/contents/
Description: Exploit Development Course (Free).

URL: https://blog.benjojo.co.uk/post/auditing-github-users-keys
Description: Auditing GitHub users’ SSH key quality.

URL: http://security.coverity.com/blog/2015/Jun/a-slice-of-pie.html
Description: A Slice of Policy Instantiation and Enforcement (PIE).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://www.patrick-wied.at/static/nudejs/
Description: JS implementation of a nudity scanner based on approaches from research papers. 

URL: https://github.com/vbarbaresi/MetroGit#readme
Description: Paris Metro lines on a Git graph.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 26 | Month: June | Year: 2015 | Release Date: 26/06/2015 | Edition: 72º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://jstnkndy.blogspot.pt/2015/06/a-fun-attack-path-starting-with-xxe.html
Description: A Fun Attack Path, Starting with XXE.

URL: http://zoczus.blogspot.pt/2015/04/plupload-same-origin-method-execution.html
Description: Same-Origin Method Execution (plupload - Wordpress 3.9-4.1.1).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://cybersyndicates.com/2015/06/sms-log-alert/
Description: Uses keywords from alert logs to send SMS.

URL: https://github.com/t00sh/rop-tool
Description: A tool to help you write binary exploits.

URL: https://github.com/mncoppola/suterusu
Description: An LKM rootkit targeting Linux 2.6/3.x on x86(_64), and ARM.

URL: https://github.com/lclevy/firepwd
Description: An open source tool to decrypt Mozilla protected passwords.

URL: https://gist.github.com/joernchen/d868521352f1ccd25095
Description: Ruby on Rails 4.x Web Console "Remote Access".

URL: https://github.com/alexbredo/honeypot-camera
Description: Observation camera honeypot.

URL: https://github.com/asenior/Jpeg-Redaction-Library
Description: Parser and load EXIF JPEG files, meta data and redact the images for privacy.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://chloe.re/2015/06/20/a-month-with-badonions/
Description: A month with BADONIONS (Tor Sniffing).

URL: https://github.com/RPISEC/MBE
Description: Course materials for Modern Binary Exploitation by RPISEC.

URL: https://yifan.lu/2015/06/21/hacking-the-ps-vita/
Description: Hacking the PS Vita.

URL: https://blog.haschek.at/post/fd854
Description: Analyzing 443 free proxies - Only 21% are not shady.

URL: http://blog.pangu.io/ie-uninit-memory/
Description: IE browser vulnerabilities case report and uninitialized memory footprint study.

URL: https://mborgerson.com/deconstructing-the-xbox-boot-rom
Description: Deconstructing the Xbox Boot ROM.

URL: http://www.fuzzysecurity.com/tutorials/20.html
Description: Powershell PE Injection - This is not the Calc you are looking for!

URL: https://www.linkedin.com/pulse/cli-skype-roman-x-shafigullin
Description: CLI Skype "Bug" (Simple).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://potatohatsecurity.tumblr.com/post/94565729529/defcon-22-badge-challenge-walkthrough
Description: DEFCON 22 Badge Challenge.

URL: http://people.zoy.org/~sam/filsdepute.txt
Description: This is going to be fun (Don't Copy&Paste). 😆


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 27 | Month: July | Year: 2015 | Release Date: 03/07/2015 | Edition: 73º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://thehackerblog.com/the-noscript-misnomer-why-should-i-trust-vjs-zendcdn-net/
More: http://labs.detectify.com/post/122837757551/using-google-cloud-to-bypass-noscript
Description: The NoScript Misnomer – Why should I trust vjs.zendcdn.net?

URL: https://www.veracode.com/blog/2015/06/angularjs-expression-security-internals
Description: AngularJS Expression Security Internals.

URL: http://joevennix.com/2015/06/24/Adventures-in-Browser-Exploitation-Part-II--Safari-8-UXSS.html
Description: Adventures in Browser Exploitation Part II - Mac OS X Safari 8.0.5 UXSS.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/dheiland-r7/snmp
Description: SNMP data gather scripts.

URL: https://github.com/d0lph1n98/Defeating-PHP-GD-imagecreatefromgif
Description: PoC to exploit the flaw in the PHP-GD built-in function, imagecreatefromgif().

URL: https://github.com/xoreaxeaxeax/movfuscator/
Description: The single instruction C compiler (M/o/Vfuscator).

URL: https://github.com/0xmabu/NME
Description: Network Mapping and Enumeration Framework (PS Modules).

URL: https://github.com/thezdi/abusing-silent-mitigations
Description: Understanding weaknesses within Internet Explorer's Isolated Heap and MemoryProtection.

URL: https://github.com/pentestmonkey/unix-privesc-check/
Description: Shell script to check for simple privilege escalation vectors on Unix systems.

URL: http://www.pc-help.org/obscure.htm
Description: How to Obscure Any URL.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://reverse.put.as/2015/07/01/reversing-prince-harmings-kiss-of-death/
Description: Reversing Prince Harming’s kiss of death (EFI Reverse).

URL: https://paragonie.com/blog/2015/06/preventing-xss-vulnerabilities-in-php-everything-you-need-know
Description: Everything You Need to Know About Preventing Cross-Site Scripting Vulnerabilities in PHP.

URL: http://vladz.devzero.fr/015_lsm-backdoor.html
Description: Writing a LKM rootkit that uses LSM hooks.

URL: http://nullsecure.org/threat-intel-web-crew/
Description: Threat Intel - Web Crew (Malware Research).

URL: http://blog.mazinahmed.net/2015/06/facebook-messenger-multiple-csrf.html
Description: Facebook Messenger Multiple CSRF Vulnerabilities.

URL: http://blog.csnc.ch/2015/06/xslt-security-and-server-side-request-forgery/
Description: XSLT Security and Server Side Request Forgery.

URL: http://container-solutions.com/content/uploads/2015/06/15.06.15_DockerCheatSheet_A2.pdf
Description: Docker Security Cheat Sheet.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://www.whitehatters.academy/hackfu-2015-badge-loyalty-system/
Description: HackFu 2015 - Badge Loyalty System (Hardware Hacking).

URL: https://github.com/omnus/tiny-twitch
Description: A tiny html/javascript game whose source code fits in one tweet!


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 28 | Month: July | Year: 2015 | Release Date: 10/07/2015 | Edition: 74º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://drops.wooyun.org/papers/6905
Description: An analysis of Chrome XSS Filter Bypass (100% working).

URL: http://davidjorm.blogspot.pt/2015/07/101-ways-to-pwn-phone.html
Description: Android VoIP Video Phone Audit (Grandstream GXV3275).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/inquisb/icmpsh
Description: Simple reverse ICMP shell.

URL: https://github.com/David-Reguera-Garcia-Dreg/anticuckoo
Blog: https://0xicf.wordpress.com/2015/07/07/anticuckoo-a-tool-to-detect-and-crash-cuckoo-sandbox/
Description: A tool to detect and crash Cuckoo Sandbox.

URL: https://github.com/binarycanary/usb-rubber-ducky--mimikatz-in-mem
Description: USB-Rubber-Ducky Payload - Mimikatz in Memory w UAC Bypass.

URL: https://github.com/DarthTon/Blackbone
Description: Windows memory hacking library.

URL: https://github.com/qianshanhai/q-shell
Description: Unix remote login tool, rootkit shell tool.

URL: https://github.com/google/grr
Description: GRR Rapid Response - Remote live forensics for incident response by Google.

URL: https://github.com/RUB-NDS/WS-Attacker
Description: WS-Attacker is a modular framework for web services penetration testing.

URL: https://github.com/epinna/weevely3
Description: Weaponized web shell.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://hiddencodes.wordpress.com/2015/06/18/deobfuscate-javascript-using-phantomjs-headless-browser/
Description: Deobfuscate Javascript using PhantomJS (Headless browser).

URL: http://grimhacker.com/wordpress/2015/04/10/gp3finder-group-policy-preference-password-finder/
Description: Group Policy Preference Password Finder (Windows Pwn).

URL: http://blog.quarkslab.com/quarkslabs-chatsecure-review.html
Description: QuarksLab's ChatSecure Review.

URL: https://www.exploitee.rs/index.php/Wink_Hub
Description: Wink Hub Security Review.

URL: https://djbunny5.com/2015/06/26/dns-amplification-attacks/
Description: DNS amplification attacks (Simple explanation).

URL: https://truesecdev.wordpress.com/2015/07/01/exploiting-rootpipe-again/
Description: Exploiting rootpipe again (MacOS).

URL: https://pierrekim.github.io/blog/2015-07-01-poc-with-RCE-against-127-iptime-router-models.html
Description: Exploit Code for ipTIME firmwares < 9.58 RCE with root privileges against 127 router models.

URL: https://blog.bugcrowd.com/advice-from-a-researcher-xxe/
Description: Advice From A Researcher - Hunting XXE For Fun and Profit.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://cellhack.net/login/
Description: You are the master of a colony of cells (Game).

URL: https://github.com/amq/firefox-debloat
Description: Stop Firefox leaking data about you.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 29 | Month: July | Year: 2015 | Release Date: 17/07/2015 | Edition: 75º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://blog.innerht.ml/cascading-style-scripting/
Description: CSS - Cascading Style Scripting.

URL: https://thehackerblog.com/stealing-lastpass-passwords-with-clickjacking/
Description: Stealing Lastpass Passwords With Clickjacking.

URL: https://github.com/hackedteam?tab=repositories
More: https://github.com/informationextraction
Description: Hacking Team (Leak).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/JumpCallPop/dumpfiles
Description: Windbg extension to extract file from Cache Manager.

URL: https://github.com/mandatoryprogrammer/xssless
Description: An automated XSS payload generator written in python.

URL: https://github.com/GuerrillaWarfare/Treasure
Description: Hunt for sensitive information through githubs code search.

URL: http://www.firmware.re/
Description: Unpacks, scans and analyzes firmware identifying vulnerabilities, backdoors and malware.

URL: https://github.com/rpp0/aggr-inject
Description: Remote frame injection PoC by exploiting a standard compliant A-MPDU aggregation vulnerability in 802.11n networks.

URL: https://github.com/openssl/openssl/blob/master/test/verify_extra_test.c#L104
Advisory: https://openssl.org/news/secadv_20150709.txt
Description: Test for CVE-2015-1793 (Alternate Chains Certificate Forgery).

URL: https://github.com/musalbas/address-spoofing-poc
Description: Chrome address spoofing vulnerability proof-of-concept for HTTPS.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://www.mbsd.jp/Whitepaper/rpo.pdf
Description: A few Relative Path Overwrite (RPO) exploitation techniques.

URL: https://sploitfun.wordpress.com/2015/06/26/linux-x86-exploit-development-tutorial-series/
Description: Linux (x86) Exploit Development Series.

URL: http://gfragkos.blogspot.co.uk/2015/06/linkedin-security-issue-unvalidated.html
Description: Linkedin - security issue - Unvalidated Redirects and Forwards.

URL: http://nahamsec.com/yahoo-image-processing-xspa/
Description: Yahoo Image Processing SSRF/XSPA.

URL: http://blog.tokumaru.org/2013/03/csrf-and-cookie-monster-bug.html
Description: CSRF and Cookie onster bug.

URL: http://samsymons.com/blog/reverse-engineering-with-radare2-part-1/
Description: Reverse Engineering With Radare2, Part 1.

URL: https://k0st.wordpress.com/2015/07/05/identifying-and-exploiting-rom-0-vulnerabilities/
Description: Identifying and exploiting rom-0 vulnerabilities (ZTE, TP-Link, ZynOS, Huawei and ++).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://kr5hou2zh4qtebqk.onion.to/ezines/
Description: Hacking ezines since 80s dump.

URL: https://github.com/Invoke-IR/Forensic-Posters
Description: Forensic Posters.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 30 | Month: July | Year: 2015 | Release Date: 24/07/2015 | Edition: 76º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://jonasnick.github.io/blog/2015/07/08/exploiting-csgojackpots-weak-rng/
Description: Exploiting CSGOJackpot's Weak RNG.

URL: http://josipfranjkovic.blogspot.ru/2015/07/the-easiest-bug-bounties-i-have-ever-won.html
Description: The easiest bug bounties I have ever won. (Never Give Up!)

URL: https://goo.gl/y17Bep
Description: OpenSSH keyboard-interactive auth brute force vuln - MaxAuthTries bypass.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://www.dropbox.com/s/sax2a5fm3z3q2nt/iChainbreaker_OSX.zip?dl=0
Notes: https://gist.github.com/n0fate/fbb982407ce2510b4187
Description: Tool for iCloud Keychain Decryption.

URL: https://localh0t.github.io/wildpwn-v0.1-unix-wildcard-attacks/
Paper: https://www.exploit-db.com/papers/33930/
Description: Tool to help on Unix wildcard attacks.

URL: https://github.com/GuerrillaWarfare/Junkyard
Description: Cable modem firmware dump - Research Materials.

URL: https://github.com/anantshri/github_cloner
Description: Clone github repositories of a user/organization.

URL: https://github.com/cervoise/pentest-scripts/tree/master/password-cracking
Description: Some PoC scripts for password cracking.

URL: https://www.offensivebits.com/?p=89
Description: Easy Trick to Upload a Web Shell and Bypass AV Products.

URL: https://github.com/kevthehermit/SpearPhisher
Description: A Web Application to Send and Track Spear Phishing Campaigns.

URL: https://github.com/DarthTon/Blackbone
Description: Windows memory hacking library.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://zeltser.com/c2-dns-tunneling/
Description: Tunneling Data and Commands Over DNS to Bypass Firewalls.

URL: http://blog.ghettoha.xxx/reversing-powersaves-for-amiibo
Description: Reversing Powersaves for Amiibo.

URL: https://defuse.ca/bochs-hacking-guide.htm
Description: Bochs Hacking Guide.

URL: http://blog.cr4.sh/2015/07/building-reliable-smm-backdoor-for-uefi.html
Description: Building reliable SMM backdoor for UEFI based platforms.

URL: https://www.securify.nl/blog/SFY20150601/securify_spot_the_bug_challenge_2015_contest_analysis.html
Description: Securify Spot The Bug challenge 2015 contest analysis (AppSec).

URL: https://thejh.net/written-stuff/openssh-6.8-xsecurity
Description: The OpenSSH <=6.8 X11 SECURITY bug.

URL: http://www.contextis.com/resources/blog/dnswatch-when-full-dns-tunnel-just-too-much/
Description: When a full DNS tunnel is just too much.

URL: http://noone.org/talks/ssh-tricks/ssh-tricks-rmll.html
Description: SSH Tips and Tricks (Must know).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/ProfOak/ascii_py
Description: Make some ASCII art.

URL: http://0x27.me/HackBack/0x00.txt
Description: A DIY Guide for those without the patience to wait for whistleblowers.

URL: http://emulator101.com/
Description: A detailed, step by step guide to writing an emulator.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 31 | Month: July | Year: 2015 | Release Date: 31/07/2015 | Edition: 77º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://blog.ptsecurity.com/2015/07/best-reverser-write-up-analyzing.html
Description: Best Reverser Write-Up - Analyzing Uncommon Firmware.

URL: https://k0st.wordpress.com/2012/10/23/rip-or-pillage-dvcs-story-about-git/
PoC A:https://github.com/evilpacket/DVCS-Pillage
PoC B: https://github.com/kost/dvcs-ripper
Google Dork: ".git" intitle:"Index of"
Description: Pillage web accessible GIT, HG and BZR repositories.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/dkemp/Vulndev/tree/master/MS14-070
Advisory:  https://technet.microsoft.com/library/security/ms14-070
Description: Vulnerability in TCP/IP Could Allow Elevation of Privilege (MS14-070).

URL: https://github.com/emdel/ksfinder
Description: Retrieve exported kernel symbols from physical memory dumps.

URL: https://github.com/iniqua/plecost/
Description: Wordpress finger printer Tool.

URL: https://github.com/zardus/ctf-tools
Description: Some setup scripts for security research tools.

URL: http://www.sac.sk/files.php?d=7
Description: PACK - Archivers, exe-compressors, archiver shells and other related utils.

URL: http://0x90909090.blogspot.fr/2015/07/no-one-expect-command-execution.html
Description: No one expect command execution!

URL: https://k0st.wordpress.com/2015/07/13/identifying-and-exploiting-ibm-websphere-application-server/
Description: Identifying and exploiting IBM WebSphere Application Server.

URL: http://www.sleuthkit.org/autopsy/
Description: Digital forensics platform/GUI to The Sleuth Kit® and other digital forensics tools.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://securityblog.redhat.com/2015/07/23/libuser-vulnerabilities/
PoC: http://securityvulns.com/files/roothelper.c
More: http://seclists.org/fulldisclosure/2015/Jul/110
Description: libuser vulnerabilities (CVE-2015-3245 and CVE-2015-3246).

URL: http://seclists.org/fulldisclosure/2015/Jul/11
Description: Microsoft Office - OLE Packager "Research".

URL: http://labs.bromium.com/2015/07/10/government-grade-malware-a-look-at-hackingteams-rat/
Description: Government Grade Malware - aLook at HackingTeam's RAT.

URL: https://fuzzing-project.org/tutorial-cflags.html
Description: Simple Tips to find Bugs with Compiler Features.

URL: https://frederik-braun.com/using-subresource-integrity.html
Description: A CDN that can not XSS you - Using Subresource Integrity.

URL: https://blogs.securiteam.com/index.php/archives/2502
Description: Trend Micro Threat Intelligence Manager Multiple Vulnerabilities RCE.

URL: https://www.sektioneins.de/en/blog/15-07-07-dyld_print_to_file_lpe.html
PoC: https://twitter.com/simps0n/status/624162351273639936 
Description: OS X 10.10 DYLD_PRINT_TO_FILE Local Privilege Escalation Vulnerability.

URL: https://digital-forensics.sans.org/community/summits
Description: Digital Forensics Summits Slides (Dump).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/Regala/ctfs/blob/master/bsides-lisbon-2015
Description: BSidesLisbon 2015 CTF Write-up.

URL: http://overthewire.org/wargames/
Description: Learn and practice security concepts in the form of fun-filled games.

URL: http://www.nopwn.com/
Description: Defense Science of the Next Decade.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 32 | Month: August | Year: 2015 | Release Date: 07/08/2015 | Edition: 78º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://fin1te.net/articles/messenger-site-wide-csrf/
Description: Messenger.com Site-Wide CSRF.

URL: http://blog.portswigger.net/2015/08/server-side-template-injection.html
Description: Server-Side Template Injection.

URL: http://labs.detectify.com/post/125256364141/how-i-disabled-your-chrome-security-extensions
Description: How I disabled your Chrome security extensions.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/byt3bl33d3r/gcat
More: https://byt3bl33d3r.github.io/pyexfil-using-python-to-make-gmail-a-cc-server.html
Description: A fully featured backdoor that uses Gmail as a C&C server.

URL: https://github.com/woanware/usbdeviceforensics
Description: Script to extract numerous bits of information regarding USB devices.

URL: https://github.com/yahoo/rtrace
Description: Rtrace is an x86/x86_64 native code debugger.

URL: https://gist.github.com/Wack0/bcc5a196f0874a39b08f
Description: Impero Education Pro SYSTEM-RCE PoC.

URL: https://github.com/Yara-Rules/rules
Description: Repository of yara rules (Dump).

URL: https://github.com/evilsocket/bettercap
Description: A complete, modular, portable and easily extensible MITM framework.

URL: https://github.com/g0tmi1k/mpc
Description: A quick way to generate various "basic" Meterpreter payloads via msfvenom.

URL: http://pastebin.com/raw.php?i=6fcdqfbd
Description: VNC Keyboard Remote Code Execution (MSF Module).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://sturmflut.github.io/ubuntu/touch/2015/05/07/hacking-ubuntu-touch-index/
Description: Hacking Ubuntu Touch (Internals).

URL: http://cr.yp.to/djbdns/notes.html
Description: Notes on the Domain Name System.

URL: http://www.rc4nomore.com/
Description: Numerous Occurrence MOnitoring & Recovery Exploit.

URL: http://www.contextis.com/resources/blog/wireless-phishing-captive-portals/
Description: Wireless Phishing with Captive Portals.

URL: http://mihai.bazon.net/blog/externalinterface-is-unreliable
Description: ExternalInterface is unreliable (Oldies).

URL: http://www.anti-reversing.com/1813/
Description: CVE-0xFFFF-0xFFFF.

URL: http://blog.cobaltstrike.com/2015/07/22/winrm-is-my-remote-access-tool/
Description: WinRM is my Remote Access Tool. (Official tools power!)

URL: http://x42.obscurechannel.com/2015/07/26/cracking-the-roku-v2-wpa2-psk/
Description: Cracking the Roku V2 WPA2-PSK.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://hackerone.com/reports/58679
Description: SSL cookie without secure flag set ($500). 😱

URL: https://github.com/p8952/bocker
Description: Docker implemented in 100 lines of bash.

URL: https://github.com/octalmage/robotjs
Description: Node.js Desktop Automation.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 33 | Month: August | Year: 2015 | Release Date: 14/08/2015 | Edition: 79º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://paul.reviews/behavioral-profiling-the-password-you-cant-change/
Description: Behavioral Profiling - The password you can't change.

URL: http://silentbreaksecurity.com/exploiting-ms15-076-cve-2015-2370/
PoC: https://github.com/monoxgas/Trebuchet 
Description: Exploiting MS15-076 (CVE-2015-2370).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/vlad902/hacking-team-windows-kernel-lpe
Description: Windows kernel LPE 0day from the Hacking Team (CVE-2015-2426/MS-078).

URL: https://github.com/MarioVilas/winappdbg
Description: WinAppDbg Debugger, Python module for scripts in Python.

URL: https://github.com/iksteen/pyhp
Description: Embed the PHP interpreter in Python (Sleeping with the devil).

URL: http://www.ehacking.net/2015/07/bypass-anti-virus-with-shellter-on-kali.html
Description: Bypass an Anti-Virus with Shellter on Kali Linux.

URL: https://github.com/PlagueScanner/PlagueScanner
Description: Open source multiple AV scanner framework.

URL: http://www.cyberciti.biz/faq/apple-mac-osx-find-wi-fi-network-password/
Description: How To Find the WiFi Password on MacOS X (Tip).

URL: https://github.com/drduh/pwd.sh
Description: Script to manage passwords in an encrypted file using gpg.

URL: https://cymon.io/
Description: Tracker of open-source security reports about phishing, malware, botnets and ++.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://jve.linuxwall.info/blog/index.php?post/2015/07/26/Using-Mozilla-Investigator-%28MIG%29-to-detect-unknown-hosts
Description: Using Mozilla Investigator (MIG) to detect unknown hosts.

URL: http://bugs.proftpd.org/show_bug.cgi?id=4143#c0
Description: HTTPS/FTPS protocol confusion leads to XSS (Nice Trick).

URL: http://pbiernat.blogspot.co.uk/2014/09/bypassing-python-sandbox-by-abusing.html
Description: Bypassing a python sandbox by abusing code objects.

URL: https://medium.com/@ValdikSS/detecting-vpn-and-its-configuration-and-proxy-users-on-the-server-side-1bcc59742413
Description: Detecting VPN (and its configuration!) and proxy users on the server side.

URL: http://opengarages.org/handbook/2014_car_hackers_handbook_compressed.pdf
Description: Car Hacker’s Handbook by Craig Smith.

URL: http://www.codeandux.com/writing-a-simple-decompiler-for-net-part-1/
Description: Writing a simple Decompiler for .NET.

URL: http://arxiv.org/pdf/1507.06955v1.pdf
PoC: https://github.com/IAIK/rowhammerjs
Description: A Remote Software-Induced Fault Attack in JavaScript (Rowhammer Attack).

URL: https://blog.netspi.com/auto-dumping-domain-credentials-using-spns-powershell-remoting-and-mimikatz/
Description: Auto-Dumping Domain Credentials using SPNs, PowerShell Remoting, and Mimikatz.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/nvbn/thefuck
Description: Magnificent app which corrects your previous console command.

URL: https://xebialabs.com/periodic-table-of-devops-tools/
Description: Periodic Table of Devops Tools.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 34 | Month: August | Year: 2015 | Release Date: 21/08/2015 | Edition: 80º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://sakurity.com/blog/2015/08/13/middlekit.html
Description: Using Appcache and ServiceWorker for Evil.

URL: http://x42.obscurechannel.com/2015/08/14/netripper_metasploit/
Description: Sniffing Encrypted puTTY/Outlook credentials with msf NetRipper.

URL: http://blog.gojhonny.com/2015/08/domain-administrator-in-17-seconds.html
Description: Domain Administrator in 17 seconds.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/feross/spoof
Description: Easily spoof your MAC address in OS X & Linux!

URL: https://github.com/IAIK/rowhammerjs
Description: Rowhammer.js - A Remote Software-Induced Fault Attack in JavaScript.

URL: https://github.com/MozillaSecurity/fuzzdata
Description: Fuzzing resources for feeding various fuzzers with input.

URL: https://github.com/Netflix/security_monkey
Description: Security Monkey - AWS Security Configuration Monitoring and Analysis (by Netflix).

URL: https://github.com/jessepeterson/commandment
Description: Open Source Apple MDM implemented in Python (Use your imagination).

URL: https://github.com/sbehrens/sleepy-puppy
Description: Blind Cross-site Scripting Collector and Manager.

URL: https://github.com/10se1ucgo/DisableWinTracking
More: https://github.com/dfkt/win10-unfuck | https://fix10.isleaked.com/
Description: Uses some known methods that attempt to disable tracking in Windows 10 (Avoid Privacy Leaks).

URL: http://jpinsoft.net/DeepSound/Documentation.aspx
Description: Hide data into carrier audio file.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://sysexit.wordpress.com/2015/07/29/bypassing-the-windows-8-1-picture-password-feature-with-a-kernel-debugger/
Description: Bypassing the Windows 8.1 Picture Password feature with a kernel debugger.

URL: http://codewhitesec.blogspot.in/2015/07/symantec-endpoint-protection.html?m=1
PoC: https://github.com/rapid7/metasploit-framework/pull/5800
Description: Compromised by Endpoint Protection.

URL: https://gun.io/blog/building-a-twitterbot-in-node-to-post-xss-payloads/
Description: Building a Twitterbot in Node to Post XSS Payloads.

URL: http://baileysoriginalirishtech.blogspot.pt/2015/06/applocker-schmapplocker.html
PoC: https://github.com/strictlymike/Invoke-SchmappLocker/
Description: Bypass AppLocker EXE file policies (KB2532445).

URL: http://sysadminconcombre.blogspot.ca/2015/07/how-to-hack-windows-password.html
Tool: https://github.com/giMini/RWMC
Description: How to hack Windows password.

URL: http://noxxi.de/research/sophos-utm-webprotection-bypass2.html
Description: Bypassing Malware Scanning in Sophos UTM Web Protection, Again!

URL: http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS_034_Lukas_Java.pdf
Description: Java’s SSLSocket - How Bad APIs Compromise Security.

URL: http://volatility-labs.blogspot.pt/2015/08/recovering-teamviewer-and-other.html
Description: Recovering TeamViewer (and other) Credentials from RAM with EditBox.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://speakerdeck.com/ange/lets-write-a-pdf-file
Description: Let's write a PDF file.

URL: https://www.exploit-db.com/exploits/37669/
Description: Counter-Strike 1.6 'GameInfo' Query Reflection DoS PoC.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 35 | Month: August | Year: 2015 | Release Date: 28/08/2015 | Edition: 81º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://rotlogix.com/2015/08/23/exploiting-the-mercury-browser-for-android/
Description: Exploiting the Mercury Browser for Android.

URL: http://vulnerabledoma.in/camp2015_sop/
Description: SOP (Same-Origin Policy) 101.

URL: https://zyan.scripts.mit.edu/blog/backdooring-js/
PoC: https://github.com/diracdeltas/jquery
Description: Backdooring your javascript using minifier bugs.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/deadc0de6/security/blob/master/memdump.py
Description: Read process memory and dump to file.

URL: https://github.com/powershellempire/empire
More: https://enigma0x3.wordpress.com/2015/08/26/empire-tips-and-tricks/
Description: Empire is a pure PowerShell post-exploitation agent.

URL: https://github.com/iv-wrt/iv-wrt/
Description: An Intentionally Vulnerable Router Firmware Distribution (CTF!).

URL: http://www.openwall.com/lists/oss-security/2015/08/04/8
Description: Linux privilege escalation due to nested NMIs interrupting espfix64 (CVE-2015-3290).

URL: https://github.com/Katee/quietnet
Slides: https://speakerdeck.com/richo/radbios-bsides-lv
Description: Simple chat program using inaudible sounds and a computer's microphone and speaker.

URL: http://rossmarks.co.uk/blog/?p=609
Description: Cracking android lockscreens. (Old but Gold!)

URL: https://github.com/kpwn/inj
Description: task_for_pid injection that doesn't suck.

URL: https://github.com/Vozzie/uacscript
Description: Windows 7 UAC Bypass Vulnerability in the Windows Script Host.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://blog.netspi.com/powershell-remoting-cheatsheet/
Description: PowerShell Remoting Cheatsheet.

URL: http://itsjack.cc/blog/2015/08/surveying-codecanyon-scripts-xss-lfi-sqli-more/
Description: Surveying CodeCanyon Scripts – XSS, LFI, SQLi and More.

URL: http://3vildata.tumblr.com/post/125666311707/abusing-the-mpc-hc-webui-to-steal-private-pictures
Description: Abusing the MPC-HC WebUI to steal private pictures.

URL: http://antukh.com/blog/2015/08/22/dark-appsec/
Description: Deanonymization Made Simple.

URL: https://www.blackhat.com/docs/us-15/materials/us-15-Brossard-SMBv2-Sharing-More-Than-Just-Your-Files-wp.pdf
Description: SMB - Sharing more than your files.

URL: http://www.codereversing.com/blog/archives/261
Description: Stealth Techniques - Hiding Files in the Registry.

URL: https://gbmaster.wordpress.com/2015/08/13/x86-exploitation-101-integer-overflow-adding-one-more-aaaaaaaaaaand-its-gone/
Description: x86 Exploitation 101 - "Integer overflow" – adding one more… aaaaaaaaaaand it’s gone.

URL: https://blogs.securiteam.com/index.php/archives/2550
Description: SSD Advisory – ZendXml Multibyte Payloads XXE/XEE.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://dfir.it/blog/2015/07/18/toxic-pdf-walkthrough-bsides-london-challenge/
Description: Toxic PDF Walkthrough - BSides London Challenge.

URL: https://github.com/taviso/ctypes.sh
Description: A foreign function interface for bash.

URL: http://metalcaptcha.heavygifts.com/
Description: Are you a Metalhead or a bot?


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 36 | Month: September | Year: 2015 | Release Date: 04/09/2015 | Edition: 82º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://www.7xter.com/2015/08/hacking-facebook-pages.html
Description: Hacking Facebook Pages.

URL: https://www.youtube.com/watch?v=2Kw6VPlBz9w
Description: PayPal Arbitriary File Upload Vulnerability To Remote Code Execution.

URL: https://labs.integrity.pt/articles/xxe-all-the-things-including-apple-ioss-office-viewer/
Description: XXE All The Things! (Including Apple iOS's Office Viewer - CVE-2015-3784).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/ud2/advisories/tree/master/osx/cve-2015-5763
Description: Security issue in com.apple.filesystems.ntfs kext (CVE-2015-5763).

URL: https://github.com/NytroRST/NetRipper
Description: Smart traffic sniffing for penetration testers.

URL: https://pierrekim.github.io/advisories/2015-totolink-0x02.txt
PoC: http://aaronyool.blogspot.gr/2015/08/totolink-backdoor-exploitation-poc.html
Description: Backdoor and RCE found in 8 TOTOLINK router models.

URL: https://github.com/guidepointsecurity/slither
Description: Python Web Attack Framework (Akamai Origins, jnlp parser, struts2 and more).

URL: https://gist.github.com/subTee/732330ebfeb5c63b1296
Description: DllGuest - COM Surrogate Persistence, Launch your code from DLLHost.exe. 

URL: https://github.com/kpwn/tpwn
Blog: http://blog.qwertyoruiop.com/?p=69
Description: xnu local privilege escalation 0Day.

URL: https://gist.github.com/pakt/c70073a0e0de1f47f579
Description: Direct read/write access to Python's memory.

URL: http://seclists.org/fulldisclosure/2015/Aug/21
More: http://seclists.org/bugtraq/2015/Aug/52
Description: Pineapple autopwn script 2.3.0 or lower versions.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://github.com/lfit/itpol/blob/master/linux-workstation-security.md
Description: Linux workstation security checklist.

URL: https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html
Description: Persistent XSS Vulnerability in WordPress Explained.

URL: https://www.gitbook.com/book/radare/radare2book/details
Description: This book aims to cover most usage aspects of radare2.

URL: https://goo.gl/xgGGt4
Description: Chinese Conferences Materials (Dump).

URL: https://crowdshield.com/blog.php?name=reverse-engineering-a-critical-wordpress-0day-exploit
Description: Reverse Engineering a Critical Wordpress 0Day Exploit.

URL: http://googleprojectzero.blogspot.de/2015/08/attacking-ecmascript-engines-with.html
Description: Attacking ECMAScript Engines with Redefinition.

URL: http://blog.ropchain.com/2015/08/16/analysis-of-exploit-targeting-office-2007-2013-ms15-022/
Description: Ongoing analysis of unknown exploit targeting Office 2007-2013 UTAI MS15-022.

URL: http://intothesymmetry.blogspot.it/2015/08/apple-safari-sop-bypass-cve-2015-3753.html
Description: Apple Safari SOP bypass (CVE-2015-3753).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://code.google.com/p/chromium/issues/detail?id=526293
Description: Security - XSS in google chrome new tab page.

URL: http://norvig.com/sudoku.html
Description: Solving Every Sudoku Puzzle.

URL: https://github.com/mattdiamond/fuckitjs
Description: The Original Javascript Error Steamroller.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 37 | Month: September | Year: 2015 | Release Date: 11/09/2015 | Edition: 83º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://www.sec-down.com/wordpress/?p=553
Description: Paypal critical vulnerability to steal all your Paypal funds!

URL: https://www.bishopfox.com/blog/2015/08/coldfusion-bomb-a-chain-reaction-from-xss-to-rce/
Description: ColdFusion Bomb - A Chain Reaction From XSS to RCE.

URL: http://raz0r.name/articles/css-attacks/
Description: Overview of attacks on the client using CSS.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://zx.rs/6/DroidDucky---Can-an-Android-quack-like-a-duck/
Description: DroidDucky - Can an Android quack like a duck?

URL: http://www.intelligentexploit.com/view-details.html?id=21905
Description: Google Image CSRF Vulnerability & Using it as a Botnet.

URL: https://github.com/m13253/lvdo
Description: Video steganography implementation.

URL: https://github.com/CoreSecurity/impacket
Description: Impacket is a collection of Python classes for working with network protocols.

URL: https://gist.github.com/mattifestation/47f9e8a431f96a266522
Description: Drop binary data from the command line w/o needing PowerShell (Tip).

URL: https://github.com/n1nj4sec/pr0cks
Description: Python script to transparently forward all TCP and DNS traffic through a socks proxy.

URL: http://insecurety.net/?p=765
Description: SCTP Reverse Shell.

URL: http://www.malwaretech.com/2015/08/creating-ultimate-tor-virtual-network.html
Description: Creating the Ultimate Tor Virtual Network.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://blog.ioactive.com/2015/09/the-beauty-of-old-school-backdoors.html
Description: The Beauty of Old-school Backdoors.

URL: http://www.hexacorn.com/blog/2015/08/15/two-pe-tools-you-might-have-never-heard-of-now-you-do/
Description: Two PE tools you might have never heard of; Now you do.

URL: http://blog.crowdstrike.com/native-java-bytecode-debugging-without-source-code/
Description: Native Java Bytecode Debugging without Source Code.

URL: https://gbmaster.wordpress.com/2015/08/03/x86-exploitation-101-off-by-one-and-an-uninvited-friend-joins-the-party/
Description: x86 Exploitation 101 - "Off-by-one" and an uninvited friend joins the party.

URL: http://www.pentestpartners.com/blog/hacking-defcon-23s-iot-village-samsung-fridge/
Description: Hacking DefCon 23's IoT Village Samsung fridge. (Directions)

URL: http://cybermashup.com/2015/08/25/how-to-crack-ubuntu-disk-encryption-and-passwords/
Description: How to crack Ubuntu encryption and passwords.

URL: http://translate.wooyun.io/2015/09/01/Bypass-WAF-Cookbook.html
Description: Bypass WAF Cookbook.

URL: https://hackerone.com/reports/77065
Description: Stealing CSRF Tokens (Facepalm).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/tiimgreen/github-cheat-sheet#readme
Description: GitHub Cheat Sheet.

URL: http://dreamsofastone.blogspot.de/2015/07/reverse-engineering-nostalgia.html
Description: Reverse Engineering Nostalgia.

URL: https://github.com/tessalt/echo-chamber-js
Description: Commenting without the comments.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 38 | Month: September | Year: 2015 | Release Date: 18/09/2015 | Edition: 84º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://www.filet-o-firewall.com/
How: http://www.filet-o-firewall.com/p/technical-details.html
PoC: https://github.com/filetofirewall/fof
Description: A vendor agnostic UPnP vulnerability.

URL: http://ownsecurity.blogspot.ro/2015/08/how-i-found-sweets-inside-google.html
Description:  How I found the sweets inside Google servers (LFI Write-up).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/WestpointLtd/tls_prober
Description: A tool to fingerprint SSL/TLS servers.

URL: https://warroom.securestate.com/index.php/spawning-shells-over-bluetooth/
Description: Spawning Shells Over Bluetooth (Tip).

URL: https://github.com/knownsec/Pocsuite
Description: Vulnerability-based remote vulnerability framework and PoC.

URL: https://github.com/0xd4d/dnSpy
Description: .NET assembly editor, decompiler, and debugger.

URL: https://github.com/Rootkitsmm/miscellaneous/blob/master/main.cpp
Description: Windows Exploit.

URL: https://github.com/wireghoul/graudit/
Description: Grep rough audit - source code auditing tool.

URL: https://github.com/h2non/toxy
Description: HTTP proxy to simulate server failure and unexpected network conditions.

URL: https://github.com/lnxg33k/misc/blob/master/XSS-cookie-stealer.py
Description: POC for cookie stealing through XSS (101 Handler).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://thehackerblog.com/sonar-a-framework-for-scanning-and-exploiting-internal-hosts-with-a-webpage/
Description: sonar.js – A Framework for Scanning and Exploiting Internal Hosts With a Webpage.

URL: https://github.com/subgraph/oz/wiki/Oz-Technical-Details
Description: Oz Technical Details - (Linux desktop applications inside of isolated security sandboxes).

URL: https://www.jkry.org/ouluhack/Toyota%20Touch%20%26%20Go
Description: Hacking Toyota Touch & Go.

URL: http://www.phrack.org/papers/self-patching-msxml.html
Description: Self-patching Microsoft XML with misalignments and factorials.

URL: https://cturt.github.io/ps4.html
Description: Analysis of PS4's security and the state of hacking.

URL: https://tinyurl.com/pv868t6
Description: WhatsApp "MaliciousCard".

URL: https://github.com/sakurity/truefactor
Description: "123456" no more ("2FAuth _Next Gen").

URL: http://blog.cryptographyengineering.com/2015/09/lets-talk-about-imessage-again.html
Description: Let's talk about iMessage (again).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/codegolf/pac-man
Description: Pac-Man in <512 Bytes of HTML and JavaScript.

URL: http://trainwatch.u0d.de/
Description: Metadata from the free WiFi in the Dutch intercity trains.

URL: https://github.com/FiloSottile/whosthere
Description: A SSH server that knows who you are (Privacy Alert!).


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 39 | Month: September | Year: 2015 | Release Date: 25/09/2015 | Edition: 85º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://oreoshake.github.io/xss/rce/bugbounty/2015/09/08/xss-to-rce.html
Description: XSS to RCE "yeah right, RSnake".

URL: http://mohamedmfouad.blogspot.pt/2015/09/starbucks-critical-flaws-allow-hackers.html
Description: Starbucks Critical Flaws (Phishing and RCE).

URL: http://goo.gl/MKvt4p
Description: Rdio Flash Cross-domain Exploit with FlashHTTPRequest.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/floyd-fuh/tiny-mitm-proxy
Description: Probably one of the smallest SSL MITM proxies you can make.

URL: https://isc.sans.edu/diary/PDF+%2B+maldoc1+%3D+maldoc2/20079
Description: PDF + maldoc1 = maldoc2 (Nice walk-through).

URL: https://github.com/Rootkitsmm/WinIo-Vidix
Description: Exploit WinIo - Vidix and Run Shellcode in Windows Kernel.

URL: https://github.com/theresponder/MemoryPatchDetector
Description: Detects code differentials between exe and the corresponding proc/mod in mem.

URL: https://github.com/ChiChou/CVE-2014-4076
Description: Windows 2k3 tcpip.sys Privilege Escalation.

URL: https://github.com/espreto/wpsploit
Description: WPSploit - Exploiting Wordpress With Metasploit.

URL: https://github.com/robertdavidgraham/cve-2015-5477
Description: PoC exploit for CVE-2015-5477 BIND9 TKEY assertion failure.

URL: https://github.com/codypierce/hackers-grep
Description: hackers-grep is a utility to search for strings in PE executables.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://gist.github.com/atcuno/3425484ac5cce5298932
Description: HowTo - Privacy & Security Conscious Browsing.

URL: http://nullsecure.org/building-your-own-passivedns-feed/
Description: Building Your Own Passive DNS Collection System.

URL: http://l.avala.mp/blog/pwnage-per-port-22opentcpssh/
Description: Pwnage Per Port - 22/open/tcp//ssh.

URL: http://drops.wooyun.org/papers/8298
Description: Hacking ipcam like Harold in POI.

URL: https://github.com/drduh/OS-X-Yosemite-Security-and-Privacy-Guide
Description: OS X Yosemite Security and Privacy Guide.

URL: http://wololo.net/2015/09/22/exploit-psx-games-psp-vita/
Description: How to exploit PSX games for PSP and Vita.

URL: https://www.lucidchart.com/techblog/2015/08/31/the-worst-mistake-of-computer-science/
Description: The worst mistake of computer science (NULL).

URL: https://goo.gl/Dk0Iin (+)
Description: Visual Studio bug exposed my source code on GHu and cost me $6,500.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://xem.github.io/hex/
Description: Tiny JS hex viewer & editor.

URL: http://www.linusakesson.net/programming/tty/
Description: The TTY demystified.

URL: https://ucnv.github.io/pnglitch/
Description: The Art of PNG Glitch.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 40 | Month: October | Year: 2015 | Release Date: 02/10/2015 | Edition: 86º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://ashishpadelkar.com/index.php/2015/09/23/facebook-simple-technical-bug-worth-7500/
Descriptions: Facebook Simple Technical Bug worth 7500$.

URL: http://g-laurent.blogspot.pt/2015/09/demistifying-responder-wpad.html
Description: Demistifying Responder WPAD Authentication module. (Oldies)

URL: http://alex.hyperiongray.com/posts/302352-pwn-the-docs
Description: Pwn The Docs - Vulnerability in readthedocs.org.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://sourceforge.net/projects/exploitresolver/
Description: Resolver is a windows based tool which designed to preform a reverse DNS Lookup.

URL: https://github.com/mweissbacher/armory-pass
Gadget: http://inversepath.com/usbarmory
Description: Password manager for USB Armory.

URL: https://github.com/heisecode/FED
Description: Flash Exploit Detector- 0Day Research.

URL: http://www.thijsbroenink.com/2015/08/bruteforcing-coupon-codes-for-discount.html
Description: Bruteforcing coupon codes for discount. (Quick and Dirty!)

URL: https://gist.github.com/subTee/28b7439d3dfa07053b61
Description: Execute ShellCode Via Jscript.NET.

URL: https://github.com/davidoren/CuckooSploit
Description: Env. for comprehensive, automated analysis of web-based exploits.

URL: https://gist.github.com/colinmahns/e3c38c5eae6c4bf6441d
Description: Twitter DM with OTR.

URL: https://github.com/ICSec/airpwn-ng
Description: The home of the new and improved version of airpwn... airpwn-ng.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://github.com/GuerrillaWarfare/Armory
Description: The 802.11 Hacking Repo.

URL: http://theta44.org/karma/
Detector: https://github.com/pmbento/karmadetector
Description: KARMA Attacks Radioed Machines Automatically. (Oldies)

URL: http://drops.wooyun.org/papers/8261
Description: vBulletin rce 0day analysis.

URL: http://www.securitygalore.com/site3/safari-pasv
Description: Safari FTP PASV manipulation vulnerability.

URL: http://blog.perimeterx.com/bugzilla-cve-2015-4499
Description: Bugzilla CVE-2015-4499 - All Your Bugs Are Belong To Us.

URL: https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM/edit?pli=1#
Description: SSRF Bible Cheatsheet.

URL: http://d.hatena.ne.jp/end0tknr/20150830/1440885918
Description: Secure Coding - Image type determination of the browser by magic bytes.

URL: https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/
Description: CVE-2014-7216 - A Journey Through Yahoo’s Bug Bounty Program.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/pk-man/Bash-Integer-Overflow
Description: Bash integer overflow in braces.

URL: https://github.com/yudai/gotty
Description: Share your terminal as a web application.

URL: https://github.com/gloomyson/StarCraft
Description: HTML5 version for StarCraft game.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 41 | Month: October | Year: 2015 | Release Date: 09/10/2015 | Edition: 87º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://goo.gl/0fcbEB
Description: Exploiting MS Excel 2007 with OLE embedded objects heapspray on Win7/8/10.

URL: http://sijmen.ruwhof.net/weblog/584-how-i-could-hack-internet-bank-accounts-of-danish-largest-bank-in-a-few-minutes
Description: How I could hack internet bank accounts of Danish largest bank in a few minutes.

URL: https://security.bugs.gallery
Description: Security Bugs Gallery.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/SageHack/cloud-buster
Description: A CloudFlare resolver that works.

URL: https://github.com/Pr0x13/iBrutr
Description: iCloud Bruteforce PoC - with MultiCurl.

URL: http://www.sw1tch.net/blog/gone-kingphishin-part-1-kingphisher-beef-digital-ocean-kali
Description: Running a phishing campaign against your organisation.

URL: https://gist.github.com/wirehack7/fccc32806221c4c803dd
Description: Simpe VirusTotal API 2.0 PHP class.

URL: https://testssl.sh/
Description: Testing TLS/SSL encryption.

URL: http://dangerousprototypes.com/2015/09/08/a-xsvf-assemblerdisassembler-in-python/
Description: A XSVF assembler/disassembler in python.

URL: https://github.com/w8rbt/keycap/
Description: A simple keystroke logger for Windows.

URL: https://github.com/PaulSec/twittor
Description: A fully featured backdoor that uses Twitter as a C&C server.

URL: https://github.com/cyrus-and/gdb-dashboard
Description: Modular visual interface for GDB in Python.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://www.room362.com/2012/02/ms08068-ms10046-fun-until-2018.html
Description: MS08_068+MS10_046=FUN until 2018 aka SMB Relay + LNK UNC icons = internal pentest pwnage.

URL: http://www.bigendiansmalls.com/mainframe-bind-shell-source-code/
Description: Mainframe Bind Shell – Source Code.

URL: https://www.davidsopas.com/acunetix-got-rfded/
Description: Acunetix got RFDed! (Reflected Filename Download).

URL: http://lucb1e.com/rp/cookielesscookies/
Description: Cookieless cookies. (Never too late!)

URL: https://www.rapid7.com/docs/Hacking-IoT-A-Case-Study-on-Baby-Monitor-Exposures-and-Vulnerabilities.pdf
Description: Hacking IoT - A Case Study on Baby Monitor Exposures and Vulnerabilities.

URL: http://conorpp.com/blog/proxying-bluetooth-devices-for-security-analysis-using-btproxy/
Description: Proxying Bluetooth devices for security analysis using btproxy.

URL: https://www.notsosecure.com/2015/09/24/remote-code-execution-via-php-unserialize/
Description: Remote code execution via PHP (Unserialize).

URL: https://dfirblog.wordpress.com/2015/09/27/dissecting-powershell-attacks/
Description: Dissecting powershell attacks.

URL: http://www.sekoia.fr/blog/malware-and-com-object-the-paradise-of-covert-channels/
Description: Malware and COM Object - The paradise of covert channels.

URL: https://blog.coresecurity.com/2015/09/28/abusing-gdi-for-ring0-exploit-primitives/
Description: Abusing GDI for ring0 exploit primitives.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/auchenberg/volkswagen
Description: Volkswagen detects your tests in a CI server, and makes them pass.

URL: http://www.clicktorelease.com/blog/svg-google-logo-in-305-bytes
Description: Can the new Google logo be 305 bytes?

URL: http://www.leakedin.com/
Description: Stories About Data Leaks and Related Stuff.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 42 | Month: October | Year: 2015 | Release Date: 16/10/2015 | Edition: 88º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://www.mdsec.co.uk/2015/09/an-introduction-to-hardware-hacking-the-ripe-atlas-probe/
Description: An Introduction to Hardware Hacking - the RIPE Atlas probe.

URL: https://www.davidsopas.com/reflected-file-download-cheat-sheet/
Description: Reflected File Download Cheat Sheet.

URL: https://inventropy.us/blog/constructing-an-xss-vector-using-no-letters
Description: Constructing an XSS vector, using no letters.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/sadasystems/private-message
Description: Easily send and recieve encrypted messages via Github. (Talking about C&C)

URL: http://subt0x10.blogspot.pt/2015/09/simple-example-of-encoded-mimikatz-upx.html
Description: Simple Example Of Encoded Mimikatz - UPX Packed, Base64 Encoded. (PNG Power)

URL: https://gist.github.com/mak/bd71962aae98ab0b0441
Description: CVE-2015-3113 from 205a625ebc3b0a9b286dc8f065845433.

URL: http://www.malwarefieldguide.com/LinuxChapter2.html
Description: Memory Analysis Tools for Linux Systems.

URL: https://github.com/JonDoNym/peinjector
Description: peinjector - MITM PE file infector.

URL: https://github.com/BromiumLabs/PackerAttacker
Description: C++ application that uses memory and code hooks to detect packers.

URL: https://github.com/syncsrc/jtagsploitation
Description: Scripts and examples for using JTAG debug tools to gain root access.

URL: https://williammahler.github.io/Capstone.js-bookmarklet/
Description: Inline Disassembler Bookmarklet.

URL: https://github.com/fuzzdb-project/fuzzdb
Description: Official FuzzDB Repo - relocated from Google Code.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://www.fabionatalucci.it/individuate-vulnerabilita-su-ilmessaggero-it-full-disclosure/
Description: ilmessaggero.it is vulnerable to cyber attacks.

URL: http://blog.dornea.nu/2015/10/02/manage-pki-using-openssl/
Description: Manage PKI using OpenSSL.

URL: https://blog.perimeterx.com/bugzilla-cve-2015-4499/
Description: Bugzilla CVE-2015-4499 - All Your Bugs Are Belong To Us.

URL: http://blog.silentsignal.eu/2014/07/28/how-to-got-root-access-on-fireeye-os/
Description: How to get root access on FireEye OS.

URL: http://andreicostin.com/secadv/HP_MIPIO_backdoor.txt
Description: The "HP MIPIO Backdoor" Story.

URL: https://shubh.am/exploiting-url-shortners-to-discover-sensitive-resources-2/
Description: Abusing URL Shortners to discover sensitive resources or assets.

URL: https://quequero.org/2015/09/black-hat-arsenal-peepdf-challenge-2015-writeup/
Description: Black Hat Arsenal peepdf Challenge 2015 writeup.

URL: https://www.sysdream.com/exploiting-symfony2-profiler
Description: Exploiting Symfony2's Profiler.

URL: https://bwall.github.io/libemu-scapy-for-shellcode-on-the-network/
Description: Detecting shellcode over the network with scapy and libemu.

URL: http://www.sekoia.fr/blog/when-a-brazilian-string-smells-bad/
Description: When a Brazilian string smells bad (Malware Research).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://hackertarget.com/hacker-tools-mr-robot/
Description: Exploring the Hacker Tools of Mr Robot.

URL: https://github.com/ajalt/fuckitpy
Description: The Python error steamroller.

URL: https://www.nowsecure.com/blog/2015/08/17/raspberry-pi-hang-instruction/
Description: Raspberry PI hang instruction (Local DoS RPi).


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 43 | Month: October | Year: 2015 | Release Date: 23/10/2015 | Edition: 89º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://blog.naver.com/1n73ction/220499561862
Description: Facebook XXE attack.

URL: https://www.synack.com/labs/blog/how-i-hacked-hotmail/
Description: How I Hacked Hotmail.

URL: https://pierrekim.github.io/blog/2015-10-07-Huawei-routers-vulnerable-to-multiple-threats.html
Description: Huawei 3G routers - XSS, CSRF, DoS, unauthenticated firmware update and RCE.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/onethawt/idaplugins-list/blob/master/README.md
Description: A list of IDA Plugins.

URL: https://github.com/struct/mathilda
Description: Mathilda is a C++ class for distributing web requests to worker processes.

URL: https://github.com/realalexandergeorgiev/tempracer
Description: Race conditions are a pentesters friend.

URL: https://github.com/n1nj4sec/pupy
Description: Pupy is a remote administration tool.

URL: https://github.com/whitepacket/ZIB-Trojan
Description: The Open Tor Botnet (ZIB); Python-based forever-FUD IRC Trojan.

URL: https://github.com/elceef/dnstwist
Description: Domain name permutation engine.

URL: https://github.com/RandomStorm/Bluto
Descripion: Recon, Subdomain Bruting, Zone Transfers.

URL: https://github.com/ElevenPaths/EvilFOCA
Description: EvilFOCA - Security in IPv4 and IPv6 data networks.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://wroot.org/posts/babadook-connection-less-powershell-persistent-and-resilient-backdoor/
Description: Babadook - Connection-less Powershell Persistent and Resilient "Backdoor".

URL: https://www.mdsec.co.uk/2015/10/vulnerability-in-sed-systems-decimator-d3/
Description: Multiple Vulnerabilities in SED Systems' Decimator D3.

URL: http://cynosureprime.blogspot.pt/2015/09/how-we-cracked-millions-of-ashley.html
Description: How we cracked millions of Ashley Madison bcrypt hashes efficiently.

URL: http://mazinahmed.net/uploads/Evading%20All%20Web-Application%20Firewalls%20XSS%20Filters.pdf
Description: Evading All Web-application Firewalls XSS Filters.

URL: http://www.bishopfox.com/blog/2015/09/the-active-directory-kill-chain-is-your-company-at-risk/
Description: The Active Directory Kill Chain - Is Your Company at Risk?

URL: http://blog.knownsec.com/2015/10/wordpress-xmlrpc-brute-force-amplification-attack-analysis/
Description: WordPress XMLRPC efficient use Blasting Principle Analysis.

URL: https://dl.packetstormsecurity.net/papers/general/cisco_ios_rootkits.pdf
Description: Whitepaper - Writing Cisco IOS Rootkits.

URL: https://www.idontplaydarts.com/2015/09/cross-domain-timing-attacks-against-lucene/
Description: Exploiting CSRF against search with Lucene.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://lalo.li/lsd/?ultra-hard-version
Description: LSD - Line Square Dot.

URL: http://javahacker.com/the-first-javascript-misdirection-contest/
Description: The First JavaScript Misdirection Contest.

URL: https://github.com/girliemac/RPi-KittyCam
Description: Cat facial detection for Raspberry Pi.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 45 | Month: November | Year: 2015 | Release Date: 06/11/2015 | Edition: 90º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://blog.tunnelshade.in/2015/09/interesting-flash-xss-on-vkcom.html
Report: https://hackerone.com/reports/66121
Description: Interesting flash xss on vk.com.

URL: https://hackerone.com/reports/96294
Description: DDOS using Wordpress xmlrpc.php.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://www.exploit-db.com/exploits/38360/
Description: Dropbox < 3.3.x - OSX FinderLoadBundle Local Root Exploit.

URL: https://github.com/n1nj4sec/memorpy
Description: Python library using ctypes to search/edit windows programs memory.

URL: https://github.com/m-dwyer/packer-malware
Description: Basic Malware Analysis Lab - Packer-Malware.

URL: https://github.com/foreni-packages/dhcpig
Description: Initiates an advanced DHCP exhaustion attack.

URL: https://github.com/Rootkitsmm/MS15-061
Description: Exploiting MS15-061 with reverse engineering Win32k.sys.

URL: https://w3challs.com/syscalls/
Description: Syscall table reference tool for several archs.

URL: https://github.com/m57/dnsteal
Description: Fake DNS server to stealthily extract files from a "victim" through DNS requests.

URL: https://github.com/reigningshells/CVE-2015-3073
Description: Adobe Acrobat Reader AFParseDate Javascript API Restrictions Bypass (CVE-2015-3073).

URL: https://github.com/jacobsoo/ImageSignature
Description: An image signature that shows user(s)' information.

URL: https://github.com/yahoo/gryffin
Description: Gryffin is a large scale web security scanning platform.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://www.room362.com/2014/04/executing-code-via-smb-dcom-without.html
Description: Executing Code via SMB/DCOM without PSExec.

URL: http://d.hatena.ne.jp/masa141421356/20150914/1442239071
Description: CVE-2015-1729 fixed by MS15-065 XSS!

URL: http://fatsquirrel.org/oldfartsalmanac/random/reverse-engineering-a-vintage-wireless-keypad-with-an-rtl-sdr/
Description: Reverse engineering a vintage wireless keypad with an RTL-SDR.

URL: http://blog.mindedsecurity.com/2015/09/autoloaded-file-inclusion-in-magento.html
Description: Autoloaded File Inclusion in Magento SOAP API (SUPEE-6482).

URL: http://noxxi.de/research/http-evader.html
Description: HTTP Evader - Automate Firewall Evasion Tests.

URL: https://labs.mwrinfosecurity.com/blog/2015/09/25/a-practical-guide-to-cracking-password-hashes/
Description: A Practical Guide to Cracking Password Hashes.

URL: http://linux-audit.com/elf-binaries-on-linux-understanding-and-analysis/
Description: The 101 of ELF Binaries on Linux - Understanding and Analysis.

URL: http://www.metzdowd.com/pipermail/cryptography/2015-October/026685.html
Description: OpenPGP SEIP downgrade attack.

URL: http://blog.knownsec.com/2015/09/linux-drm_legacy_lock_free-null-pointer-dereference-analysis/
Description: Linux drm_legacy_lock_free null pointer dereference bug analysis.

URL: https://www.7elements.co.uk/resources/blog/cve-2015-2342-remote-code-execution-within-vmware-vcenter/
Description: CVE-2015-2342 – Remote Code Execution within VMware vCenter.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/gutomaia/pyNES
More: https://www.youtube.com/watch?v=h3E2U4hdDeE
Description: Python programming for Nintendo 8 bits.

URL: http://www.repeater-builder.com/antenna/pdf/beer-barel-cavity.pdf
Description: The beer barrel as a VHF cavity resonator.

URL: https://github.com/AdamLaurie/sjcam
Description: A python CLI tool for controlling SJCAM WiFi Sports Cameras.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 46 | Month: November | Year: 2015 | Release Date: 13/11/2015 | Edition: 91º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://goo.gl/uTw6PN
More: http://fishbowl.pastiche.org/2015/11/09/java_serialization_bug/
PoC: https://gist.github.com/asanso/88f0e5f33ed02ad21c4b
Exploits: https://github.com/foxglovesec/JavaUnserializeExploits
Scanner: https://github.com/johndekroon/serializekiller
Fix: https://github.com/ikkisoft/SerialKiller
Description: What do WebLogic, JBoss, Jenkins, and your app have in common? This vulnerability.

URL: http://foxglovesecurity.com/2015/10/26/car-hacking-for-plebs-the-untold-story/
Description: Car Hacking for Plebs – The Untold Story.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/SpiderLabs/malware-analysis
Description: A repository of tools and scripts related to malware analysis.

URL: https://github.com/m57/ARDT
Description: Akamai Reflective DDoS Tool.

URL: https://github.com/keymandll/FuzzLabs
Description: FuzzLabs Fuzzing Framework.

URL: https://cyberarms.wordpress.com/2015/10/04/anti-virus-bypass-with-shellter-5-1-on-kali-linux/
Description: Anti-Virus Bypass with Shellter 5.1 on Kali Linux.

URL: https://github.com/codetainerapp/codetainer
Description: A Docker container in your browser.

URL: http://sourceforge.net/projects/awap/
Description: Tool to detect and correct vulnerabilities in PHP web applications.

URL: https://github.com/sensepost/autoDANE
Description: Auto Domain Admin and Network Exploitation.

URL: http://securityaffairs.co/wordpress/40727/hacking/hack-decrypt-whatsapp-database.html
Description: How to Hack and Decrypt WhatsApp Database on rooted devices.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://www.accuvant.com/blog/exploiting-jmx-rmi
Description: Exploiting JMX RMI.

URL: http://lcamtuf.coredump.cx/edison_fuzz/
Description: Fuzzing on Edison - field report.

URL: https://blog.goeswhere.com/2015/10/ssh-key-capture/
Description: Capturing users' ssh keys (Tricky).

URL: http://seckb.yehg.net/2012/06/xss-gaining-access-to-httponly-cookie.html
Description: XSS - Gaining access to HttpOnly Cookie in 2012 (Oldies).

URL: https://www.swordshield.com/2015/10/extracting-password-hashes-from-large-ntds-dit-files/
Description: Extracting password hashes from large NTDS.DIT files.

URL: http://jumpespjump.blogspot.pt/2015/09/how-i-hacked-my-ip-camera-and-found.html
Description: How I hacked my IP camera, and found this backdoor account.

URL: http://arxiv.org/pdf/1511.00444v2.pdf
PoC: https://github.com/Tribler/self-compile-Android#readme
Description: Autonomous application capable of self-compilation, mutation and viral spreading.

URL: https://goo.gl/rWptw1
Description: Java Sandbox Bypass (1.7.0_10)/(1.6.0_38) via Proxy and JMX.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/alex/what-happens-when
Description: "What happens when you type google.com into your browser and press enter?"

URL: https://www.bamsoftware.com/hacks/deflate.html
Description: Biggest image in the smallest space.

URL: http://ec.europa.eu/taxation_customs/vies/vatResponse.html
Description: Free names and addresses with just a VAT number.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 47 | Month: November | Year: 2015 | Release Date: 20/11/2015 | Edition: 92º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://blog.dewhurstsecurity.com/2015/11/10/mobile-security-certificate-pining.html
Description: Mobile Security Certificate Pinning (Hacks).

URL: http://grangeia.io/2015/11/09/hacking-tomtom-runner-pt1/
More: http://grangeia.io/2015/11/16/hacking-tomtom-runner-pt2/
Description: Hacking Smartwatches - the TomTom Runner.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/unix-thrust/beurk
Description: BEURK Experimental Unix RootKit.

URL: https://github.com/ITLivLab/Win7_powershell_forensics
Description: Windows 7 forensics scripts (Powershell).

URL: https://github.com/Hypsurus/weeman
Description: HTTP Server for phishing in Python.

URL: https://github.com/byt3bl33d3r/CrackMapExec
Description: A swiss army knife for pentesting Windows/AD environments.

URL: http://www.debuginfo.com/tools/chkmatch.html
Description: Check executable and debug information file is a match.

URL: https://gef.readthedocs.org/en/latest/
Description: GEF - GDB Enhanced Features.

URL: https://github.com/chipsec/chipsec
Description: Platform Security Assessment Framework.

URL: https://github.com/scanmem/scanmem
Description: Memory scanner for Linux w/ GUI.

URL: https://gitlab.com/rav7teif/linux.wifatch
Description: Linux.Wifatch Ransom Malware (Research).

URL: https://github.com/gdbinit/rootfool
Description: Dynamically disable and enable Sys. Integrity Protec.(SIP) in El Capitan.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://legalhackers.com/advisories/Google-AdWords-API-libraries-XXE-Injection-Vulnerability.txt
Description: Google AdWords API client libraries - XML eXternal Entity Injection (XXE).

URL: http://www.icewall.pl/?p=696&lang=en
Description: Microsoft Windows FastFAT.sys Sectors per FAT Denial of Service Vulnerability.

URL: http://blog.checkpoint.com/2015/11/05/check-point-discovers-critical-vbulletin-0-day/
Description: Critical vBulletin 0-Day (Research).

URL: http://tinyhack.com/2015/11/08/teensy-lc-u2f-key/
Description: Teensy LC U2F key (Why not?).

URL: https://github.com/gsbabil/ClassicNFC/blob/master/gsbabil-ruxconf2015.pdf
PoC: https://github.com/gsbabil/ClassicNFC
Description: Hack NFC Access Cards & Steal CC Data with Android.

URL: http://blog.a-way-out.net/blog/2015/11/06/host-header-injection/
Description: Capable of Host header injection attacks in PHP vulnerability.

URL: http://blog.talosintel.com/2015/10/dangerous-clipboard.html
Description: Dangerous Clipboard - Analysis of the MS15-072 Patch.

URL: http://www.greyhathacker.net/?p=738
Description: Elevating privileges by exploiting weak folder permissions (Windows).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/freddymartinez9/securitytalks/blob/master/IMSICatchersForActivists.md
Description: IMSI Catchers - Practical Knowledge for Activists.

URL: https://instant.io/
Description: Streaming file transfer over WebTorrent.

URL: http://www.unfitbits.com/
Description: Free your fitness data from yourself.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 48 | Month: November | Year: 2015 | Release Date: 27/11/2015 | Edition: 93º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://stegosploit.info/
Talk: http://www.slideshare.net/saumilshah/stegosploit-blackhat-europe-2015
Description: Exploit Delivery via Steganography and Polyglots.

URL: http://maustin.net/2015/11/12/hipchat_rce.html
Description: XSS to RCE in Atlassian Hipchat.

URL: http://ryhanson.com/angular-expression-injection-walkthrough/
Description: AngularJS Expression Injection Vulnerability Walkthrough.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/thechrisharrod/Malfind
Description: Powershell tool to download malware samples.

URL: http://silentbreaksecurity.com/invoke-dcsync-because-we-all-wanted-it/
Description: Hashdump without the DC using DCSync (because we all wanted it).

URL: https://gist.github.com/subTee/4843a1d9e7a9fcdb4417
Description: InstallUtil Keylogger/MouseClick Recorder - Stores Logs in [Documents\Klog-Logs].

URL: https://github.com/elceef/bitlocker
Description: Volatility Framework plugin for extracting BitLocker FVEK (Full Volume Encryption Key).

URL: https://github.com/tomato42/tlsfuzzer
Slides: https://github.com/tomato42/tlsfuzzer/blob/master/docs/ruxcon2015-kario-slides.pdf
Description: TLS test suite and fuzzer.

URL: https://github.com/omriher/CapTipper
Description: CapTipper is a python tool to analyze, explore and revive HTTP malicious traffic.

URL: https://github.com/NoobieDog/Skype-Maltego-Client
Description: A set of local Skype transforms for Maltego to utilise Skype and search the directory.

URL: https://github.com/diracdeltas/sniffly
Description: Sniffing browser history using HSTS + CSP.

URL: https://github.com/ud2/advisories/tree/master/embedded/dlink/nocve-2015-0002
Description: Remote stack overflow on D-Link cameras.

URL: https://github.com/gdbinit/gopher
Description: MacOS X crypto ransomware PoC.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://meat.pisto.horse/2015/11/rooting-linksys-x2000-router-system.html
Description: Rooting the Cisco Linksys x2000 router - system() strikes again (Easy root).

URL: https://chloe.re/2015/11/09/csrf-blocker-block-csrf-attacks-the-right-way/
Tool: https://github.com/avlidienbrunn/anti-csrf-plugin
Description: CSRF Blocker - block CSRF-attacks the right way.

URL: https://blog.filippo.io/the-sad-state-of-smtp-encryption/
Description: The sad state of SMTP encryption.

URL: https://respectxss.blogspot.de/2015/11/a-tale-of-breaking-saps-successfactorss.html
Description: A Tale of Breaking SAP's SuccessFactors's XSS Filter.

URL: http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/nslookup-flaws.html
Description: nslookup is a badly flawed tool. Don't use it.

URL: https://www.sensepost.com/blog/2015/wadi-fuzzer/
Tool: https://github.com/sensepost/wadi
Description: Wadi Fuzzer.

URL: https://blog.gaborszathmari.me/2015/11/11/tricking-google-authenticator-totp-with-ntp/
Description: Tricking Google Authenticator TOTP with NTP.

URL: http://yahoo-security.tumblr.com/post/122883273670/apache-traffic-server-http2-fuzzing
Description: Apache Traffic Server - HTTP2 Fuzzing.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://github.com/NARKOZ/hacker-scripts
Description: Hacker Scripts... Epic Stuff! 😂

URL: https://github.com/docker/dockercraft
Description: Docker + Minecraft = Dockercraft.

URL: http://superlogout.com/
Description: Super Logout.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 49 | Month: December | Year: 2015 | Release Date: 04/12/2015 | Edition: 94º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://www.n0tr00t.com/2015/11/27/cve-2015-8213.html
Description: Django settings leak possibility in date template filter (CVE-2015-8213).

URL: http://lizardhq.org/2015/11/25/dell-foundation-services.html
Patch 😆 : http://lizardhq.org/2015/12/01/dell-foundation-services.2.html
More: http://www.exploit-monday.com/2015/12/thoughts-on-exploiting-remote-wmi-query.html 
Description: Dell Foundation Services Remote Information Disclosure.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/tsu-iscd/beef-drive
Description: BeEF and Google Drive.

URL: https://github.com/jenseng/xsslint
Description: Find potential XSS vulnerabilities.

URL: https://github.com/CoolerVoid/0d1n
Description: Web security tool to make fuzzing at HTTP inputs, made in C with libCurl.

URL: https://github.com/ThomasKing2014/ELF-ARM-HOOK-Library
Description: It's very smali to Substrate. But I give you three methods to do HOOK.

URL: https://github.com/alienwithin/OWASP-mth3l3m3nt-framework
Description: OWASP Mth3l3m3nt F. penetration testing tool and exploitation framework. 

URL: http://www.th3r3p0.com/vulns/jenkins/jenkinsVuln.html
PoC: http://www.th3r3p0.com/vulns/jenkins/jenkinsVuln.py
Description: Unauthenticated Stored Credential Recovery and RCE on Jenkins.

URL: http://goo.gl/O07NBR (+)
Description: Exploiting Padding Oracle To Gain Encryption Keys.

URL: https://packetstormsecurity.com/files/134064/mchtml-exec.txt
Description: Microsoft Compiled HTML Help Remote Code Execution.

URL: http://www.pentest.guru/index.php/2015/10/19/ditch-psexec-spraywmi-is-here/
More: http://www.rapid7.com/resources/videos/how-psexec-and-remote-execution-work.jsp
Description: Ditch PsExec, SprayWMI is here ;) (Pentest Stuff).

URL: https://github.com/rcoh/stacksmash
Description: A collection of toy programs for teaching buffer overflow vulnerabilities.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://jbeekman.nl/blog/2015/03/reverse-engineering-uefi-firmware/
Description: Reverse Engineering UEFI Firmware.

URL: http://goo.gl/HCRlCE (+)
Description: United Airlines Bug Bounty-  An experience in reporting a serious vulns.

URL: https://github.com/Muterra/doc-muse
Description: Open, decentralizable, encrypted low-level social protocol.

URL: http://blog.knownsec.com/2015/11/analysis-of-redis-unauthorized-of-expolit/
Description: Redis unauthorized access with SSH key files use analysis.

URL: https://blog.srcclr.com/spring-social-core-vulnerability-disclosure/
Description: Spring Social Core Vulnerability Disclosure.

URL: http://www.spect.cl/blog/2015/11/security-audit-scrapyd/
Description: Security Audit - Scrapyd (Python Security).

URL: http://www.sciencedirect.com/science/article/pii/S1742287615000146
Description: Forensic analysis of a Sony PlayStation 4 - A first look.

URL: http://www.labofapenetrationtester.com/2015/11/week-of-continuous-intrusion-day-1.html
Description: Week of Continuous Intrusion (Jenkins PoC 100% Working).

URL: http://goo.gl/9TtRd8 (+)
DoS: https://cxsecurity.com/issue/WLB-2015120026
Description: Easy File Sharing Web Server v7.2 - Remote SEH Buffer Overflow (DEP Bypass w/ ROP).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://www.adriancourreges.com/blog/2015/11/02/gta-v-graphics-study/
Description: GTA V - Graphics Study.

URL: https://github.com/Xyl2k/TSA-Travel-Sentry-master-keys
Description: 3D reproduction of TSA Master keys.

URL: http://thepiratebook.net/
Description: The Pirate Book.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 50 | Month: December | Year: 2015 | Release Date: 11/12/2015 | Edition: 95º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://security.linkedin.com/blog-archive#11232015
Description: Abusing CSS Selectors to Perform UI Redressing Attacks.

URL: http://blog.valverde.me/2015/12/07/bad-life-advice/
Description: Bad life advice - Replay attacks against HTTPS.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/BuffaloWill/oxml_xxe
Description: A tool for embedding XXE/XML exploits into different filetypes.

URL: https://github.com/jndok/ropnroll
Description: An OSX exploitation helper library.

URL: https://gist.github.com/crowell/92ed41884db35d73e2fc
Description: Prevent an ELF from being loaded by gdb < v7.10.

URL: https://github.com/DhavalKapil/icmptunnel
Description: Transparently tunnel your IP traffic through ICMP echo and reply packets.

URL: http://magikh0e.ihtb.org/pubPapers/ssh_gymnastics_tunneling.html
Description: SSH Gymnastics and Tunneling with ProxyChains.

URL: https://github.com/xor-function/fathomless
Description: A collection of different programs that work together, related to infosec.

URL: https://github.com/n3k/CertSlayer
Description: Test if an application handles SSL certificates the way it is supposed to.

URL: https://github.com/secabstraction/PowerCat
Description: A PowerShell TCP/IP swiss army knife.

URL: http://decidedlygray.com/2015/11/19/evil-access-point-with-auto-backdooring-ftw/
Description: Evil Access Point with Auto-Backdooring FTW!


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://yahoo-security.tumblr.com/post/134549767190/attacking-http2-implementations
Description: Attacking HTTP/2 Implementations.

URL: http://www.sekoia.fr/blog/windows-driver-signing-bypass-by-derusbi/
Description: Windows driver signing bypass by Derusbi Malware.

URL: https://goo.gl/Pei7cP (+)
Description: Remote code execution in wget+dietlibc.

URL: http://silentbreaksecurity.com/malicious-outlook-rules/
Description: Malicious Outlook Rules.

URL: https://odzhan.wordpress.com/2015/11/17/asmcodes-pic/
Description: Platform Independent PIC for Loading DLL and Exec Commands.

URL: https://w00tsec.blogspot.pt/2015/11/arris-cable-modem-has-backdoor-in.html
Description: ARRIS Cable Modem has a Backdoor in the Backdoor.

URL: https://www.mdsec.co.uk/2015/12/protected-mode-a-case-of-when-no-means-yes/
Description: Protected Mode - A Case of When No Means Yes.

URL: http://neonprimetime.blogspot.pt/2015/11/xsl-payload-xxe-rce-e3xpl0it.html
Description: Remote Code Execution in XSL (EXtensible Stylesheet Language) Transformations.

URL: http://blog.fortinet.com/post/when-baby-monitors-are-a-model-for-iot-security
Description: When Baby Monitors Are a Model For IoT Security.

URL: https://blog.coresecurity.com/2015/12/09/exploiting-windows-media-center/
Description: Exploiting Windows Media Center.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://hackerone.com/reports/100829
Description: Stored-XSS in Coinbase.com (Cry if you want 😭).

URL: http://racksburg.com/choosing-an-http-status-code/
Description: Choosing an HTTP Status Code — Stop Making It Hard.

URL: https://github.com/KnightOS/knightos
Description: KnightOS is a third-party operating system for TI calculators.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 51 | Month: December | Year: 2015 | Release Date: 18/12/2015 | Edition: 96º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://nvisium.com/blog/2015/12/07/injecting-flask/
Description: Injecting Flask.

URL: https://vagmour.eu/facebook-open-redirect-vulnerability-that-does-the-social-engineering-job-too/
Description: Facebook open-redirect vulnerability that does the social engineering job too.

URL: https://sites.google.com/site/zerodayresearch/BadWinmail.pdf
Description: The "Enterprise Killer" Attack Vector in Microsoft Outlook.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/DaniLabs/scripts-nse
Description: Huawei HG253s v2 Huawei HG253s v2 Pwn.

URL: https://github.com/vcrypt/vcrypt
Description: Toolkit for multi-factor, multi-role encryption.

URL: https://github.com/killswitch-GUI/SimplyEmail
Description: SimpleEmail is a email recon tool that is fast and easy framework to build on.

URL: https://github.com/alexis-ld/pycket
Description: A simple python packet sniffer and manipulation tool for linux.

URL: https://github.com/jndok/stfusip
Description: System Integrity Protection (SIP) bypass for OSX 10.11.1.

URL: https://github.com/hasherezade/snippets
Description: Code snippets and PoCs, to be used for tests or as ready-made skeletons. (Win Pwnage)

URL: https://isc.sans.edu/diary/Scanning+tricks+with+scapy/20381
Description: Scanning tricks with scapy.

URL: https://github.com/CaledoniaProject/jenkins-cli-exploit
Description: Jenkins CommonCollections Exploit (JAVA Serializaion Vulnerabilty Continuation). 

URL: http://antincode.com/post/131952657591/xss-via-xml-post
Description: XSS via XML POST (Small Trick).

URL: http://www.greyhathacker.net/?p=894
Description: Bypassing Windows ASLR in Microsoft Office using ActiveX controls.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://odzhan.wordpress.com/2015/11/19/dllpic-injection-on-windows-from-wow64-process/
PoC: https://github.com/odzhan/pi
Description: DLL/PIC Injection on Windows from Wow64 process.

URL: http://ethanheilman.tumblr.com/post/133488739430/is-playstation-4-network-traffic-especially
Description: Is PlayStation 4 Network Traffic Especially Difficult to Decrypt?

URL: https://www.raspberrypi.org/forums/viewtopic.php?f=66&t=126892
Description: RBPi Predictable SSH host keys (Year 2008 Again 😄).

URL: http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html
Description: House of Keys - Industry-Wide HTTPS Certificate and SSH Key Reuse.

URL: https://usn.pw/blog/gen/2015/06/09/filenames/
Description: A Tale of Two File Names.

URL: http://hn.premii.com/#/article/10686676
Description: Survey of popular Node.js packages reveals credential leaks.

URL: http://opensecuritytraining.info/IntroX86.html
Description: Introductory Intel x86 - Architecture, Assembly, Applications, & Alliteration.

URL: http://labs.detectify.com/post/133528218381/chrome-extensions-aka-total-absence-of-privacy
Description: Chrome Extensions – AKA Total Absence of Privacy.

URL: https://blog.srcclr.com/amazon-aws-sdk-for-java-vulnerability-disclosure/
Description: Amazon AWS Java SDK Vulnerability Disclosure.

URL: https://blogs.akamai.com/2015/12/developing-a-poc-step-by-step.html
Description: Developing a PoC Step by Step (Wordpress Issue Example).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://blog.totallynotmalware.net/?p=15
Description: Social Media Self-Defense (Tips and Tricks).

URL: http://oldweb.today/
Description: Browse old web pages the old way with virtual browsers in the browser.

URL: http://bnrg.cs.berkeley.edu/~randy/Courses/CS39K.S13/anarchistcookbook2000.pdf
Description: Anarchy Cookbook V2000.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 52 | Month: December | Year: 2015 | Release Date: 26/12/2015 | Edition: 97º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://goo.gl/qexIz4 (+)
More: https://rpw.sh/blog/2015/12/21/the-backdoored-backdoor/
Scanner: https://github.com/juliocesarfort/netscreen-shodan-scanner
Honeypot: https://github.com/armbues/netscreen_honeypot
Research Repo: https://github.com/hdm/juniper-cve-2015-7755
Description: Juniper ScreenOS Backdoor Information Dump.

URL: http://www.exfiltrated.com/research-Instagram-RCE.php#Ruby_RCE
Novel: https://m.facebook.com/notes/alex-stamos/bug-bounty-ethics/10153799951452929
Description: Instagram's Million Dollar Bug aka RCE.

URL: http://l0.cm/xxn/
Description: X-XSS-Nightmare - 1; mode=attack XSS Attacks Exploiting XSS Filter.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/nil0x42/phpsploit
Description: Stealth post-exploitation framework.

URL: https://github.com/sweetsoftware/Ares
Description: Python botnet and backdoor.

URL: https://github.com/q3k/crowbar
Description: Tunnel TCP over a plain HTTP session.

URL: https://github.com/sensepost/autoresponder
Description: Auto load NTLM hashes from Responder logs and fires up Hashcat to crack them.

URL: https://github.com/rapid7/ssh-badkeys
Description: Dump of static SSH keys from Software and Hardware products.

URL: https://github.com/obsidianforensics/hindsight
GUI: http://www.obsidianforensics.com/blog/hindsight-gui-released
Description: Internet history forensics for Google Chrome/Chromium.

URL: http://goo.gl/ysJ9ku (+)
Description: Converting Shellcode to Portable Executable (32- and 64- bit).

URL: http://www.contextis.com/resources/blog/data-exfiltration-blind-os-command-injection/
Description: Data Exfiltration via Blind OS Command Injection.

URL: http://mainframed767.tumblr.com/post/133340564417/nmap-enumerating-vtam-applications
Description: Nmap - Enumerating VTAM Applications.

URL: http://blog.knownsec.com/wp-content/uploads/2015/12/Sqlmap-exploit_en.txt
Description: SQLMap Code Execute Vulnerability.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://blogs.securiteam.com/index.php/archives/2671
Description: eBay Arbitrary Invoice Disclosure.

URL: https://www.poshsecurity.com/blog/2015/12/7/how-the-skype-team-failed-at-powershell
Description: How the Skype team failed at PowerShell.

URL: https://goo.gl/dUiZjx (+)
Description: Cautionary note - UUIDs generally do not meet security requirements.

URL: https://goo.gl/zQsIfv (+)
Description: Bypass almost every Corporate security control("BadWinmail").

URL: http://blog.regehr.org/archives/1282
Description: Multi-Version Execution Defeats a Compiler-Bug-Based Backdoor.

URL: http://blog.amossys.fr/How_to_reverse_unknown_protocols_using_Netzob.html
Description: How to reverse unknown protocols using Netzob.

URL: https://jbp.io/2015/11/23/abusing-u2f-to-store-keys/
Description: Abusing U2F to 'store' keys.

URL: http://agrrrdog.blogspot.ca/2015/11/3-attacks-on-cisco-tacacs-bypassing.html
Tools: https://github.com/GrrrDog/TacoTaco
Description: Three Attacks on Cisco TACACS+ - Bypassing the Cisco's Auth.

URL: http://www.codereversing.com/blog/archives/282
PoC: https://github.com/codereversing/directx9hook 
Description: Runtime DirectX Hooking.

URL: http://www.kfirlavi.com/blog/2012/11/14/defensive-bash-programming
Description: Defensive BASH Programming.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: https://julianoliver.com/output/log_2015-12-18_14-39
Description: Detect and disconnect WiFi cameras in that AirBnB you’re staying in.

URL: https://github.com/rachelnicole/robokitty
Description: A DIY Cat (or dog. or human) Feeder powered by Node.

URL: https://github.com/ncsoft/Unreal.js
Description: JavaScript runtime built for UnrealEngine 4.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 53 | Month: December | Year: 2015 | Release Date: 31/12/2015 | Edition: 98º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://www.secgeek.net/bookfresh-vulnerability/
Description: BookFresh Tricky File Upload Bypass to RCE.

URL: http://www.agarri.fr/kom/archives/2015/12/17/amf_parsing_and_xxe/index.html
Description: AMF parsing and XXE.

URL: https://www.optiv.com/blog/bypassing-csrf-tokens-via-xss
Description: Bypassing CSRF Tokens via XSS.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/rbauduin/mbdetect
Description: MPTCP Middlebox Detection.

URL: https://github.com/rastating/joomlavs
Description: A black box, Ruby powered, Joomla vulnerability scanner.

URL: http://www.rootsh3ll.com/2015/11/aircrack-boost-script/
Description: Aircrack Boost Script.

URL: https://github.com/Rootkitsmm/Win10Pcap-Exploit
Description: Exploit Win10Pcap Driver (Local Privilege Escalation).

URL: https://httphacker.github.io/gethead/
Description: HTTP Header Analysis Vulnerability Tool.

URL: https://github.com/GaloisInc/haskell-tor
Description: A Haskell implementation of the Tor protocol.

URL: https://github.com/bwall/pemcracker
Description: Tool to crack encrypted PEM files.

URL: https://github.com/1N3/Sn1per
Description: Automated Pentest Recon Scanner.

URL: https://github.com/jaegerindustries/password_search
Description: Reconnaissance/Auditing tool that search for passwords within code repos.

URL: https://blog.cloudflare.com/tools-for-debugging-testing-and-using-http-2/
Description: Tools for debugging, testing and using HTTP/2.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://sethsec.blogspot.com.tr/2015/12/exploiting-server-side-request-forgery.html
Description: Exploiting Server Side Request Forgery on a Node/Express Application on EC2.

URL: https://adsecurity.org/?page_id=1821
Description: Unofficial Guide to Mimikatz&Command Reference.

URL: http://x42.obscurechannel.com/?p=197
Description: Fingerprinting Meterpreter HTTPS Handlers and Faking Sessions (Reverse Handler DoS).

URL: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
Description: Grub2 Authentication 0-Day.

URL: http://zoczus.blogspot.pt/2014/05/how-reverse-dns-can-help-us-with-xss.html
Description: How Reverse DNS can help us with XSS, SQLi, RCE...

URL: http://www.exploit-monday.com/2015/12/the-powersploit-manifesto.html
Description: The PowerSploit Manifesto.

URL: https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
Description: Basic Linux Privilege Escalation.

URL: http://marcoramilli.blogspot.pt/2015/12/spotting-malicious-node-relays.html
Description: Spotting Malicious Node Relays.

URL: https://github.com/HexHive/printbf
Description: Brainfuck interpreter in printf.

URL: http://toshellandback.com/2015/11/24/ms-priv-esc/
Description: Common Windows Privilege Escalation Vectors.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://oswatch.org/
Description: Open Source Watch.

URL: http://azac.pl/cobol-on-wheelchair/
Description: COBOL on Wheelchair.

URL: http://showterm.io/
Description: Terminal "Sceencasts".


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 01 | Month: January | Year: 2016 | Release Date: 08/01/2016 | Edition: 99º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://www.ubercomp.com/posts/2014-01-16_facebook_remote_code_execution
Description: XXE in OpenID - Facebook RCE. (Oldies)

URL: https://code.google.com/p/google-security-research/issues/detail?id=675
Description: AVG: "Web TuneUP" extension Vulnerabilities. ("Security Products")

URL: https://guidovranken.files.wordpress.com/2015/12/https-bicycle-attack.pdf
Description: HTTPS Bicycle Attack.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://www.securityfocus.com/archive/1/536930
Description: RCE and SQL injection via CSRF in Horde Groupware.

URL: https://github.com/morria/phan
Description: Phan is a static analyzer for PHP.

URL: https://blog.korelogic.com/blog/2015/12/04/linksys-0day-unauth-infodisco
Advisor: https://www.korelogic.com/Resources/Advisories/KL-001-2015-006.txt
Description: Linksys EA6100 Wireless Router Authentication Bypass.

URL: https://github.com/alienwithin/xanity-php-rat
Description: Xanity PHP RAT leak For Researchers.

URL: http://dev.cra0kalo.com/?p=400
Description: LiveDump – A simple memory dumper (Windows).

URL: http://www.impulseadventure.com/photo/jpeg-snoop.html
Description: JPEGsnoop - JPEG File Decoding Utility (Forensics).

URL: http://www.shellntel.com/blog/2015/9/23/assessing-enterprise-wireless-networks
Description: crEAP - Harvesting Users on Enterprise Wireless Networks.

URL: https://github.com/CacheBrowser/cachebrowser
Description: A proxy-less censorship resistance tool.

URL: https://github.com/mikkolehtisalo/gssapi-proxy
Description: GSSAPI/Kerberos proxy (Pentest).

URL: https://blog.g0tmi1k.com/dvwa/bruteforce-high/
Description: DVWA - Brute Force (High Level) - Anti-CSRF Tokens.

URL: https://github.com/HeitorG/harpoon
Description: Harpoon web backdoor (PHP).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://randywestergren.com/running-a-hidden-tor-service-with-docker-compose/
Description: Running a Hidden Tor Service with Docker Compose.

URL: http://goo.gl/tJ00NN (+)
Description: Exploiting F5 ICall::Script Privilege Escalation (CVE-2015-3628).

URL: https://github.com/happyworm/jPlayer/issues/327
Description: jPlayer for SOME-attacks Issue.

URL: http://blog.mindedsecurity.com/2015/11/reliable-os-shell-with-el-expression.html
Description: Reliable OS Shell with - EL [ Expression Language ] - Injection.

URL: http://routersecurity.org/checklist.php
Description: Router Security Checklist.

URL: http://c0rni3sm.blogspot.pt/2016/01/referrer-leakage-from-https-to-https.html
Description: Referrer Leakage from HTTPS to HTTPS.

URL: https://digi.ninja/projects/zonetransferme.php
Description: ZoneTransfer.me

URL: http://www.greyhathacker.net/?p=911
Description: Spraying the heap in seconds using ActiveX controls in MS Office.

URL: https://blog.srcclr.com/handlebars_vulnerability_research_findings/
Description: A short study of how a handlebars.js vulnerability has spread.

URL: https://blog.risingstack.com/web-authentication-methods-explained/
Description: Web Authentication Methods Explained (Auth 101).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time ?


URL: http://www.portoscuso.com/codef/index.html
Description: Oldschool Demoscene Intros.

URL: https://gist.github.com/hasegawayosuke/00f7253e22e228462b91
Description: Polyglot of node.js/windows bat file.

URL: https://github.com/simias/rustation
Description: Rustation PlayStation emulator.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 02 | Month: January | Year: 2016 | Release Date: 15/01/2016 | Edition: 100º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://code.google.com/p/google-security-research/issues/detail?id=693
PoC: https://goo.gl/RrTJLS (+)
Description: TrendMicro node.js HTTP Server listening on localhost can exec commands.

URL: https://github.com/sghctoma/multipass
Description: Binding two processes on the same port for fun and firewall evasion.

URL: https://goo.gl/tmvgpl (+)
Description: A tale of eBay XSS and shoddy incident response.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/mschwager/dhcpwn
Description: DHCPwn is a tool used for testing DHCP IP exhaustion attacks.

URL: https://github.com/glmcdona/Process-Dump
Description: Windows tool for dumping malware PE files from memory back to disk.

URL: https://github.com/kahunalu/pwnbin
Description: Python Pastebin Webcrawler (keywords filtering).

URL: http://www.ioactive.com/labs/tools.html
Description: IOActive Labs Tools (Dump).

URL: https://github.com/nccgroup/autopwn
Description: Specify targets and run sets of tools against them (L4m3 Autopwn). 

URL: http://www.phillips321.co.uk/2015/11/24/hacking-the-atn-x-sight-part1/
Description: Hacking the ATN X-sight.

URL: https://github.com/ithurricane/SampleCode/blob/master/hidereg_r0r3.c
Description: Hide registry key form regedit like poweliks.

URL: https://github.com/sektioneins/micro-ca-tool
Description: Small-scale CA with SmartCard support.

URL: http://goo.gl/Cqotff (+)
Description: Exploiting JBoss with Empire and PowerShell.

URL: https://github.com/Varbaek/xsser
Description: From XSS to RCE 2.0 (Black Hat Europe Arsenal 2015).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://goo.gl/Jal7oS (+)
Release: http://www.openssh.com/txt/release-7.1p2
Description: OpenSSH - Information leak vulnerability (CVE-2016-0777).

URL: https://gist.github.com/joepie91/5a9909939e6ce7d09e29
Description: Don't use VPN services.

URL: http://lukasa.co.uk/2016/01/Debugging_With_Wireshark_TLS/
Description: Debugging With Wireshark - TLS.

URL: http://www.icewall.pl/?p=732&lang=en
Description: MS .NET/Silverlight Manifest Resource Info. Disclosure (CVE-2015-6114).

URL: http://sourceincite.com/2015/11/16/ms15-116-parse-the-pointer-of-no-return/
PoC: https://goo.gl/NXGXWU (+)
Description: MS15-116 – Parse the [point]er of no return.

URL: http://valerieaurora.org/hash.html
Description: Lifetimes of cryptographic hash functions.

URL: http://zerodayguys.blogspot.com.tr/2015/10/practical-example-of-host-header.html
Description: Practical example of HOST header injection.

URL: https://github.com/RPISEC/Malware
Description: Course materials for Malware Analysis by RPISEC.

URL: http://sasi2103.blogspot.co.il/2015/12/creative-bug-which-result-stored-xss-on.html
Description: Creative bug which result Stored XSS on m.youtube.com (Why not!).

URL: https://www.famkruithof.net/guid-uuid-timebased.html
Description: How is a Time-based UUID/GUID made.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://www.xorpd.net/pages/xchg_rax/snip_00.html
Description: xchg rax,rax.

URL: https://github.com/TheMozg/awk-raycaster
Description: Pseudo-3D shooter written completely in awk using raycasting technique.

URL: https://github.com/herrbischoff/awesome-osx-command-line
Description: Use your OS X terminal shell to do awesome things.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 03 | Month: January | Year: 2016 | Release Date: 22/01/2016 | Edition: 101º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://blog.ioactive.com/2016/01/drupal-insecure-update-process.html
Description: Drupal - Insecure Update Process.

URL: https://royaljay.com/security/angular-expression-injections/
Description: How I Stole Plunker Session Tokens with an Angular Expression.

URL: http://c0rni3sm.blogspot.in/2013/12/google-adwords-stored-xss-from-nay-to.html
Description: Google Adwords Stored XSS - From Nay to Yay!


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/foospidy/HoneyPy
Description: A low interaction honeypot.

URL: https://github.com/AnimeshShaw/ChromeForensics
Description: Automated forensic tool for analysis of Chrome Browser and its variants.

URL: https://github.com/google/syzkaller
Description: Distributed, unsupervised, coverage-guided Linux syscall fuzzer.

URL: https://github.com/Invoke-IR/PowerForensics/
Description: PowerForensics - PowerShell Digital Forensics.

URL: http://hasherezade.net/ViDi/
Linux x64: https://drive.google.com/file/d/0Bx0ohDGks8J0MW9YcFQ2TXRjZ2M/view?usp=sharing
Description: ViDi Visual Disassembler.

URL: https://github.com/CoolerVoid/Mosca
Description: Static analysis tool to find bugs like a grep unix command.

URL: https://github.com/ac-pm/SSLUnpinning_Xposed
Description: Android Xposed Module to bypass Certificate Pinning.

URL: http://weakpass.com/
More: http://wordlists.capsop.com/
Description: Wordlists from a variety of sources (Dump).

URL: https://github.com/skftn/upc_keys.py
Description: WPA2 passphrase recovery tool for UPC%07d devices.

URL: http://blog.stalkr.net/2015/12/from-remote-shell-to-remote-terminal.html
Description: From remote shell to remote terminal.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://habrahabr.ru/company/mailru/blog/274855/
Description: Dangerous Video - ffmpeg remote and local vulnerabilities.

URL: http://c0rni3sm.blogspot.pt/2016/01/hql-injection-for-oracle-database.html
Description: HQL Injection on Web Application Running Oracle Database.

URL: http://appcheck-ng.com/unpatched-vulnerabilites-in-magento-e-commerce-platform/
Description: Unpatched Vulnerabilities in Magento E-Commerce Platform.

URL: https://blogs.securiteam.com/index.php/archives/2675
Description: Acunetix WVS XSS, Memory Exhaustion and DoS. (Just for Fun!)

URL: https://cturt.github.io/dlclose-overflow.html
Description: Analysis of sys_dynlib_prepare_dlclose PS4 kernel heap overflow.

URL: https://warroom.securestate.com/bmp-x86-polyglot/
Description: BMP/x86 Polyglot.

URL: https://known.phyks.me/2015/self-hosting-firefox-sync-15
Description: Self-hosting Firefox sync 1.5 (Privacy Helper).

URL: http://lgms.nl/blog-2
Description: Faking the TCP handshake.

URL: http://blog.emaze.net/2016/01/multiple-vulnerabilities-samsung-srn.html
Description: Multiple vulnerabilities in Samsung SRN cameras.

URL: https://jbp.io/2016/01/17/using-sgx-to-hash-passwords/
Description: Using SGX to harden password hashing.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/samshadwell/TrumpScript
Description: Make Python great again.

URL: http://theuserisdrunk.com/
Description: The User is Drunk.

URL: https://github.com/alerj78/lucky7coin/issues/1
Description: Backdoor in IRC code (lucky7coin).


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 04 | Month: January | Year: 2016 | Release Date: 29/01/2016 | Edition: 102º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://artsploit.blogspot.pt/2016/01/paypal-rce.html
Description: PayPal Remote Code Execution Vulnerability (Java Unserialize).

URL: http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html
Description: XSS without HTML - Client-Side Template Injection with AngularJS.

URL: https://fin1te.net/articles/xss-on-facebook-via-png-content-types/
Description: An XSS on Facebook via PNGs & Wonky Content Types.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/ncrocfer/whatportis
Description: A command to search port names and numbers.

URL: https://github.com/drmint80/fuzznus
Description: FuzzNus python based GDB script.

URL: https://3v4l.org
Description: Compilation of more than 150 different PHP versions, ready to run code.

URL: http://seclists.org/fulldisclosure/2016/Jan/26
Description: SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7.

URL: https://github.com/ChrisTruncer/EyeWitness
Description: EyeWitness is designed to take screenshots of websites.

URL: https://github.com/Audi-1/sqli-labs
Description: SQLi labs to test error based, Blind boolean based, Time based.

URL: https://github.com/dstosberg/odt2txt/
Description: A simple converter from OpenDocument Text to plain text.

URL: https://github.com/P0cL4bs/WiFi-Pumpkin
Description: Framework for Rogue Wi-Fi Access Point Attack.

URL: https://github.com/YelGroup/Yel-CSRF-tool
Description: This is Chrome extension for detecting CSRF vulnerabilities.

URL: https://github.com/earthquake/chw00t/
Description: chw00t - Unices chroot breaking tool.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://vwzq.net/lab/covert/
Description: Covert channels (in da soup) in the SOP.

URL: https://goo.gl/Yf0fU4 (+)
Description: How email in transit can be intercepted using DNS hijacking.

URL: http://windowsir.blogspot.pt/2015/12/working-with-shadow-volumes.html
Description: Working with Shadow Volumes.

URL: https://github.com/drduh/OS-X-Security-and-Privacy-Guide
Description: OSX Security and Privacy Guide.

URL: http://zerothoughts.tumblr.com/post/137769010389/fun-with-jndi-remote-code-injection
Description: Fun with JNDI remote code injection.

URL: http://goo.gl/xoVqPb (+)
Description: Bypass DEP and CFG using JIT compiler in Chakra engine.

URL: http://goo.gl/5i1yx9 (+)
PoC: https://gist.github.com/PerceptionPointTeam/18b1e86d1c0f8531ff8f
Description: Analysis and Exploitation of a Linux Kernel Vulnerability (CVE-2016-0728).

URL: https://docs.google.com/document/d/19dspgrz35VoJwdWOboENZvccTSGudjQ_p8J4OPsYztM
Description: Browser mitigations against memory corruption vulnerabilities.

URL: https://micahflee.com/2016/01/debian-grsecurity/
Description: Hardening Debian for the Desktop Using Grsecurity.

URL: https://plmsecurity.net/mantis_host_header_attack
Description: MantisBT 1.2.19 - Host header attack vulnerability.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/stevelacy/crashsafari
Description: Crashsafari.

URL: https://github.com/HackerFantastic/Public/blob/master/exploits/lbreakout-exploit.c
Description: lbreakout2 exploit for ARM (educational).

URL: https://goo.gl/1swv2B (+)
Description: Build an 'SMS center' with Python , Kannel and a GSM modem.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 05 | Month: February | Year: 2016 | Release Date: 05/02/2016 | Edition: 103º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://goo.gl/L6diHy (+)
Description: How Nvidia breaks Chrome Incognito.

URL: http://foxglovesecurity.com/2016/01/16/hot-potato/
Improved PoC: https://github.com/Cn33liz/SmashedPotato 
Description: Hot Potato – Windows Privilege Escalation.

URL: https://klikki.fi/adv/yahoo.html
Description: Yahoo Mail stored XSS.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/SummitRoute/osxlockdown
Description: OSX tool to audit and remediate, security configuration settings.

URL: https://github.com/cvandeplas/pystemon
Description: Monitoring tool for PasteBin-alike sites written in Python.

URL: https://github.com/gophish/gophish
Description: Open-Source Phishing Toolkit.

URL: http://sysadminconcombre.blogspot.ca/2015/07/how-to-hack-windows-password.html
Tool: https://github.com/giMini/RWMC
Description: How to hack Windows password?

URL: https://github.com/nmap/ncrack
Description: Ncrack network authentication tool.

URL: https://github.com/BR903/ELFkickers
Description: A collection of programs that access and manipulate ELF files.

URL: http://goo.gl/CNVZfs (+)
Description: Stream a target's Desktop using MJPEG and PowerShell.

URL: https://github.com/Ganapati/Crawlic
Description: Web recon tool.

URL: https://github.com/jacob-baines/elfparser
Description: Cross Platform ELF analysis.

URL: http://bernardodamele.blogspot.pt/2012/06/data-retrieval-over-dns-in-sql.html
Description: Data retrieval over DNS in sqlmap.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://fumalwareanalysis.blogspot.ch/p/malware-analysis-tutorials-reverse.html
Description: Malware Analysis Tutorials - a Reverse Engineering Approach.

URL: https://reverse.put.as/2016/01/22/reversing-apples-syslogd-bug/
Description: Reversing Apple's syslogd bug.

URL: https://goo.gl/QQ9Xke (+)
Description: Reflected File Download on Blizzard’s BattleNet API.

URL: https://adamcaudill.com/2016/02/02/plsql-developer-nonexistent-encryption/
Description: PL/SQL Developer: Nonexistent Encryption.

URL: https://enigma0x3.wordpress.com/2016/01/28/an-empire-case-study/
Description: An Empire Case Study (Usage for complete forest ownership/pwn).

URL: http://www.sjoerdlangkemper.nl/2016/01/29/circumventing-xss-filters/
Description: Circumventing XSS filters.

URL: http://goo.gl/qYpYv8 (+)
Description: Hacking into a Vehicle CAN bus (Toyothack and SocketCAN).

URL: http://goo.gl/XAK4a9 (+)
Description: Triaging the exploitability of IE/EDGE crashes.

URL: https://www.landaire.net/blog/finding-a-csrf-vulnerability-in-phpbb/
Description: Finding a CSRF vulnerability in phpBB.

URL: http://www.payatu.com/from-crash-to-exploit/
Description: From Crash to Exploit (CVE-2015-6086) Out of Bound Read/ASLR Bypass.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://www.workatlinkedin.com/
Description: Solve this challenge to get an interview at LinkedIn.

URL: https://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html
Description: Why I Wrote PGP by Philip Zimmermann (The 0ne 😉).

URL: http://codebox.org.uk/pages/monkeyshine-javascript-practical-jokes
Description: Slightly Evil JavaScript.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 06 | Month: February | Year: 2016 | Release Date: 12/02/2016 | Edition: 104º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://blog.innerht.ml/cross-origin-css-attacks-revisited-feat-utf-16/
Description: Cross-Origin CSS Attacks Revisited (feat. UTF-16).

URL: https://hackerone.com/reports/111440
Description: DOM based XSS via Wistia embedding.

URL: https://nvisium.com/blog/2016/01/26/rails-dynamic-render-to-rce-cve-2016-0752/
More: http://www.phrack.org/papers/attacking_ruby_on_rails.html
Description: Rails Dynamic Render to RCE (CVE-2016-0752).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://angr.io/
Description: Binary analysis framework.

URL: https://github.com/aboul3la/Sublist3r
Description: Fast subdomains enumeration tool for penetration testers.

URL: https://github.com/AeonDave/doork
Description: Passive Vulnerability Auditor.

URL: https://github.com/cve-search/cve-search
Description: CVE-Search tool to perform local searches for known vulnerabilities.

URL: https://github.com/g0tmi1k/exe2hex
Description: Inline file transfer using debug.exe and/or PowerShell.

URL: https://github.com/nccgroup/dotnetpaddingoracle
Description: Python Implementation of a .NET Padding Oracle Assessment Tool.

URL: https://github.com/KINGSABRI/BufferOverflow-Kit
Description: Buffer-Overflow development in one place.

URL: https://github.com/wisk/medusa
Blog: https://wisk.github.io/how-to-emulate-executable-with-medusa-and-python-part-0.html 
Description: An open source interactive disassembler.

URL: http://salmanarif.bitbucket.org/visual/index.html
Description: VisUAL - A highly visual ARM emulator.

URL: https://github.com/Marak/faker.js
Description: Generate massive amounts of fake data in Node.js and the browser.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://vulnsec.com/2016/osx-apps-vulnerabilities/
Description: There's a lot of vulnerable OS X applications out there.

URL: http://en.wooyun.io/2015/12/15/Bypass-McAfee-Application-Control.html
Description: Bypass McAfee Application Control——Code Execution.

URL: http://www.agarri.fr/kom/archives/2016/02/06/deserialization_in_perl_v5_8/index.html
Description: Deserialization in Perl v5.8.

URL: http://hdwsec.fr/blog/CVE-2015-0057.html
Description: (MS15-010/CVE-2015-0057) Exploitation.

URL: https://github.com/tfairane/HackStory/blob/master/McAfeePrivesc.md
Tool: https://github.com/funoverip/mcafee-sitelist-pwd-decryption/
More: http://warchest.fusionx.com/mcafee-sitelist-xml-domain-credentials-disclosure/
Description: McAfee privileged SiteList.xml leads to AD Domain privilege escalation.

URL: http://blog.dornea.nu/2016/01/26/some-words-on-csrf-and-cookies/
Description: Some words on CSRF and cookies.

URL: https://github.com/PaulSec/awesome-sec-talks
Description: List of Sec talks/videos.

URL: https://blog.sucuri.net/2016/01/jquery-pastebin-replacement.html
Description: Malicious Pastebin Replacement for jQuery.

URL: http://0xbaadf00dsec.blogspot.in/2016/01/reverse-engineering-online-games.html
Description: Reverse Engineering Online Games - Dragomon Hunter.

URL: https://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
Description: Exploiting hard filtered SQL Injections.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://sroberts.github.io/2016/01/20/travel-opsec/
Description: Travel OpSec.

URL: http://int10h.org/oldschool-pc-fonts/readme/
Description: The Ultimate Oldschool PC Font Pack.

URL: https://deadlockempire.github.io/
Description: The Deadlock Empire.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 07 | Month: February | Year: 2016 | Release Date: 19/02/2016 | Edition: 105º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://mksben.l0.cm/2016/01/google-toolbar-xss.html
Description: XSS using the Google Toolbar's command.

URL: http://blog.k3170makan.com/2016/02/stealing-secrets-with-css-cross-origin.html
Description: Stealing Secrets with CSS - Cross Origin CSS Attacks.

URL: http://info.safebreach.com/hubfs/Node-js-Response-Splitting.pdf
Blog: http://goo.gl/AE7S2O (+)
Description: HTTP Response Splitting in Nodejs.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://www.blackmoreops.com/2015/12/28/ip-spoofing-in-kali-linux-with-torsocks/
Description: Evade monitoring by IP spoofing in Kali Linux with torsocks.

URL: https://github.com/Googulator/TeslaCrack
Description: Decryptor for the TeslaCrypt malware.

URL: https://github.com/roglew/pappy-proxy
Description: An intercepting proxy for web application testing.

URL: https://github.com/jethrogb/uefireverse
Description: Tools to help with Reverse Engineering UEFI-based firmware.

URL: https://github.com/Pinperepette/IPTV
Description: Search and brute force illegal IPTV server.

URL: https://github.com/google/stenographer
Description: Full-packet-capture util for buffering packets to disk for IDS/IR purposes.

URL: https://github.com/jtpereyda/boofuzz
Description: A fork and successor of the Sulley Fuzzing Framework.

URL: https://github.com/NullArray/RootHelper
Description: Privilege escalation on a Linux system helper.

URL: https://github.com/ruped24/killchain
Description: A unified console to perform the "kill chain" stages of attacks.

URL: https://github.com/CoreSecurity/pysap
Description: Python library for crafting SAP's network protocols packets.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: https://goo.gl/3eoqgc (+)
More: https://00f.net/2016/02/17/cve-2015-7547/ (Don't panic, don't spread fear!)
PoC: https://github.com/fjserna/CVE-2015-7547
Description: glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547).

URL: https://wald0.com/?p=14
PoC: https://github.com/andyrobbins/PowerPath
Description: Automated Derivative Administrator Search.

URL: http://pouyadarabi.blogspot.pt/2015/04/bypass-facebook-csrf.html
Description: Facebook - How I bypassed Facebook CSRF Protection 2015.

URL: http://ceukelai.re/a-tale-of-two-offline-chrome-uxss-vulns/
Description: A tale of two offline Chrome UXSS vulns.

URL: http://mikeknoop.com/lxml-xxe-exploit/
Description: Nobody expects ENTITY sections in XML (XXE Saga).

URL: https://www.tophertimzen.com/blog/windowsx64Shellcode/
Description: Windows x64 Shellcode.

URL: https://ret2libc.wordpress.com/2016/01/03/hacking-banks-for-fun-and-profit/
Description: Hacking banks for fun and profit.

URL: https://goo.gl/azjtvB (+)
Description: How to get user crendentials from memory dumps.

URL: https://jimshaver.net/2016/02/14/defending-against-mimikatz/
Description: Defending Against Mimikatz.

URL: http://www.sjoerdlangkemper.nl/2016/02/11/cracking-php-rand/
Description: Cracking PHP rand().


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://www.youtube.com/watch?v=_QdPW8JrYzQ
Description: This is what happens when you reply to spam email.

URL: https://github.com/huydx/facy
Description: CLI for Facebook.

URL: https://ping.gg/
Description: The world's most simple monitoring service.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 08 | Month: February | Year: 2016 | Release Date: 26/02/2016 | Edition: 106º ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://r0rshark.github.io/2015/07/30/google/
More: https://blog.0daylabs.com/2016/02/11/How-I-got-a-shell-on-google-acquisition/
Description: Getting a shell on a Google Acquisition.

URL: https://goo.gl/xbCyay (+)
Description: Graphing when your Facebook friends are awake.

URL: http://jcarlosnorte.com/security/2016/02/21/date-leak-gzip-tor.html
Description: HTTP GZIP Compression remote date and time leak.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/hfiref0x/ZeroAccess
Description: ZeroAccess (Malware) v3 toolkit.

URL: https://github.com/praetorian-inc/pentestly
Description: Python and Powershell internal penetration testing framework.

URL: http://www.silentrobots.com/blog/2015/12/14/xe-cheatsheet-update/
Description: XML Entity Cheatsheet

URL: https://github.com/SignalSEC/kirlangic-ttf-fuzzer
Description: TrueType Font Fuzzer.

URL: https://github.com/graniet/chromebackdoor
Description: Backdoor C&C for Chrome.

URL: https://github.com/chrismaddalena/viper
Description: Tool for automating penetration testing tasks (in Dev).

URL: https://github.com/micahflee/phpass_crack
Description: A password cracker for Portable PHP password hashes. 

URL: http://windowsir.blogspot.pt/2016/01/more-registry-fun.html
Description: More Registry Fun (null char checker).

URL: https://github.com/ben174/hsts-cookie
Description: Creates a HSTS Supercookie to fingerprint a browser.

URL: https://github.com/koczkatamas/CVE-2016-0051
Description: PoC for BSoD and Privilege Escalation - CVE-2016-0051 (MS-016).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://www.miasm.re/blog/2016/01/27/re150.html
Description: GreHack 2015 Re150 Challenge - Solution using Miasm Framework.

URL: http://rileykidd.com/2016/01/12/synology-nas-dsm-5-2-remote-code-execution-rce/
Description: Synology NAS DSM 5.2 Remote Code Execution (RCE).

URL: https://goo.gl/1Yaz1c (+)
Description: Why I stopped using StartSSL (Hint: it involves a Chinese company).

URL: http://www.505forensics.com/windows-10-prefetch/
Description: Script Release - Parsing Windows 10 Prefetch Files on Linux.

URL: https://blog.srcclr.com/reversing-an-open-source-vulnerability/
Description: Reversing an Open Source Vulnerability.

URL: https://avicoder.me/2016/02/22/SSLstrip-for-newbies/
Description: SSL Strip for Newbies.

URL: http://en.wooyun.io/2016/01/28/Barcode-attack-technique.html
Description: Barcode attack technique (Badbarcode).

URL: https://github.com/shellphish/how2heap
Description: A repository for learning various heap exploitation techniques.

URL: https://www.gracefulsecurity.com/sql-injection-exploitation/
Description: SQL Injection - Exploitation 101.

URL: http://www.xexexe.cz/2016/02/hijacking-forgotten-misconfigured.html
Description: Hijacking forgotten & misconfigured subdomains.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://www.youtube.com/watch?v=bjYhmX_OUQQ
Description: What Happens When You Dare Expert Hackers To Hack You.

URL: http://thume.ca/projects/2012/11/14/magic-png-files/
Description: Magic PNG Thumbnails.

URL: http://rubyfu.net/
Description: Rubyfu, where Ruby goes evil!


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 09 | Month: March | Year: 2016 | Release Date: 04/03/2016 | Edition: 107º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://drownattack.com/
Advisory: https://www.openssl.org/news/secadv/20160301.txt
Description: The DROWN Attack.

URL: http://ownsecurity.blogspot.pt/2016/03/finding-xss-in-microsoft-oauth.html
Description: Finding a XSS in Microsoft OAuth Interface.

URL: http://goo.gl/y9to8s (+)
Description: Widespread XSS Vulnerabilities in Ad Network Code.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/drego85/Joomla_Components_Scanner
Description: Tool to find the components installed in Joomla CMS.

URL: http://x42.obscurechannel.com/?p=263
Description: Privilege Escalation (SYSTEM) via Dolby’s DAX2_API Service (Win10).

URL: https://github.com/schumilo/vUSBf
Description: KVM/QEMU based USB-fuzzing framework.

URL: https://github.com/google/kasan
Description: KernelAddressSanitizer, a fast memory error detector for the Linux kernel.

URL: https://github.com/rflynn/lanmap2
Description: Builds database/visualizations of LAN structure.

URL: https://github.com/n0fate/volafox
Description: Mac OS X Memory Analysis Toolkit.

URL: https://github.com/nbshelton/bitdump
Description: A tool to extract database data from a blind SQL injection vulnerability.

URL: https://github.com/Ali-Razmjoo/OWASP-ZSC/
Description: OWASP ZCR Shellcoder.

URL: https://blog.netspi.com/java-deserialization-attacks-burp/
Description: Java Deserialization Attacks with Burp.

URL: https://github.com/brianwrf/hackUtils
Description: It is a hack tool kit for pentest and web security research.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://en.wooyun.io/2016/02/04/41.html
Description: GPS hacking.

URL: https://www.bastille.net/technical-details
Description: MouseJack - wireless, non-Bluetooth keyboards and mice Pwn.

URL: https://github.com/ethicalhack3r/owasp-asvs-markdown/blob/master/asvs.md
Description: Application Security Verification Standard 3.0.1.

URL: https://domenpk.github.io/lpc13xx_boot_analysis/
Description: LPC13xx Bootloader Reverse Engineering.

URL: http://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html
Description: RCE in Oracle NetBeans - PrimeFaces 5.x Expression Language Injection.

URL: https://goo.gl/LHeH3S (+)
Description: ICMP and IP Network Mapping Tricks Every Pentester Needs To Know.

URL: http://goo.gl/Wtvb4J (+)
Description: eBay scripting flaws being actively exploited by fraudsters.

URL: http://www.gracefulsecurity.com/command-injection-the-good-the-bad-and-the-blind/
Description: Command Injection - The Good, the Bad and the Blind.

URL: http://www.davidlitchfield.com/AssessingOraclee-BusinessSuite11i.pdf
Description: Assessing Oracle e­Business Suite 11i.

URL: http://philippeharewood.com/abusing-facebook-graph-search/
Description: Abusing Facebook Graph Search using GraphQL.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://supermarkupworld.daggasoft.com/
Description: Super Markup World

URL: https://github.com/fulldecent/system-bus-radio
Related: https://github.com/anfractuosity/musicplayer
Description: Transmit radio on computer without radio transmitting hardware.

URL: http://habrahabr.ru/post/268421/
Description: The USB Killer, Version 2.0.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 10 | Month: March | Year: 2016 | Release Date: 11/03/2016 | Edition: 108º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot
More: http://polyglot.innerht.ml/
Description: Unleashing an Ultimate XSS Polyglot.

URL: http://www.anandpraka.sh/2016/03/how-i-could-have-hacked-your-facebook.html
Description: How I could have hacked all Facebook accounts.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/jaredhaight/PSAttack
Description: A framework for Powershell attacks.

URL: https://github.com/hfiref0x/TDL
Description: Driver loader for bypassing Windows x64 Driver Signature Enforcement.

URL: https://github.com/jh00nbr/Routerhunter-2.0
Description: Scanner Routerhunter 2.0.

URL: https://github.com/b3mb4m/shellsploit-framework
Description: New Generation Exploit Development Kit.

URL: https://github.com/Rootkitsmm/Win32k-Fuzzer
Description: Win32k-Fuzzer.

URL: https://github.com/enddo/smod
Description: MODBUS Penetration Testing Framework.

URL: https://github.com/funkandwagnalls/ranger
Description: A tool for access and interact with remote Microsoft Windows systems.

URL: https://github.com/StevenBlack/hosts
Description: Amalgamated hosts file (Protection).

URL: https://github.com/joeferner/node-http-mitm-proxy
Description: HTTP Man In The Middle (MITM) Proxy (Node.js)

URL: https://github.com/enjoiz/XXEinjector
Description: Automatic exploitation of XXE vulnerability.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://securitymumblings.blogspot.pt/2016/02/cve-2015-8277.html
More: https://www.securifera.com/advisories/cve-2015-8277/
Description: Finding CVE-2015-8277 in FlexNet Publisher.

URL: https://xairy.github.io/blog/2016/cve-2016-2384
Description: Arbitrary code exec in the usb-midi linux kernel driver (CVE-2016-2384).

URL: https://pierrekim.github.io/blog/2016-01-05-Ganeti-Info-Leak-DoS.html
Description: Ganeti DoS and Unauthenticated Info Leak (CVE-2015-7944/CVE-2015-7945).

URL: http://andrewmohawk.com/2016/02/05/bypassing-rolling-code-systems/
Description: Bypassing Rolling Code Systems.

URL: https://goo.gl/0L1yce (+)
Description: 1Password sends your password across the loopback interface in clear text.

URL: https://ssrg.nicta.com.au/projects/TS/cachebleed/
Description: CacheBleed - A Timing Attack on OpenSSL Constant Time RSA.

URL: https://www.insinuator.net/2016/03/how-to-crack-a-white-box-without-much-effort/
Description: How to crack a white-box without much effort.

URL: http://tomforb.es/segfaulting-python-with-afl-fuzz
Description: Segfaulting Python with afl-fuzz.

URL: http://wartalker.me/a/56d62d1aeff2a2688884a075
Description: Malformed private keys lead to heap corruption in OpenSSL’s b2i_PVK_bio.

URL: http://goo.gl/DYBny3 (+)
Description: Getting Domain Admin with Kerberos Unconstrained Delegation.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://gist.github.com/staaldraad/510966898862fecce423
Description: Pwning like a hipster.

URL: https://tldr-pages.github.io/
Description: Simplified and community-driven man pages.

URL: https://www.peerlyst.com/blog-post/scope-the-final-frontier
Description: Scope - The final frontier.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 11 | Month: March | Year: 2016 | Release Date: 18/03/2016 | Edition: 109º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://www.gracefulsecurity.com/http-header-injection/
Description: HTTP Header Injection 101.

URL: https://mathiasbynens.github.io/rel-noopener/
Description: About rel=noopener.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/LNOLiGhT/BuSyBoXBaNGBuS
Description: All-in-1-Bruteforce-SSH.

URL: https://github.com/HurricaneLabs/machinae
Description: Machinae Security Intelligence Collector.

URL: https://github.com/LongSoft/UEFITool
Description: UEFI firmware image viewer and editor.

URL: https://github.com/cisco-sas/kitty
Description: Fuzzing Framework written in python.

URL: https://github.com/p-e-w/maybe
Description: See what a program does before running it.

URL: https://github.com/anssi-fr/tabi
Description: BGP Hijack Detection.

URL: http://pastebin.com/HYpjUKuk
Description: SHFolder.DLL Comodo AV Local Privilege Elevation Exploit.

URL: https://github.com/peacand/burp-pyTemplate
Description: Burp extension to develop Python "exploits" based on Burp requests.

URL: https://github.com/sensepost/DET
Slides: https://goo.gl/L89gpG (+)
Description: Data Exfiltration Toolkit (DET).

URL: https://github.com/Eisler/URLCrazy
Description: UrlCrazy is for the study of domainname typos and URL hijacking.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://goo.gl/liJQ2I (+)
Description: How Detecting Malicious PHP Files Isn't That Easy.

URL: https://gist.github.com/nishimunea/264695161a6796f1912f
Description: How HTML Injection Is Bad on Firefox OS.

URL: http://blog.ptsecurity.com/2016/01/severe-vulnerabilities-detected-in.html
Description: Severe Vulnerabilities Detected in FreeBSD (CVE-2016-1879).

URL: https://goo.gl/F9QRMY (+)
More: https://marc.ttias.be/oss-security/2016-03/msg00180.php
Description: Remote Code Execution in Git versions < 2.7.1 (CVE-2016-2324/CVE-2016‑2315).

URL: http://blog.joelesler.net/2010/03/offset-depth-distance-and-within.html
Description: Offset, Depth, Distance, and Within (Snort Rules).

URL: https://goo.gl/DbBJWX (+)
Description: From zero to SYSTEM on full disk encrypted Windows system.

URL: https://coding.abel.nu/2016/03/vulnerability-in-net-signedxml/
Description: Vulnerability in .NET SignedXml.

URL: https://firefart.at/post/upc_ubee_fail/
Description: UPC (router) Ubee EVW3226 Fail.

URL: https://www.teamupturn.com/reports/2016/what-isps-can-see
Description: What ISPs Can See.

URL: http://foofus.net/goons/percx/Xerox_hack.pdf
Description: Attacking Xerox's Multifunction Printers Patch Process.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://mjg59.dreamwidth.org/40505.html
Description: I stayed in a hotel with Android lightswitches...

URL: https://goo.gl/bEcYqL (+)
Description: What is WebAssembly?

URL: https://github.com/santinic/how2
Description: Stackoverflow from the terminal.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 12 | Month: March | Year: 2016 | Release Date: 25/03/2016 | Edition: 110º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: https://nvisium.com/blog/2016/03/09/exploring-ssti-in-flask-jinja2/
PoC: https://hackerone.com/reports/125980
Description: Exploring Server-Side Template Injection (SSTI) in Flask/Jinja2.

URL: http://blog.innerht.ml/the-misunderstood-x-xss-protection/
Description: The misunderstood X-XSS-Protection.

URL: https://fin1te.net/articles/uber-turning-self-xss-into-good-xss/
Description: Uber Bug Bounty - Turning Self-XSS into Good-XSS.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/mimoo/Diffie-Hellman_Backdoor
Description: How to backdoor Diffie-Hellman.

URL: https://github.com/craigz28/firmwalker
Description: Script for searching the extracted firmware file system for goodies!

URL: https://github.com/cr0hn/enteletaor
Description: Message Queue & Broker Injection tool.

URL: http://0x27.me/2015/07/27/SSH-Over-SCTP.html
Description: SSH Over SCTP (With Socat).

URL: https://github.com/claudijd/ssh_scan
Description: A prototype/PoC for an SSH scanner.

URL: https://github.com/samratashok/Kautilya
Description: Tool for easy use of HID for offensive security and penetration testing.

URL: https://github.com/sha0coder/LAF
Description: This firewall allows only communications made from allowed processes.

URL: https://gist.github.com/0x27/9ff2c8fb445b6ab9c94e
Description: ASAN/SUID Local Root Exploit.

URL: https://github.com/gpoulios/ROPInjector/
Description: Convert Shellcode Into ROP.

URL: https://github.com/eschultze/URLextractor
Description: Information gathering & website reconnaissance.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://en.wooyun.io/2016/01/18/JavaScript-Backdoor.html
Description: Fileless JavaScript Reverse HTTP Shell (OS JavaScript Backdoor).

URL: http://blog.skylined.nl/20160316001.html
Description: Microsoft Edge use-after-free "Case of Study".

URL: https://goo.gl/yegViI (+)
Description: How to easily hack your Smart TV - Samsung and LG.

URL: https://goo.gl/uMCPAk (+)
Description: SpagoBI - Remote Code Execution by authenticated users.

URL: http://web-in-security.blogspot.pt/2016/03/xml-parser-evaluation.html
PoC: https://github.com/RUB-NDS/DTD-Attacks
Description: XML Parser Evaluation (Ruby, Python, .NET, PHP, Perl, Java).

URL: https://gist.github.com/Teino1978-Corp/c7a855d0c0eaa348273b
Description: Attacking IPV6.

URL: http://www.attactics.org/2016/03/bypassing-antivirus-with-10-lines-of.html
Description: Bypassing AVs w/ 10 Lines of Code.

URL: http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html
Description: Remote Code Execution in CCTV-DVR affecting over 70 different vendors.

URL: http://jeffq.com/blog/dteenergy-insight/
Description: Unauthenticated "filter" parameter leak PII (CVE-2016-1562).

URL: https://jochen-hoenicke.de/trezor-power-analysis/
Description: Extracting the Private Key from a TREZOR (Hardware wallet for Bitcoins).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/zachlatta/sshtron
Description: Play Tron over SSH.

URL: http://www.joshparsons.net/latex/
Description: The LaTeX cargo cult.

URL: http://actinid.org/vix/
Description: Biteye & Vix.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 13 | Month: April | Year: 2016 | Release Date: 01/04/2016 | Edition: 111º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that really worth your time!


URL: http://www.pranav-venkat.com/2016/03/command-injection-which-got-me-6000.html
Description: Command injection which got me "6000$" from #Google.

URL: http://blog.orange.tw/2016/03/bug-bounty-ubercom-ubercom-remote-code.html
Description: Uber.com Remote Code Execution via Flask Jinja2 Template Injection.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://www.htcap.org/
Description: Web application scanner able to crawl single page application (SPA).

URL: https://github.com/YJesus/PyDeAPI
Description: Python script to detect API hooking in Linux.

URL: https://git.zx2c4.com/ctmg/about/
Description: Simple wrapper around cryptsetup for encrypted containers.

URL: https://github.com/firmadyne/firmadyne
Description: Tool for dynamic analysis of Linux-based embedded firmware.

URL: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563
Description: Putty Stack Buffer Overwrite (CVE-2016-2563).

URL: http://web-in-security.blogspot.pt/2016/03/xxe-cheat-sheet.html
Description: DTD (XXE, DoS, SSRF, XSLT) Cheat Sheet.

URL: https://github.com/NoviceLive/pat
Description: Customizable Exploit Pattern Utility.

URL: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3116
Description: Dropbearsshd xauth command injection.

URL: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115
Description: Openssh xauth command injection and /bin/false bypass.

URL: https://github.com/maurosoria/dirsearch
Description: Web path checker.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues/problems.


URL: http://secalert.net/?#scl-soh
Description: A Tale of an interesting source code leaking using SOH.

URL: https://goo.gl/zxeKhA (+)
Description: Install, configure and automatically renew Let's Encrypt SSL Certs.

URL: http://goo.gl/wfQYTv (+)
Description: Bypassing SOP and shouting hello before you cross the pond.

URL: http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code
Description: All Your Meetings Are Belong to Us - RCE in Apache OpenMeetings.

URL: http://asintsov.blogspot.pt/2016/03/yet-another-car-hacking-tool.html
Tool: https://github.com/eik00d/CANToolz
Description: Yet Another Car Hacking Tool.

URL: http://dn5.ljuska.org/cyber-attacks-on-vehicles-2.html
Description: Attacks on vehicles P-II.

URL: https://goo.gl/us2wTn (+)
Description: Bypassing NoScript security using Cross-Site Scripting and MITM attack.

URL: http://blog.knownsec.com/2016/03/pyyaml-tags-parse-to-command-execution/
Description: pyyaml-tags-parse-to-command-execution.

URL: https://github.com/hacksysteam/HackSysExtremeVulnerableDriver
Description: HackSys Extreme Vulnerable Driver (Exploitation Learning).

URL: http://goo.gl/ZCOqjO (+)
Description: Fuzzing workflows; a fuzz job from start to finish.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://storify.com/weev/a-small-experiment-in
PoC: http://www.phenoelit.org/hp/download.html
Description: A brief experiment in printing.

URL: http://left-pad.io/
Description: A microservice saviour appears.

URL: https://github.com/infosec-au/bugbountydash
Description: Terminal dashboard for bug bounty hunters that use HackerOne and Bugcrowd.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 14 | Month: April | Year: 2016 | Release Date: 08/04/2016 | Edition: 112º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://www.mbsd.jp/blog/20160407.html
Description: Information theft attacks abusing browser's XSS filter.

URL: https://hackerone.com/reports/73480
Description: Arbitrary file Upload on AirMax - 18k Reward (Impact is everything!).

URL: https://whitton.xyz/articles/obtaining-tokens-outlook-office-azure-account/
Description: Obtaining Login Tokens for an Outlook, Office or Azure Account.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/danielmiessler/RobotsDisallowed
Description: A harvest of the Disallowed directories from the robots.txt.

URL: https://gist.github.com/compoterhacker/c1a3b15fe2a47393083b
Description: Old irssi-otr plugin heap overflow PoC.

URL: https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
Description: Java-Deserialization-Cheat-Sheet.

URL: https://github.com/hfiref0x/SyscallTables
Description: Windows NT x64 Syscall tables.

URL: https://github.com/gavia/subsearch
Description: A subdomain brute force tool.

URL: https://github.com/google/binexport
Description: IDA plugin for exporting for BinNavi databases and to Protocol Buffers.

URL: https://github.com/HackerFantastic/Public/blob/master/exploits/cve-2016-1531.sh
Description: CVE-2016-1531 exim <= 4.84-3 local root exploit.

URL: http://www.nirsoft.net/utils/wifi_history_view.html
Description: Wifi Forensic Investigation using Wifihistoryview.

URL: https://github.com/SkyLined/BugId
Description: Python module to detect, analyze and id application bugs (Windows).

URL: https://github.com/lyle-nel/siga
Description: Population based metaheuristic for password cracking.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://en.wooyun.io/2016/01/28/Bypass-Windows-AppLocker.html
PoC: https://github.com/3gstudent/Bypass-Windows-AppLocker
Description: Bypass Windows AppLocker.

URL: http://l.avala.mp/blog/ghost-got-secrets-ghostbins-guts-part-1/ (...-part-2)
Description: Scraping Ghostbin.

URL: https://goo.gl/EGlZTe (+)
Description: ropasaurusrex - A primer on return-oriented programming (ROP "101").

URL: https://gist.github.com/nishimunea/5d06bf899198eb104238
Description: Cross-origin Data leakage in Chrome (CVE-2014-6759).

URL: https://labs.detectify.com/2016/04/04/csp-bypassing-form-action-with-reflected-xss/
Description: CSP - bypassing form-action with reflected XSS.

URL: http://d0cs4vage.blogspot.pt/2015/08/pfp-python-interpreter-for-010-templates.html
Description: PFP - A Python Interpreter for 010 Templates.

URL: http://www.labofapenetrationtester.com/2016/02/kautilya-easy-reverse-shells.html
Description: Hacking with Human Interface Devices - Easy Reverse Shells.

URL: http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html
Description: Unlimiting the stack not longer disables ASLR (CVE-2016-3672).

URL: http://www.sphaero.org/blog:2012:0418_am_i_hacked_oh_it_s_just_vodafone
Description: Am I hacked? Oh, it's just Vodafone.

URL: http://goo.gl/BNPZLU (+)
Description: The perils of Java deserialization.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://www.su-tesla.space/
Description: Rooting a Tesla Model S (Why not?).

URL: http://yifan.lu/2016/03/28/3ds-code-injection-through-loader/
Description: 3DS Code Injection through "Loader".

URL: http://blog.dewhurstsecurity.com/2016/04/07/google-chrome-protocol-handler-fun.html
Description: Google Chrome Protocol Handler Fun.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 15 | Month: April | Year: 2016 | Release Date: 15/04/2016 | Edition: 113º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://github.com/BishopFox/cve-2016-1764
Description: Recovery of Plaintext iMessage Data Without Breaking Crypto (CVE-2016-1764).

URL: https://goo.gl/xX9fB7 (+)
Description: Google Account Recovery XSS.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/fvrmatteo/DeobfuscatorTest
Description: Tool for obfuscation & de-obfuscation techniques (Research).

URL: http://dfir-blog.com/2016/03/13/how-to-parse-windows-eventlog/
Description: How to parse Windows Eventlog (DFIR).

URL: https://github.com/Rootkitsmm/cve-2016-0040
Description: PoC for CVE-2016-0040.

URL: https://github.com/0xspx/armroper
Description: ARM rop chain gadget searcher.

URL: https://xisigr.com/x/cve-2016-1932/
Description: Web Notification Origin Spoof and FS DoS on win Firefox (CVE-2016-1932).

URL: https://github.com/0x3d5157636b525761/DWF-2016-91000_poc/
Description: Bezeq Netgear DGN2200 exploit PoC (DWF-2016-91000).

URL: https://github.com/dutchcoders/transfer.sh/
Description: Easy and fast file sharing from the command-line (https://transfer.sh).

URL: https://github.com/s-rah/onionscan
Description: Scan Onion Services for Security Issues.

URL: https://github.com/xme/dshield-docker
Description: Docker container running cowrie with DShield output enabled.

URL: https://github.com/Raikia/CredSwissArmy
Description:  Check the validity of multiple user credentials across multiple servers.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/xt1a0r (+)
PoC: https://github.com/hannob/pwncloud
Description: Bad crypto in the Owncloud encryption module.

URL: http://en.wooyun.io/2016/02/04/42.html
Description: JavaScript Phishing.

URL: https://hshrzd.wordpress.com/2016/03/31/petya-key-decoder/
Description: Petya (Ransomware) key decoder.

URL: http://philippeharewood.com/swiping-facebook-official-access-tokens/
Description: Swiping Facebook Official Access Tokens

URL: https://hackmag.com/uncategorized/deceiving-blizzard-warden
PoC: https://github.com/xakepru/x14.08-coverstory-blizzard
Description: Deceiving Blizzard Warden.

URL: http://blog.vectranetworks.com/blog/turning-a-webcam-into-a-backdoor
Description: Turning a Webcam Into a Backdoor.

URL: http://securitygodmode.blogspot.pt/2016/03/bloatware-considered-harmful.html
Description: Bloatware considered harmful (MSRs 101).

URL: https://goo.gl/CwmMVX (+)
Description: Multiple vulnerabilities found in Quanta LTE routers.

URL: http://blog.techorganic.com/2016/03/08/radare-2-in-0x1e-minutes/
Description: Radare 2 in 0x1E minutes.

URL: http://www.technopy.com/mongodb-injection---how-to-hack-mongodb.html
Description: How To Hack MongoDB.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://webkay.robinlinus.com/
Description: What every Browser knows about you.

URL: https://github.com/amaboura/panama-papers-dataset-2016
Description: Structured data about Panama papers.

URL: http://notoken.pl/
Description: "BadCSRF" - NoToken Bug.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 16 | Month: April | Year: 2016 | Release Date: 22/04/2016 | Edition: 114º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://goo.gl/btlTLe (+)
Description: How I Hacked Facebook, and Found Someone's Backdoor Script.

URL: https://goo.gl/qF0Lqa (+)
Description: Using a Braun Shaver to Bypass XSS Audit and WAF.

URL: https://chloe.re/2016/04/13/goodbye-csrf-samesite-to-the-rescue/
Description: Goodbye CSRF - SameSite to the rescue! (SameSite-cookies 101)


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/flike/kingshard
Description: A high-performance MySQL proxy.

URL: https://github.com/snare/voltron
Description: A hacky debugger UI for hackers.

URL: https://github.com/Genetic-Malware/Ebowla
Description: Framework for Making Environmental Keyed Payloads (Malware Research).

URL: https://github.com/mrsmn/ares
Description: Library for an easy to use wrapper around https://cve.circl.lu.

URL: https://github.com/GortCodex/DNSCrypt-Loader
Description: A flexible and customizable bash script to manage DNSCrypt-proxy.

URL: https://github.com/ttlequals0/autovpn
Description: Script to create an OpenVPN Endpoint on AWS.

URL: https://github.com/fcsonline/autocsp
Description: Tool to generate a valid CSP headers, integrity hashes and inline hashes.

URL: https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet
Description: SQL Injection Cheat Sheet.

URL: https://github.com/K2/EhTrace
Description: ATrace is a tool for tracing execution of binaries on Windows.

URL: https://github.com/joaomatosf/jexboss
Description: JexBoss - Jboss verify and EXploitation Tool.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://www.cigital.com/blog/ineffective-certificate-pinning-implementations/
PoC: https://koz.io/pinning-cve-2016-2402/
Description: An Examination Of Ineffective Certificate Pinning Implementations.

URL: http://goo.gl/lrqLEh (+)
Description: Introduction to Windows shellcode development.

URL: http://bytesdarkly.com/2016/01/know-your-tools-cve-2015-2342-ioc-and-metasploit/
Description: Know your tools – CVE-2015-2342 IOC and Metasploit.

URL: https://hatriot.github.io/blog/2014/06/29/gitlist-rce/
Description: Gitlist - Commit to RCE.

URL: http://c0d3xpl0it.blogspot.pt/2016/04/compromising-domain-admin-in-voip.html
Description: Compromising Domain Admin in VOIP Pentest.

URL: http://www.bitlackeys.org/#skeksi
Description: 2016 - Skeksi Virus for X86_64 Linux.

URL: http://sww-it.ru/2016-04-11/1332
Description: Windows 10 Hooking Nirvana explained.

URL: https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/
Description: Detecting the use of "curl | bash" server side.

URL: https://crypto.stanford.edu/~blynn/rop/
Description: 64-bit Linux Return-Oriented Programming.

URL: http://blog.packagecloud.io/eng/2016/04/05/the-definitive-guide-to-linux-system-calls/
Description: The Definitive Guide to Linux System Calls.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/NoviceLive/bintut
Description: Teach you a binary exploitation for great good.

URL: https://github.com/mortenjust/cleartext-mac
Description: A text editor that only allows the top 1,000 most common words in English.

URL: https://github.com/rothgar/awesome-tmux
Description: Awesome Tmux.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 17 | Month: April | Year: 2016 | Release Date: 29/04/2016 | Edition: 115º  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://www.economyofmechanism.com/office365-authbypass.html
Description: The road to hell is paved with SAML Assertions.

URL: https://goo.gl/z9ALvx (+)
Description: Bypassing Chromes XSS Auditor.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/Pepitoh/VBad
Description: VBA Obfuscation Tools combined with an MS office document generator.

URL: https://github.com/kevthehermit/VolUtility
Description: Web App for Volatility framework.

URL: https://github.com/DidierStevens/DidierStevensSuite
Description: Didier Stevens Suite (Software Dump).

URL: https://github.com/rc0r/afl-utils
Description: Automated crash sample processing, afl-fuzz job management and more.

URL: https://github.com/DeveloppSoft/Eli.Decode
Description: Just a tool to decode obfuscated shellcodes using the unicorn engine.

URL: https://iovisor.github.io/bcc/
Description: Dynamic Tracing Tools for Linux.

URL: https://github.com/lorentzenman/payday
Description: Payload generator that uses Metasploit and Veil. 

URL: http://www.shelliscoming.com/2016/04/pazuzu-reflective-dll-to-run-binaries.html
Description: Pazuzu - reflective DLL to run binaries from memory.

URL: https://github.com/FuzzySecurity/PowerShell-Suite/blob/master/Invoke-MS16-032.ps1
MSF Module: https://github.com/khr0x40sh/metasploit-modules/blob/master/local/
Description: MS16-032 implemented in PowerShell.

URL: https://github.com/gdbinit/mach_race
Description: Mach Race OS X Local Privilege Escalation Exploit (CVE-2016-1757).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://neonprimetime.blogspot.pt/2016/03/fixing-xss.html
Description: Fixing XSS on the Mozilla Add-Ons website.

URL: https://goo.gl/E6k81e (+)
Description: Fun with Remote Controllers (CVE-2016-2345).

URL: http://www.sekoia.fr/blog/ms-office-exploit-analysis-cve-2015-1641/
Description: MS Office exploit analysis - CVE-2015-1641.

URL: https://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt
Description: Back To The Future - Unix Wildcards Gone Wild.

URL: http://www.anti-reversing.com/credentials-manager-zip-passwords-caching-win8-x10/
Description: Credentials Manager – Zip Passwords Caching [Win8.x/10].

URL: http://www.primalsecurity.net/0xc-python-tutorial-python-malware/
Description: Create a Python Malware with PyInstaller.

URL: http://www.b0n0n.com/2016/04/20/ms-jailbreak/
Description: Jailbreaking the Microsoft fitness band.

URL: http://www.tothenew.com/blog/csv-injection/
Description: Exploiting 'Export as CSV' functionality - The road to CSV Injections.

URL: https://osandamalith.wordpress.com/2016/01/02/hiding-data-inside-memory-addresses/
Description: Hiding Data Inside Memory Addresses.

URL: https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/
Description: Memory Corruption Vulnerability in "libotr".


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/onx/CIH
Description: CIH (Chernobyl) Oldies!

URL: https://github.com/donnemartin/haxor-news
Description: Browse Hacker News like a Haxor.

URL: https://projectgus.com/2013/03/anatomy-of-a-cheap-usb-ethernet-adapter/
Description: Anatomy of a cheap USB to Ethernet adapter.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 18 | Month: May | Year: 2016 | Release Date: 06/05/2016 | Edition: 116º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://imagetragick.com/
More: http://www.openwall.com/lists/oss-security/2016/05/03/18
Description: ImageMagick Is On Fire (CVE-2016–3714).

URL: http://c0rni3sm.blogspot.pt/2016/04/drag-drop-xss-in-google.html
Description: Drag Drop XSS in Google (Just try it!).

URL: http://arunsureshkumar.me/index.php/2016/04/24/facebook-account-take-over/
Description: Facebook Account Take Over.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/Cn33liz/p0wnedShell
Description: PowerShell Runspace Post Exploitation Toolkit.

URL: https://github.com/stevemk14ebr/UniHook
Description: Intercept arbitrary functions at run-time, without knowing their typedefs.

URL: https://github.com/Shay-Gueron/AES-GCM-SIV
Description: AES-GCM-SIV implementations (128 and 256 bit).

URL: https://github.com/talos-vulndev/advisories/tree/master/TALOS-2016-0088/poc
Description: OS X Gen6Accelerator - Local Privilege Escalation (CVE-2016-1743).

URL: https://github.com/future-architect/vuls
Description: Vulnerability scanner for Linux, agentless, written in golang.

URL: https://github.com/CroweCybersecurity/ad-ldap-enum
Description: An LDAP based Active Directory user and group enumeration tool.

URL: https://github.com/Maksadbek/tcpovericmp
Description: TCP implementation over ICMP protocol to bypass firewalls.

URL: https://github.com/detuxsandbox/detux
Description: The Multiplatform Linux Sandbox.

URL: http://securitypadawan.blogspot.pt/2014/01/using-sqlmaps-eval-functionality-for.html
Description: Using SQLMAP's Eval Functionality for Successful Exploitation (Tips).

URL: https://github.com/OpenSecurityResearch/hostapd-wpe
Description: Modified hostapd to facilitate AP impersonation attacks.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://cyseclabs.com/page?n=02012016
PoC: https://github.com/thomaxxl/group_info/
Description: CVE-2014-2851 group_info UAF Exploitation.

URL: http://www.exploresecurity.com/from-csv-to-cmd-to-qwerty/
Description: From CSV to CMD to qwerty.

URL: https://blog.cylance.com/veil-evasion-vulnerability-discovered-by-cylance
Description: Veil-Evasion Vulnerability Discovered by Cylance.

URL: http://arm.ninja/2016/03/04/reverse-engineering-samsung-s6-modem/
Description: Reverse Engineering Samsung S6 Modem.

URL: http://www.scip.ch/en/?labs.20160414
Description: Cross-Site Script Inclusion - A Fameless Web Vulnerability Class.

URL: http://blog.emsisoft.com/2016/01/01/meet-ransom32-the-first-javascript-ransomware/
Description: Meet Ransom32 - The first JavaScript ransomware.

URL: https://crypto.beer/runtastic-xxe/
Description: XXE vulnerability on runtastic.com.

URL: http://goo.gl/C3t9eM (+)
Description: Debugging Early Boot Stages of Windows.

URL: https://goo.gl/ewmpd5 (+)
Description: Just-Metadata - Intel Gathering and Analysis of IP Metadata.

URL: http://linux-audit.com/hardening-wordpress-security-reduce-information-disclosure/
Description: Hardening WordPress Security and Reduce Information Disclosure.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://cryptopals.com/
Description: The matasano crypto challenges (Solutions).

URL: https://github.com/jsvine/waybackpack
Description: Download the entire Wayback Machine archive for a given URL.

URL: https://trustfoundry.net/reverse-engineering-a-discovered-atm-skimmer/
Description: Reverse Engineering a Discovered ATM Skimmer.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 19 | Month: May | Year: 2016 | Release Date: 12/05/2016 | Edition: 117º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/KqEh4Z (+)
Description: Poisoning the Well – Compromising GoDaddy Customer Support With Blind XSS.

URL: https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c
More: https://midzer0.github.io/2016/wordpress-4.5.1-xss/
SOME: https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e
Description: WordPress v4.5.1 Security Issues (XSS and SOME).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://goo.gl/ZIOZqG (+)
Description: Meterpreter New Windows PowerShell Extension.

URL: https://github.com/ax330d/Symex
Description: Tool to resolve symbols of running application.

URL: https://github.com/ctxis/RDP-Replay
Description: Replay RDP traffic from PCAP.

URL: https://github.com/dzonerzy/acunetix_0day
Description: Acunetix 0day RCE - (SYSTEM).

URL: https://github.com/enddo/CJExploiter
Description: Drag and Drop ClickJacking exploit development assistance tool.

URL: http://rol.im/asux/
Description: ASUX - Yet Another OEM Fail (ASUS driver uses code from 1993).

URL: https://bitbucket.org/decalage/oletools
Description:  Python tools to analyze Microsoft OLE2 files.

URL: https://github.com/reverse-shell/routersploit
Description: The Router Exploitation Framework.

URL: https://github.com/FiloSottile/CVE-2016-2107
Description: PoC OpenSSL padding oracle (CVE-2016-2107).

URL: https://nmap.org/ncrack/
Description: Ncrack is a high-speed network authentication cracking tool.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/fBEuSF (+)
Description: Analysis of Adobe Flash Player - Integer Overflow (CVE-2015-5560).

URL: https://intothesymmetry.blogspot.co.uk/2016/05/holy-redirecturi-batman.html
Description: Holy redirect_uri Batman! (OAuth2 Security).

URL: https://unlogic.co.uk/2016/04/12/binary-bomb-with-radare2-prelude/
Description: Binary Bomb with Radare2 - Prelude (Reverse).

URL: http://www.oreilly.com/webops-perf/free/files/docker-security.pdf
Description: Docker Security - Using containers safely in production.

URL: http://goo.gl/QM0mZx (+)
Description: NanoCore and Unpacking the AutoIT Cryptor.

URL: https://github.com/3nderapp/strong-node
Description: Checklist for source code security analysis of a Node.js web service.

URL: https://www.cs.tau.ac.il/~tromer/mobilesc/
Description: ECDSA Key Extraction from Mobiles via Nonintrusive Physical Side Channels.

URL: https://scumjr.github.io/2016/01/10/from-smm-to-userland-in-a-few-bytes/
Description: From SMM to userland in a few bytes.

URL: http://winternl.com/2016/05/02/hello-world/
Description: Intruduction to Win32 shellcode using Visual Studio's compiler.

URL: http://blog.frizn.fr/bkpctf-2016/qwn2own-bkpctf16
Description: Boston Key Party CTF - qwn2own challenge (browser exploitation).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/peralmq/bot-wat
Description: Hi, I'm a messenger bot...I'm the REPL of bots. 

URL: https://eev.ee/blog/2016/04/12/apple-did-not-invent-emoji/
Description: Apple did not invent emoji.

URL: http://www.backtrack-linux.org/backtrack/backtrack-0day-privilege-escalation/
Description: BackTrack 0day privilege escalation 😂. (Oldies)


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 20 | Month: May | Year: 2016 | Release Date: 20/05/2016 | Edition: 118º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/BVzfDH (+)
Description: Sleeping stored Google XSS Awakens a $5000 Bounty.

URL: http://mksben.l0.cm/2016/05/xssauditor-bypass-flash-basetag.html
Description: XSS Auditor bypass using Flash and base tag.

URL: https://goo.gl/Hdo0Xt (+)
Description: Mr.Robot Blind SQL Injection Vulnerability.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/bartblaze/PHP-backdoors
Description: A collection of PHP backdoors.

URL: https://github.com/rastating/wordpress-exploit-framework
Description: WordPress Exploit Framework.

URL: https://github.com/mdsecresearch/Publications/raw/master/tools/SysPersist.zip
Description: SysPersist - SYSTEM persistence service for Win32.

URL: https://github.com/awalGarg/devtools-timing-attack
Description: Timing attack to check if devtools are open.

URL: https://github.com/commonexploits/cisco-SNMP-enumeration/
Description: Cisco SNMP enumeration (B.F., Config Downloader and password cracker).

URL: https://github.com/CISOfy/lynis
Description: Auditing tool to assists with compliance testing (HIPAA/ISO27001/PCI DSS). 

URL: https://github.com/infosec-au/altdns
Description: DNS mutation tool.

URL: https://github.com/coreos/clair
Description: Vulnerability Static Analysis for Containers.

URL: https://github.com/sirdarckcat/sirdarckcat.github.io/wiki/TamperChrome
Description: Want to know how to use Tamper Chrome?

URL: https://github.com/ztgrace/changeme
Description: A default credential scanner.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://www.shellntel.com/blog/2016/3/30/vpn-over-dns-1
Description: VPN over DNS (DNSCat Power!).

URL: https://snyk.io/blog/marked-xss-vulnerability/
Description: Fixing `marked` XSS vulnerability.

URL: http://goo.gl/ZRPrGm (+)
Description: Looking For Caves in Windows Executables.

URL: https://www.notsosecure.com/crafting-way-json-web-tokens/
Description: Crafting your way through JSON Web Tokens.

URL: https://steamdb.info/blog/breaking-steam-client-cryptography/
Description: Breaking Steam Client Cryptography.

URL: https://nullsecure.org/building-your-own-passivedns-feed/
Description: Building Your Own Passive DNS Collection System.

URL: https://goo.gl/2LrWzM (+)
Part II: https://goo.gl/bNkAAG (+)
Description: Serialization Must Die - Act 1 Kryo and Act 2 (CVE-2016-0792).

URL: http://yurichev.com/blog/breaking_simple_exec_crypto/
Description: Breaking simple executable cryptor.

URL: https://boris.in/blog/2016/the-bank-job/
Description: The Bank Job (Security Report).

URL: https://vagmour.eu/why-resolving-to-internal-ips-really-hurts/
Description: Facebook and Aol - Internal IP disclosure that really hurts.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/IonicaBizau/node.cobol
Description: Node.js bridge for COBOL 😆. 

URL: https://www.thanassis.space/arm.html
Description: Building a tiny ARM-based server.

URL: http://gutomaia.net/pyNES/
Description: Write NES Games in Python!


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 21 | Month: May | Year: 2016 | Release Date: 27/05/2016 | Edition: 119º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://goo.gl/hEhxXH (+)
Description: Google Caja and XSS.

URL: https://github.com/dxa4481/Pastejacking
PoC: https://security.love/Pastejacking/
Description: A demo of overriding what's in a person's clipboard.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/fdiskyou/PowerOPS
Description: PowerShell Runspace Portable Post Exploitation Tool.

URL: https://derevenets.com/
Description: Snowman is a native code to C/C++ decompiler.

URL: https://github.com/pwntester/SerialKillerBypassGadgetCollection
Description: Collection of bypass gadgets to extend and wrap ysoserial payloads.

URL: https://github.com/interference-security/empire-web/
Description: PowerShell Empire Web Interface.

URL: https://github.com/4B5F5F4B/Exploits/tree/master/CVE-2015-6764
Description: PoC V8 bug (CVE-2015-6764).

URL: https://github.com/trailofbits/protofuzz
Description: Google Protocol Buffers message generator.

URL: https://github.com/mschwager/fierce
Description: A DNS reconnaissance tool for locating non-contiguous IP space.

URL: https://github.com/nccgroup/Winpayloads
Description: Undetectable Windows Payload Generation.

URL: https://github.com/1N3/IntruderPayloads
Description: A collection of Burpsuite Intruder payloads and fuzz lists.

URL: https://github.com/CyberShadow/RABCDAsm
Description: Robust ABC (ActionScript Bytecode) [Dis-]Assembler.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://goo.gl/nctrWn (+)
PoC: https://github.com/sinfocol/KeePassLogger
Description: KeePassLogger - KeePass Two-Channel Auto-Type Obfuscation Bypass.

URL: https://corner.squareup.com/2016/05/content-security-policy-single-page-app.html
Description: Content Security Policy for Single Page Web Apps.

URL: https://www.informationsecurity.ws/2016/01/pwning-windows-7-with-avg-av/
Description: Pwning Windows 7 and AVG with USB Rubber Ducky.

URL: https://goo.gl/t0Cc6s (+)
Description: Return of the Rhino - An old gadget revisited.

URL: https://dfir.it/blog/2015/08/12/webshell-every-time-the-same-purpose/
More: https://goo.gl/lfWQ9b (+)
Description: Webshells - Every Time the Same Purpose, Every Time a Different Story.

URL: https://github.com/deresz/unpacking
Description: Tutorials and examples for generic unpacking JAVA, .NET and x86/x64 code.

URL: http://www.contextis.com/resources/blog/push-hack-reverse-engineering-ip-camera/
Description: Push To Hack - Reverse engineering an IP camera.

URL: http://www.neutralizethreat.com/2016/02/lazagne-credential-recovery-binary-used.html
Description: Reverse CHM and AutoIt to Peek inside Attacker Server.

URL: http://phishme.com/powerpoint-and-custom-actions/
Description: PowerPoint and Custom Actions.

URL: https://seanmelia.files.wordpress.com/2016/02/yahoo-remote-code-execution-cms1.pdf
Description: Yahoo Remote Code Execution on cms.snacktv.de.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://learn.adafruit.com/hacking-the-kinect/overview
Description: Hacking the Kinect (Reverse engineering the Microsoft Kinect).

URL: http://ipv6excuses.com/
Description: Kepp refreshing the page 😄.

URL: https://github.com/philwantsfish/GitHubSearch
Description: A project to search the most popular repos for a given language.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 22 | Month: June | Year: 2016 | Release Date: 03/06/2016 | Edition: 120º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://hackerone.com/reports/390
Description: Pixel flood attack.

URL: https://esevece.github.io/2016/06/01/taking-over-heroku-accounts.html
Description: Taking over Heroku accounts.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/llamakko/CVE-2015-7214
Description: SOP bypass the SOP via data: and view-source: URIs (FF <43.0).

URL: https://github.com/infoassure/officefileinfo
Description: Script to help analyse the newer Microsoft Office file formats.

URL: https://github.com/spaze/oprah-proxy
Description: Generate credentials for Opera's "browser VPN".

URL: https://gist.github.com/HarmJ0y/3328d954607d71362e3c
Description: PowerView-2.0 tips and tricks (SysAdmin Helper).

URL: https://github.com/EiNSTeiN-/decompiler
Description: Decompiler w/ multiple backend support, works with IDA and Capstone.

URL: https://github.com/MITRECND/multiscanner/
Description: Modular file scanning/analysis framework.

URL: https://github.com/zhouat/Inject-Hook/tree/master/xposed_general_module
Description: Android xposed generic module.

URL: https://github.com/nccgroup/featherduster
Description: An automated cryptanalysis tool.

URL: https://github.com/hasherezade/malware_analysis/tree/master/7ev3n
Description: Decoder for 7even-HONE$T ransomware.

URL: https://github.com/Microsoft/SLAyer
Description: SLAyer tool that uses separation logic to verify mem safety of C programs.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://goo.gl/gOwiwL (+)
Description: In-Depth Analysis and Reverse Engineering of IE CVE-2015-2444.

URL: http://blog.securelayer7.net/mongodb-security-injection-attacks-with-php
Description: MongoDB security – Injection attacks with php.

URL: http://cn33liz.blogspot.pt/2016/05/bypassing-amsi-using-powershell-5-dll.html
Description: Bypassing Amsi using PowerShell 5 DLL Hijacking.

URL: http://en.wooyun.io/2016/02/29/44.html
Description: Analysis of VM escape by using LUA script.

URL: https://github.com/enddo/awesome-windows-exploitation
Description: Awesome Windows Exploitation resources and shiny things (Dump).

URL: https://goo.gl/Y6aa6S (+)
Description: Post-Ex Persistence Scripting with PowerSploit&Veil.

URL: http://blog.cr4.sh/2016/02/exploiting-smm-callout-vulnerabilities.html
Description: Exploiting SMM callout vulnerabilities in Lenovo firmware.

URL: http://drops.wooyun.org/papers/15430
Description: Struts2 method call RCE Vulnerability (CVE-2016-3081).

URL: https://hackerone.com/reports/111192
Description: CSV Injection via the CSV export feature.

URL: http://gursevkalra.blogspot.pt/2016/01/ysoserial-commonscollections1-exploit.html
Description: Understanding ysoserial's CommonsCollections1 exploit.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://hackerone.com/reports/123660
Description: Super Hack!

URL: https://github.com/ali1234/raspi-teletext
Description: Teletext for Raspberry Pi.

URL: https://threatbutt.com/map/
Description: Threatbutt Internet Hacking Attack Attribution Map.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 23 | Month: June | Year: 2016 | Release Date: 10/06/2016 | Edition: 121º   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://hackerone.com/reports/136169
Description: OneLogin authentication bypass on WordPress sites.

URL: https://blog.zsec.uk/pwning-pornhub/
Description: Pwning Pornhub, netcat connection that gave $2500.

URL: https://goo.gl/tNemh7 (+)
Description: SSRF to XSS to CSRF to RCE (Why XSS is dangerous).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/IMcPwn/browser-backdoor
Description: Electron App w/ JS WebSocket Backdoor and Ruby Command-Line Listener.

URL: https://github.com/zcutlip/exploit-poc/tree/master/netgear/r6200
Description: Exploit Netgear R6200 (and others).

URL: https://owtf.github.io/
Description: Offensive Web Testing Framework's.

URL: https://zneak.github.io/fcd/
Description: fcd is a burgeoning LLVM-based native program decompiler.

URL: https://github.com/chango77747/ReverseShell
Description: Simple C# reverse shell with shellcode and process injection.

URL: https://www.greyhathacker.net/?p=500
Description: Ways to Download and Execute code via the Commandline.

URL: http://www.powertheshell.com/powershell-obfuscator/
Description: PowerShell Obfuscator.

URL: http://halcyon-ide.org/
Description: Unofficial IDE for Nmap Script (NSE) Development.

URL: https://github.com/maldevel/gdog
Description: A fully featured Windows backdoor that uses Gmail as a C&C server.

URL: https://github.com/exodusintel/disclosures/blob/master/CVE_2016_1287_PoC
Description: BoF in the IKEv1 and IKEv2 implementations in Cisco ASA Software.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://security-base.com:8000/
Description: Repo of exploits for known malware like trojans.

URL: http://www.gironsec.com/blog/2016/06/backdooring-a-dll/
Description: Backdooring a DLL.

URL: https://goo.gl/u6fqEf (+)
Description: Reversing and Exploiting Embedded Devices - The Software Stack.

URL: https://tyranidslair.blogspot.co.uk/2013/02/fun-with-java-serialization-and.html
Description: Fun with Java Serialization and Reflection. (Oldies)

URL: http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and
Description: Remote Code Execution in Apache Jetspeed <=2.3.0.

URL: https://goo.gl/ojUIiP (+)
Description: Triaging the exploitability of IE/EDGE crashes.

URL: https://goo.gl/WgmTsi (+)
Description: Recovering BitLocker Keys on Windows 8.1 and 10.

URL: https://snyk.io/blog/sql-injection-orm-vulnerabilities/
Description: Fixing SQL Injection - ORM is not enough.

URL: http://blog.kcnabin.com.np/find_my_iphone_can-be-failed/
Description: Make iOS Sys. untraceable using Private DNS (#Find_My Iphone_Can_Fail).

URL: https://github.com/NorthBit/Public/raw/master/NorthBit-Metaphor.pdf
Description: A (real) real­life Stagefright exploit (Cookbook).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://digitalfreedom.io/map/
Description: Digital Freedom Alliance.

URL: http://makthepla.net/blog/=/scornhub-bounty
Description: Scornhub (Pornhub Bug Bounty).

URL: http://austingwalters.com/export-a-command-line-curl-command-to-an-executable/
Description: Export a Command Line cURL Command to an Executable.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 24 | Month: June | Year: 2016 | Release Date: 17/06/2016 | Edition: #122   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://paraschetal.in/writing-your-own-shellcode/
Description: Writing your own shellcode (101).

URL: https://www.adamlogue.com/revisiting-xss-payloads-in-png-idat-chunks/
Description: Revisiting XSS payloads in PNG IDAT chunks.

URL: http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html
Description: HTTP Header Injection in Python urllib.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/jadacyrus/searchgiant_cli
Description: Command line forensic imaging utility for cloud services.

URL: https://github.com/hugsy/cemu
Description: Cheap EMUlator GUI based on Keystone and Unicorn engines.

URL: https://github.com/CIFASIS/QuickFuzz
Description: An experimental grammar fuzzer in Haskell using QuickCheck.

URL: https://github.com/jmcarp/robobrowser
Description: Your friendly neighborhood web scraper.

URL: https://github.com/hwdsl2/docker-ipsec-vpn-server
Description: IPsec VPN Server on Docker.

URL: https://github.com/mandatoryprogrammer/xsshunter
Blog: http://goo.gl/2BUBef (+)
Description: XSS Hunter For Pentesting.

URL: https://github.com/Raikia/SMBCrunch
Description: Tool for reconaissance of Windows File Shares.

URL: https://github.com/secgroundzero/warberry
Description: WarBerryPi - Tactical Exploitation.

URL: https://github.com/pi-hole/pi-hole
Description: A black hole for Internet advertisements (designed for RPi).

URL: https://gist.github.com/sourceincite/985fd1476b7e1623cdbf7e22f3cc42e8
Description: MS Office - FSupportSAEXTChar() Use After Free RCE (CVE-2016-0140).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://goo.gl/HgflG6 (+)
Description: Leveraging Splunk Admin Credentials to Own the Enterprise.

URL: https://gist.github.com/rygorous/e0f055bfb74e3d5f0af20690759de5a7
Description: A bit of background on compilers exploiting signed overflow.

URL: http://incolumitas.com/2016/06/08/typosquatting-package-managers/
Description: Typosquatting programming language package managers.

URL: http://marcoramilli.blogspot.pt/2016/03/recovering-files-from-brand-new.html
Description: Recovering Files From Brand New Crypt0l0cker.

URL: http://www.deependresearch.org/2016/04/jboss-exploits-view-from-victim.html
Description: JBoss exploits - View from a Victim.

URL: http://www.debuginfo.com/articles/easywindbg.html
Description: WinDbg the easy way.

URL: https://vagmour.eu/why-resolving-to-internal-ips-really-hurts/
Description: Facebook and Aol internal ip disclosure that really hurts.

URL: http://oalmanna.blogspot.pt/2016/03/startssl-domain-validation.html
Description: StartSSL Domain validation (AppSec 101).

URL: http://www.0verl0ad.net/2016/03/bypassing-disablefunctions-y.html
Description: Bypassing disable_functions and open_basedir in PHP.

URL: https://datavibe.net/~sneak/20141023/wtf-icloud/
Description: iCloud Uploads Local Data Outside of iCloud Drive (Oldies).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://evertpot.com/PHP-Sucks/
Description: PHP Sucks.

URL: https://blog.benjojo.co.uk/post/ssh-port-fluxing-with-totp
Description: TOTP SSH port fluxing.

URL: https://gist.github.com/graceavery/01ec404e555571a4a668c271c8f62e8b
Description: Bash aliases for Harry Potter enthusiasts.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 25 | Month: June | Year: 2016 | Release Date: 24/06/2016 | Edition: #123   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://blog.kchung.co/reverse-engineering-hid-iclass-master-keys/
Description: Reverse Engineering HID iClass Master Keys.

URL: https://goo.gl/mH93Rr (+)
Description: XSS persistence using JSONP and serviceWorkers.

URL: http://goo.gl/mmktjE (+)
Description: Facebook's Bug - Delete any video from Facebook.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/intezer/docker-ida
Description: IDA Pro in a Docker container.

URL: https://github.com/SkyLined/LocalNetworkScanner/
Description: PoC Javascript that scans your local network when you open a webpage.

URL: https://github.com/cr0hn/PyDiscover
Description: Simple Secure and Lightweight Python Service Discovery.

URL: https://github.com/trycatchhcf/cloakify
Description: Data Exfiltration In Plain Sight.

URL: https://github.com/sashs/Ropper
GUI: https://github.com/orppra/ropa
Description: Tool to search for gadgets (ROP chains Helper).

URL: https://github.com/jonaslejon/tor-fingerprint/
Description: Tor Browser and Tails version fingerprint.

URL: https://github.com/google/rekall
Description: Rekall Memory Forensic Framework.

URL: https://github.com/Programming-Systems-Lab/phosphor
Description: Phosphor - Dynamic Taint Tracking for the JVM.

URL: https://github.com/jmdugan/blocklists
Description: Shared lists of hosts files.

URL: https://github.com/vrtadmin/ROPMEMU
Description: Framework to analyze, dissect and decompile code-reuse attacks.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/wrqfg0 (+)
Description: Classic Web Vulns Found in Google Search Appliance 7.4.

URL: https://goo.gl/3eGtjK (+)
Description: Owning the LinkedIn Password Dump.

URL: https://ghostbin.com/paste/2w26u
Description: Hacking Team Novel Write-up.

URL: http://www.kahusecurity.com/2016/locky-js-and-url-revealer/
Description: Locky JS and URL Revealer.

URL: https://hackerone.com/reports/128085
Description: GitLab Bypassing password auth of users that have 2FA enabled.

URL: https://olivierbeg.com/finding-xss-vulnerabilities-in-flash-files/
Description: Finding XSS vulnerabilities in flash files.

URL: https://www.sixdub.net/?p=591
Description: Derivative Local Admin (Invoke-UserHunter Internals).

URL: http://blog.jan-ahrens.eu/2014/03/22/threema-protocol-analysis.html
Description: Threema protocol analysis.

URL: https://goo.gl/oZrJor (+)
Description: ELF Shared Library Injection Forensics.

URL: https://www.nutmeginfosec.com/anatomy-of-a-javascript-downloader/
Description: Anatomy of a Javascript Downloader.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/conorpp/u2f-zero
Description: U2F USB token for physical security, affordability, and style.

URL: https://mborgerson.com/hacking-the-blynclight
Description: Hacking the Blynclight.

URL: https://goo.gl/umSem4 (+)
Description: Why you shouldn't share links on Facebook.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 26 | Month: July | Year: 2016 | Release Date: 01/07/2016 | Edition: #124   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/j0Efzh (+)
Description: Uber Hacking! 

URL: https://hackerone.com/reports/137229
Description: Dropbox apps Server side request forgery (Lovely Features).

URL: http://d3adend.org/blog/?p=722
Description: React Native Development RCE and RFD.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/RUB-NDS/TLS-Attacker
Description: TLS-Attacker is a Java-based framework for analyzing TLS libraries.

URL: https://github.com/bcoles/ssrf_proxy
Description: SSRF Proxy (tunneling HTTP via vulnerable servers to SSRF).

URL: http://jerrygamblin.com/2016/05/31/kalibrowser/
Description: KaliBrowser (Docker+Kali+Web).

URL: https://github.com/EnableSecurity/advisories/tree/master/ES2016-01-liferay-xxe
Description: XML External Entity (XXE) vulnerability in OpenID component of Liferay.

URL: http://blog.knownsec.com/2016/06/php-5-4-34-unserialize-uaf-exploit/
Description: PHP 5.4.34 unserialize UAF exploit (CVE-2014-8142).

URL: https://github.com/carloop/simulator
Description: CAN bus simulator on the Rasperry Pi.

URL: https://github.com/rabbitstack/fibratus
Description: Tool for exploration and tracing of the Windows kernel.

URL: https://github.com/BinaryAnalysisPlatform/qira
Description: QEMU Interactive Runtime Analyser.

URL: https://github.com/aurel26/wer-server
Description: WER Server (Corporate Error Reporting (CER) protocol for Windows).

URL: https://bitbucket.org/iwseclabs/gunpack/
Description: Application Reverse Tool.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/v8UgSQ (+)
Description: IPv6 Hardening Guide for Windows Servers.

URL: http://www.cosc.canterbury.ac.nz/research/reports/HonsReps/2015/hons_1504.pdf
Description: Applying Bytecode Lvl Auto Exploit Generation to Embedded Systems.

URL: https://goo.gl/cr8pg6 (+)
Description: Hacking the JavaScript Lottery.

URL: http://www.secalert.net/2013/12/13/ebay-remote-code-execution/
Description: eBay - Remote Code Execution.

URL: http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/
PoC: https://www.exploit-db.com/exploits/39838/
Description: Magento – Unauthenticated Remote Code Execution (CVE-2016-4010).

URL: https://webtransparency.cs.princeton.edu/webcensus/index.html#
More: https://www.chromium.org/Home/chromium-security/client-identification-mechanisms
Description: The Long Tail of Online Tracking.

URL: https://github.com/nonce-disrespect/nonce-disrespect
Description: Nonce-Disrespecting Adversaries - Practical Forgery Attacks on GCM (TLS). 

URL: http://jcjc-dev.com/2016/04/08/reversing-huawei-router-1-find-uart/
Description: Practical Reverse Engineering Part 1 - Hunting for Debug Ports.

URL: http://goo.gl/2FEOPl (+)
Description: Breaking Cerber strings obfuscation with Python and radare2.

URL: https://blog.cylance.com/compromising-an-entire-julia-cluster
Description: Compromising an Entire Julia Cluster.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/jswanner/DontFuckWithPaste
Description: Google Chrome extension that prevents the blocking of pasting.

URL: http://irq5.io/2016/06/22/designing-the-x-ctf-2016-badge/
Description: Designing the X-CTF 2016 Badge.

URL: https://blog.benjojo.co.uk/post/cheap-hdmi-capture-for-linux
Description: Ludicrously cheap HDMI capture for Linux.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 27 | Month: July | Year: 2016 | Release Date: 08/07/2016 | Edition: #125   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://luc10.github.io/onedrive-an-easter-egg-into-ms-library/
Description: OneDrive - an easter egg into MS library - XSS on Microsoft and not only.

URL: http://blog.bentkowski.info/2016/07/xss-es-in-google-caja.html
Description: XSS-es in Google Caja.

URL: https://hackerone.com/reports/131450
Description: Stored XSS in developer.uber(dot)com.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/mandatoryprogrammer/xsshunter
Description: The XSS Hunter service - a portable version of XSSHunter.com.

URL: https://alexaltea.github.io/hasher/
Description: Automatic detection of hashing algorithms.

URL: http://pentestmonkey.net/blog/ssh-with-no-tty
Description: Using SSH without a TTY.

URL: https://github.com/infobyte/evilgrade
Description: Evilgrade (Oldies).

URL: https://github.com/smicallef/spiderfoot
Description: SpiderFoot - Open source footprinting and intelligence-gathering tool. 

URL: https://modexp.wordpress.com/2016/06/04/winux/
Description: Shellcode - Execute command for x32/x64 Linux/Windows/BSD.

URL: http://srcincite.io/advisories/src-2016-22/
Description: MS Office Component FSupportSAEXTChar() - Use-After-Free RCE (CVE-2016-0140).

URL: http://onready.me/old_horse_attacks.html
Description: Embedding reverse shell in .lnk file or Old horse attacks.

URL: https://github.com/emposha/Shell-Detector
Description: Tool that helps you find and identify php/cgi(perl)/asp/aspx shells.

URL: https://gist.github.com/mattifestation/97ceccd93133c7a1d39a1661922fe545
Description: Credential stealing proxy function for Get-Credential.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://blogs.securiteam.com/index.php/archives/2701
Description: Wget Arbitrary Commands Execution.

URL: https://goo.gl/5iX4at (+)
Description: Server-Side Request Forgery Takes Advantage of Vulnerable App Servers.

URL: http://justhaifei1.blogspot.pt/2015/10/watch-your-downloads-risk-of-auto.html
Description: "Auto-Download" feature on MS Edge and Google Chrome (DLL-Preload).

URL: http://goo.gl/hrhPSo (+)
Description: Practical use of JS and COM Scriptlets for Penetration Testing.

URL: https://github.com/ukanth/afwall/wiki/Kernel-security
Description: Android Kernel Security Reference.

URL: http://infoseczone.net/mssql-union-based-injection-step-step/
Description: MSSQL Union Based Injection Step By Step (101).

URL: http://blog.gosecure.ca/2016/05/26/detecting-hidden-backdoors-in-php-opcache/
Description: Detecting Hidden Backdoors in PHP OPcache.

URL: https://blog.bugcrowd.com/discovering-subdomains
Description: Discovering Subdomains.

URL: http://marcoramilli.blogspot.pt/2016/05/process-hollowing.html
Description: Process Hollowing.

URL: https://auth0.com/blog/2016/05/31/cookies-vs-tokens-definitive-guide
Description: Cookies vs Tokens - The Definitive Guide.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://blog.filippo.io/securing-a-travel-iphone/
Description: Securing a travel iPhone.

URL: https://github.com/BlastarIndia/msdos/tree/master/v11source
Description: MS-DOS Source Code 1.X and 2.0.

URL: https://github.com/hamidreza-s/NanoChat
Description: A P2P/E2E encrypted and discoverable chat App on top of nanomsg lib.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 28 | Month: July | Year: 2016 | Release Date: 15/07/2016 | Edition: #126   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://blog.innerht.ml/rpo-gadgets/
Description: RPO Gadgets.

URL: https://www.josipfranjkovic.com/blog/race-conditions-on-web
Description: Race conditions on the web.

URL: http://jasminderpalsingh.info/single.php?p=87
Description: Exploiting Google Clickjacking Vulnerability (simple but effective).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://labs.mwrinfosecurity.com/tools/pivot-with-ping/
Description: ICMPTunnel - Pivot with Ping.

URL: https://hub.docker.com/r/jgamblin/tiny-tor/
Description: Tiny TOR Socks Proxy Container.

URL: https://github.com/square/certigo
Description: Examine and validate certificates in a variety of formats.

URL: https://github.com/srcclr/commit-watcher/
Description: Find interesting and potentially hazardous commits in git projects.

URL: https://github.com/raptIRJuan/RecentDocsMRU
Description: Tool to parse RecentDocs key and its subkeys in a NTUSER.dat file.

URL: https://github.com/apuigsech/seekret
Description: Go library and command line to seek for secrets on various sources.

URL: https://pastebin.com/raw/CC6UPcbZ
Description: Flash Fuzzer.

URL: https://github.com/Danladi/HttpPwnly
Description: "Repeater" style XSS post-exploitation tool for mass browser control.

URL: http://pastebin.com/hVx08e6U
Description: Cryptoshocker Ransomware key generation.

URL: https://github.com/java-deobfuscator/deobfuscator
Description: All-in-one Java deobfuscator.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://danielgrzelak.com/backdooring-an-aws-account-da007d36f8f9
Description: Backdooring an AWS account.

URL: http://goo.gl/s9tfxL (+)
Description: Hacking an IP camera (Grandstream GXV3611_HD).

URL: http://scottgriffy.com/blogs/rat-in-the-shellcode.html
Description: Rat in the Shellcode.

URL: https://itsjack.cc/blog/2016/05/poor-mans-malware-hawkeye-keylogger-reborn/
Description: Poor Mans Malware – HawkEye Keylogger Reborn.

URL: https://goo.gl/fFR7Gg (+)
Description: APT Groups and Operations.

URL: http://drops.wooyun.org/tips/16381
Description: Visual Studio trick to run code when building.

URL: https://www.pentestpartners.com/blog/hacking-the-mitsubishi-outlander-phev-hybrid-suv
Description: Hacking the Mitsubishi Outlander PHEV hybrid.

URL: https://hackerone.com/reports/136531
Description: Compromising Atlassian Confluence via WordPress.

URL: https://notehub.org/5zo2v
Description: Breaking into a WP without knowing WP/PHP or Infosec at all (or not).

URL: http://haxx.ml/post/142844845111/hacking-mattermost-from-unauthenticated-to-system
More: http://haxx.ml/post/145508617751/hacking-mattermost-2-year-of-nodejs-on-the
Description: Hacking Mattermost.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://www.youtube.com/watch?v=jOyfZex7B3E
Description: Sega Saturn CD - Cracked after 20 years.

URL: https://github.com/kristovatlas/osx-config-check
Description: Verify the configuration of your OS X machine.

URL: https://www.anfractuosity.com/projects/cditter/
Description: CDitter – CD-ROM drive based data exfiltration.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 29 | Month: July | Year: 2016 | Release Date: 22/07/2016 | Edition: #127   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://abdullah-iq.blogspot.pt/2016/06/medium-full-account-takeover.html
Description: Medium Full account takeover.

URL: http://mksben.l0.cm/2016/07/xxn-caret.html
Description: Abusing XSS Filter - One ^ leads to XSS (CVE-2016-3212).

URL: https://www.josipfranjkovic.com/blog/hacking-facebook-csrf-device-login-flow
Description: Stealing Facebook access_tokens using CSRF in device login flow.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/glv2/bruteforce-wallet
Description: Try to find the password of an encrypted wallet file.

URL: https://github.com/shawarkhanethicalhacker/BruteXSS
Description: BruteXSS - Cross-Site Scripting Bruteforcer.

URL: https://github.com/agustingianni/Utilities#dumpfunctionbytespy
Description: From "IDA" to C++ Plugin. 

URL: https://github.com/codertimo/Ransomware
Description: Java-based ransomware virus Encryptor and Decrypter.

URL: https://github.com/Sogomn/Ratty
Description: A Java remote administration tool.

URL: https://github.com/trustedsec/unicorn
Description: PowerShell downgrade attack and exploitation tool.

URL: https://gist.github.com/mattifestation/5d1565348d71b54ad02c44a5b94839f8
Description: Enumerates WMI, DLLs and the classes hosted by the provider.

URL: https://github.com/CENSUS/shadow
Description: Firefox/jemalloc heap exploitation swiss army knife.

URL: https://github.com/frewsxcv/afl.rs
Description: Fuzzing Rust code with american-fuzzy-lop.

URL: https://github.com/4B5F5F4B/PoCs/blob/master/CVE-2016-1649
Description: Lokihardt's libangle bug (CVE-2016-1649).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://goo.gl/HYUocq (+)
Report: http://permalink.gmane.org/gmane.comp.security.oss.general/19669
Description: ImageMagick popen_utf8 Command Injection Vulnerability.

URL: http://goo.gl/CZ1Sii (+)
Description: Ruby on Rails vulnerability commentary (CVE-2016-2098).

URL: http://www.shellntel.com/blog/2016/6/7/weaponizing-nessus
Description: Weaponizing Nessus.

URL: https://habrahabr.ru/post/281374/
Description: Standard Library Visual Studio 2015 and telemetry (Hackish from MS).

URL: https://goo.gl/OnyUTd (+)
Description: ASUS UEFI Update Driver Physical Memory Read/Write.

URL: https://thusoy.com/2016/mitming-postgres
Description: MitM-ing Postgres.

URL: https://chloe.re/2016/06/16/badonions/
Description: Smart detection for passive sniffing in the Tor-network.

URL: http://blog.gdssecurity.com/labs/2016/6/13/email-injection.html
Description: Email Injection.

URL: https://toschprod.wordpress.com/2012/01/31/mitm-4-arp-spoofing-exploit/
Description: ARP spoofing 101 using Scapy.

URL: https://github.com/d3f4ultt/PrincesOfPaypal
Description: A security write-up about the Paypal API & data leakage.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/ccrisan/motioneyeos
Description: A Video Surveillance OS For Single-board Computers.

URL: https://0x41.no/mr-robot-s02e01-easter-egg/
Description: Mr Robot S02E01 easter egg.

URL: https://github.com/chrislgarry/Apollo-11/
Description: Original Apollo 11 Guidance Computer (AGC) source code.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 30 | Month: July | Year: 2016 | Release Date: 29/07/2016 | Edition: #128   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://httpoxy.org/
PoC: https://github.com/httpoxy/php-fpm-httpoxy-poc
Description: A CGI application vulnerability for PHP, Go, Python and others.

URL: https://goo.gl/SSHshf (+)
Description: How I Could Steal Money from Instagram, Google and Microsoft.

URL: https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/
Descritpion: How we broke PHP, hacked Pornhub and earned 20.000$.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://www.binsim.com/
Description: Esh - Statistical Similarity of Binaries.

URL: https://github.com/withdk/badusb2-mitm-poc
Description: BadUSB 2.0 USB-HID MiTM PoC.

URL: https://goo.gl/K7f9kF (+)
Description: CVE-2016-5134 Chrome Firefox WPAD.

URL: https://github.com/elfmaster/sherlocked
Description: Universal Script Packer (Script -> Protected ELF Executable).

URL: http://www.andreybazhan.com/dbgkit.html
Description: DbgKit is the first GUI extension for Debugging Tools for Windows.

URL: https://github.com/dvolvox/PyWebinspect
Description: Python module for HP Security WebInspect DAST.

URL: http://www.halfdog.net/Security/2016/DebianEximSpoolLocalRoot/EximUpgrade.c
Description: Exim Local Root Exploit.

URL: https://subt0x10.blogspot.pt/2016/06/what-you-probably-didnt-know-about.html
Description: What you probably didn't know about regsvr32.exe .

URL: https://github.com/mit-ll/LL-Fuzzer
Description: An automated NFC fuzzing framework for Android devices.

URL: https://github.com/gdabah/distormx
Description: The ultimate hooking library.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://blog.zsec.uk/csv-dangers-mitigations/
Description: CSV Injection Revisited - Making Things More Dangerious(and fun).

URL: http://moyix.blogspot.pt/2016/07/fuzzing-with-afl-is-an-art.html
Description: Fuzzing with AFL is an Art.

URL: http://home.arcor.de/skanthak/sentinel.html
Description: DLL hijacking (Oldies).

URL: http://goo.gl/umnWPN (+)
Description: The Story of yet another ransom-fail-ware.

URL: https://goo.gl/gqeJyL (+)
Description: How I can gain control of your TP-LINK home switch.

URL: http://xlab.tencent.com/en/2016/06/17/BadTunnel-A-New-Hope/
Description: Hijack TCP/IP broadcast protocol across different network segment.

URL: https://en.blog.nic.cz/2016/06/13/dnssec-signing-with-knot-dns-and-yubikey/
Description: DNSSEC signing with Knot DNS and YubiKey.

URL: https://agrrrdog.blogspot.pt/2016/06/remote-detection-of-users-av-via-flash.html
Description: Remote detection of a user's AV using Flash (Not 100% Working but...).

URL: https://goo.gl/yVrOhP (+)
Description: From ROP to LOP bypassing Control FLow Enforcement.

URL: https://alexgaynor.net/2016/mar/14/anatomy-of-a-crypto-vulnerability/
Description: Anatomy of a Crypto Vulnerability.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://bugbounty.fail/
Description: A collection of the weirdest and funniest bug bounty reports out there.

URL: https://banmeihack.wordpress.com/2016/07/27/hacking-pokemon-into-candy-crush/
Description: Hacking Pokemon into Candy Crush.

URL: https://github.com/iCepa/iCepa
Description: iOS system-wide VPN based Tor client.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 31 | Month: August | Year: 2016 | Release Date: 05/08/2016 | Edition: #129  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://akat1.pl/?id=2
Description: Spawn your shell like it's 90s again!

URL: http://www.gattack.io/
Description: Gattacking Bluetooth Smart Devices.

URL: https://ericrafaloff.com/client-side-redis-attack-poc/
PoC: http://ericrafaloff.com/static/client-side-redis-poc.html
Description: Client-Side Redis Attack PoC.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/epinna/tplmap
Description: Automatic Server-Side Template Injection Detection and Exploitation Tool.

URL: https://github.com/rajeshmajumdar/xploit
Description: An automated Python + Ruby based XXE Exploiter (GUI + CLI).

URL: https://github.com/CIRCL/PyCIRCLeanMail
Description: Standalone CIRCLean/KittenGroomer code to sanitize emails.

URL: https://github.com/quarkslab/binmap
Description: System scanner looking for programs and libs to gather dependencies, symbols,... .

URL: https://gitlab.com/litm/redirect/tree/master
Description: 'old' ICMP redirect attack (live again).

URL: https://github.com/ron190/jsql-injection
Description: jSQL Injection is a Java application for automatic SQL database injection.

URL: https://github.com/ampotos/dynStruct
Description: Reverse engineering tool for structure recovering and memory usage analysis.

URL: https://github.com/ricardojrdez/anti-analysis-tricks
Description: Bunch of techniques used by malware to detect analysis environments.

URL: https://github.com/skylot/jadx
Description: Dex to Java decompiler.

URL: https://github.com/AlicanAkyol/sems
Description: Anti-Sandbox and Anti-Virtual Machine Tool.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/78WtUr (+)
PoC: https://github.com/matthiaskaiser/jmet
Description: Pwning Your Java Messaging With Deserialization Vulnerabilities.

URL: https://shubs.io/high-frequency-security-bug-hunting-120-days-120-bugs/
Description: High frequency security bug hunting: 120 days, 120 bugs.

URL: http://theori.io/research/jscript9_typed_array
Description: Patch Analysis of MS16-063 (jscript9.dll).

URL: http://goo.gl/ThDhM8 (+)
Description: ZigBee Packet Capture Analysis Using ZBAanalyzer.

URL: https://reverse.put.as/2016/06/25/apple-efi-firmware-passwords-and-the-scbo-myth/
Description: Apple EFI firmware passwords and the SCBO myth.

URL: http://xlab.tencent.com/badbarcode/
Description: BadBarcode Vulnerability.

URL: https://research.g0blin.co.uk/xss-and-wordpress-the-aftermath/
Description: XSS and WordPress – The Aftermath.

URL: https://bazad.github.io/2016/05/mac-os-x-use-after-free/
Description: Mac OS X Privilege Escalation via Use-After-Free (CVE-2016-1828).

URL: http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html
PoC: https://github.com/Cr4sh/ThinkPwn
Description: Exploring and exploiting Lenovo firmware secrets.

URL: https://suchakra.wordpress.com/2016/07/03/unravelling-code-injection-in-binaries/
Description: Unravelling Code Injection in Binaries.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://magoo.github.io/Blockchain-Graveyard/
Description: Blockchain Graveyard.

URL: https://github.com/trailofbits/algo
Description: 1-click IPSEC VPN in the Cloud.

URL: https://zwischenzugs.wordpress.com/2016/04/12/hitler-uses-docker-annotated/
Description: Hitler Uses Docker, Annotated.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 32 | Month: August | Year: 2016 | Release Date: 12/08/2016 | Edition: #130  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/G3rxy2 (+)
Description: Updating the Paypal.me profile picture without consent (CSRF attack).

URL: https://avicoder.me/2016/07/22/Twitter-Vine-Source-code-dump/
Description: Twitter's Vine Source code dump.

URL: https://bugs.chromium.org/p/project-zero/issues/detail?id=884
More: https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords
Description: LastPass Several Security Issues.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://labs.nettitude.com/tools/poshc2/
Tool: https://github.com/Nettitude/PoshC2
Description: Powershell C2 Server and Implants.

URL: https://github.com/CIFASIS/nosy-newt
Description: Concolic execution tool for exploring the input space of a binary.

URL: https://github.com/rodrigoalvesvieira/SoundKeylogger
Description: Sound Key Logger (experimental project).

URL: https://github.com/ivanfratric/winafl
Description: A fork of AFL for fuzzing Windows binaries.

URL: https://github.com/misterch0c/firminator_backend
Description: The first open source vulnerability scanner for firmwares.

URL: https://benmmurphy.github.io/blog/2016/07/11/rails-webconsole-dns-rebinding/
Description: Rails Webconsole DNS Rebinding.

URL: https://github.com/blankwall/MacHeap
Description: OS X malloc introspection tool.

URL: https://github.com/fgrimme/Matroschka
Description: Python steganography tool to hide images or text in images.

URL: http://www.forceprojectx.com/services/apps/memory_dumper
Description: Swf and Unity Memory Dumper.

URL: http://www.nyxbone.com/malware/odcodc.html
Description: Trojan/Ransomware ODCODC (.odcodc) Decoder.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://deadcode.me/blog/2016/07/01/UPC-UBEE-EVW3226-WPA2-Reversing.html
PoC: https://github.com/yolosec/upcgen
Description: UPC UBEE EVW3226 WPA2 Password Reverse Engineering.

URL: https://goo.gl/RwShjR (+)
Description: Intercepting DLL libraries calls, API hooking in practice.

URL: https://goo.gl/Cfzilu (+)
Description: Jenkins Remoting RCE II – The return of the ysoserial.

URL: https://github.com/secfigo/Awesome-Fuzzing
Description: A curated list of fuzzing resources.

URL: https://goo.gl/VpRb9R (+)
Description: Decrypt/Extract NitroKey HSM/SmartCard-HSM RSA private keys.

URL: http://anee.me/reversing-an-elf/
Description: Reversing an ELF from the ground up.

URL: https://kjaer.io/extension-malware/
Description: Malware in the browser, hacked by a Chrome extension.

URL: https://premium.wpmudev.org/blog/xml-rpc-wordpress/
Description: XML-RPC and Why It’s Time to Remove it for WordPress Security.

URL: http://theori.io/research/cve-2016-0189
PoC: https://gist.github.com/worawit/1213febe36aa8331e092
Description: CVE-2016-0189 (IE Scripting Engine Memory Corruption Vulnerability).

URL: https://0x90909090.blogspot.pt/2016/07/analyzing-zip-with-wsf-file-inside.html
Description: Analyzing zip with .wsf file inside.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://smealum.github.io/3ds/
Description: The Homebrew Launcher - 3DS.

URL: https://github.com/vvviperrr/SimpleRT
Description: Simple Reverse Tethering for Android.

URL: https://github.com/sobolevn/git-secret
Description: A bash-tool to store your private data inside a git repository.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 33 | Month: August | Year: 2016 | Release Date: 19/08/2016 | Edition: #131  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://goo.gl/9drpjq (+)
Description: JetBrains IDE Remote Code Execution and Local File Disclosure.

URL: https://introvertmac.wordpress.com/2016/07/30/hacking-google-for-fun-and-profit/
Description: Hacking Google for fun and profit (Firebase XSS).

URL: http://www.martinvigo.com/steal-2999-99-minute-venmo-siri/
Description: How to steal $2,999.99 in less than 2 minutes with Venmo and Siri.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/riusksk/rp
Description: ROP finder sequences in PE/Elf/Mach-O x86/x64 binaries.

URL: https://warroom.securestate.com/bypassing-gmails-malicious-macro-signatures/
Description: Bypassing Gmail's Malicious Macro Signatures.

URL: https://github.com/Owlz/pyThaw
Description: Python Application to Reverse Freezing.

URL: https://github.com/NetSPI/PowerUpSQL
Description: A PowerShell Toolkit for Attacking SQL Server.

URL: https://github.com/woanware/LogViewer
Description: LogViewer for viewing and searching large text files.

URL: https://hackerone.com/reports/131202
Description: Steal OAuth Tokens (Twitter Bug).

URL: https://www.npmjs.com/package/btlejuice
Source: https://github.com/DigitalSecurity/btlejuice/
Description: Bluetooth Low-Energy spoofing and MitM framework.

URL: https://github.com/katjahahn/PortEx
Description: Java library to analyse PE files.

URL: https://github.com/wbenny/mini-tor
Description: PoC implementation of tor protocol using Microsoft CryptoAPI.

URL: https://github.com/billziss-gh/winfsp
Description: WinFsp - Windows File System Proxy.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://www.contextis.com/resources/blog/attacks-https-malicious-pac-files/
PoC: https://github.com/ctxis/pac-leak-demo
Description: Attacks on HTTPS via malicious PAC files - Toxic Proxies

URL: http://goo.gl/dh9UDb (+)
Description: Google Chrome, Firefox Address Bar Spoofing Vulnerability.

URL: https://www.sensepost.com/blog/2016/universal-serial-abuse/
PoC: https://github.com/sensepost/USaBUSe
Description: Universal Serial aBUSe.

URL: https://rol.im/securegoldenkeyboot/
Description: Secure Golden Key Boot (MS16-094/CVE-2016-3287 and MS16-100/CVE-2016-3320).

URL: https://goo.gl/Tn22Hq (+)
Description: Time To Patch - RCE on Meinberg NTP Time Server.

URL: https://gist.github.com/cure53/521c12e249478c1c50914b3b41d8a750
Description: The Scriptless Scriptlet.

URL: http://goo.gl/9z1NXK (+)
Description: Own a printer, own a network with point and print drive-by.

URL: https://gist.github.com/Kopachris/b8bb1de2cada4fdde88666e018167926
Description: Reverse-engineering statistics commands for JCM bill validators.

URL: https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
Description: Non-Cryptanalytic attacks against FreeBSD update components.

URL: http://blog.deniable.org/blog/2016/08/09/cracking-orcus-rat/
Description: Cracking Orcus RAT.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://dnstun.com/
Description: Public DNS/ICMP Tunnelling Service.

URL: https://github.com/roothaxor/Windows
Description: Windows One Line Commands to make life easy.

URL: https://www.cs.bham.ac.uk/~exr/lectures/opsys/10_11/lectures/os-dev.pdf
Description: Writing a Simple Operating System — from Scratch.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 34 | Month: August | Year: 2016 | Release Date: 26/08/2016 | Edition: #132  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://artsploit.blogspot.pt/2016/08/pprce2.html
Description: Node.js code injection (RCE @demo.paypal.com).

URL: https://medium.com/@nmalcolm/hacking-imgur-for-fun-and-profit-3b2ec30c9463#.ql8goaiky
Description: Hacking Imgur for Fun and Profit.

URL: http://goo.gl/4pbewk (+)
Description: Remote Code Execution (RCE) on Microsoft's 'signout.live.com'.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/danmcinerney/autorelay
Description: Automatically performs the SMB relay attack.

URL: https://github.com/CENSUS/choronzon
Description: An evolutionary knowledge-based fuzzer.

URL: http://cryptoanarchic.me/wat.txt
Description: iOS 9.3.2 WebKit RCE via heapPopMin.

URL: https://github.com/ixty/xarch_shellcode
Description: Cross Architecture Shellcode in C.

URL: https://github.com/rednaga/APKiD
Description: Tool for identify Packers, Protectors, Obfuscators and Oddities.

URL: https://github.com/Neilpang/acme.sh
Description: An ACME Shell script, a certbot client (Let's Encrypt Helper).

URL: https://github.com/dxa4481/Snapper
Description: A security tool for grabbing screenshots of many web hosts.

URL: https://github.com/CapacitorSet/box-js
Description: A tool for studying JavaScript malware.

URL: https://github.com/philwantsfish/shard
Description: A command line tool to detect shared passwords.

URL: https://github.com/DShield-ISC/IPv6DNSExfil
Description: Data Exfiltration and Command Execution via AAAA Records.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://blog.silentsignal.eu/2016/08/25/bake-your-own-extrabacon/
More: http://xorcat.net/2016/08/16/equationgroup-tool-leak-extrabacon-demo/
Description: Bake your own EXTRABACON.

URL: https://systemoverlord.com/2016/08/24/posting-json-with-an-html-form.html
Description: Posting JSON with an HTML Form.

URL: https://breakdev.org/how-i-hacked-an-android-app-to-get-free-beer/
Description: How I Hacked an Android App to Get Free Beer.

URL: https://sysforensics.org/2016/08/jtaging-mobile-phones/
Description: JTAG Mobile Phones.

URL: https://blog.xyz.is/2016/webkit-360.html
Description: Exploiting WebKit on Vita 3.60.

URL: http://goo.gl/37GYKN (+)
Description: Circumventing Fuzzing Roadblocks with Compiler Transformations.

URL: http://stackstatus.net/post/147710624694/outage-postmortem-july-20-2016
Description: Stack Exchange - Regexp DoS.

URL: http://carnal0wnage.attackresearch.com/2016/08/got-any-rces.html
Description: NTOP/NBOX RCE Pwn! 

URL: https://hshrzd.wordpress.com/2016/07/21/how-to-turn-a-dll-into-a-standalone-exe/
PoC: https://github.com/hasherezade/dll_to_exe
Description: How to turn a DLL into a standalone EXE.

URL: https://github.com/struct/mms
Description: Modern Memory Safety - C/C++ Vulnerability Research (Training Slides).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://co9.io/post/148716614744/defcon-24-badge-challenge
Description: DEFCON 24 Badge Challenge.

URL: https://github.com/froggey/Mezzano
Description: An operating system written in Common Lisp.

URL: https://hackerone.com/reports/156098
Description: XSS At "pages.et.uber.com" (or not 😂).


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 35 | Month: September | Year: 2016 | Release Date: 02/09/2016 | Edition: #133 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://www.paulosyibelo.com/2016/08/instagram-stored-oauth-xss.html
Description: Instagram Stored OAuth XSS.

URL: https://httpsonly.blogspot.pt/2016/08/turning-self-xss-into-good-xss-v2.html
Description: Turning Self-XSS into Good XSS v2.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://c0nradsc0rner.wordpress.com/2016/07/06/cookie-shadow-path-injection/
Description: Cookie Shadow Path Injection.

URL: https://averagesecurityguy.github.io/2016/04/21/cracking-mongodb-passwords/
Description: Cracking MongoDB Passwords.

URL: https://github.com/andrewaeva/gobotnet
Description: Golang Botnet.

URL: http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt
Description: vBulletin SSRF Vulnerability (CVE-2016-6483).

URL: https://github.com/sgayou/kindle-5.6.5-jailbreak
Description: Kindle 5.6.5 exploitation tools.

URL: https://hackerone.com/reports/131210
Description: Priv. Escalation to access all private groups and repos (GitLab <8.6.9).

URL: https://github.com/RUB-NDS/MS-RMS-Attacks
Description: Breaking the security of Microsoft's RMS.

URL: https://github.com/Screetsec/TheFatRat
Description: Backdoor generator with msfvenom and more.

URL: https://github.com/Seba0691/PINdemonium
Description: A pintool in order to unpack malware.

URL: https://github.com/hugsy/gef
Description: Multi-Architecture GDB Enhanced Features.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://sh3ifu.com/Breaking-The-Great-Wall-Of-Web-Rafay-Baloch.pdf
Description: Breaking the great walll of web.

URL: https://ret2libc.wordpress.com/2016/04/04/analysing-swf-files-for-vulnerabilities/
More: https://olivierbeg.com/finding-xss-vulnerabilities-in-flash-files/
Description: Analysing SWF files for vulnerabilities.

URL: http://goo.gl/rP8BTW (+)
Description: Shut up snitch! RE and exploiting Little Snitch.

URL: https://github.com/NoviceLive/research-rootkit
Description: LibZeroEvil and the Research Rootkit project.

URL: http://goo.gl/KlikSg (+)
Description: Reverse Engineering a Malicious MS Word Document.

URL: https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/
Description: Fuzzing PHP Unserialize.

URL: http://goo.gl/D91R2U (+)
Description: WindowServer - The privilege chameleon on macOS.

URL: https://hackerone.com/reports/151058
Description: Shopify - Stealing livechat token and using it to chat as the user.

URL: http://www.exploit-monday.com/2016/07/Win10IoTCore-Build14393-EoP.html
PoC: https://gist.github.com/mattifestation/6955e1dffa0b0f494d89cf6588eb7c0c
Description: Misconfigured Service ACL Elevation of Privilege Vulnerability in Win10.

URL: https://chloe.re/2016/07/25/bypassing-paths-with-open-redirects-in-csp/
Description: Bypassing paths in CSP with open redirects + mitigation.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://pixelat.ion.land/
Description: Pixelation Land.

URL: https://github.com/charcole/LCDZapper/
Description: Device for making light gun games playable on LCD TVs.

URL: https://github.com/TheOfficialFloW/VitaShell/
Description: VitaShell is a file manager for PS Vita HENkaku.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 36 | Month: September | Year: 2016 | Release Date: 09/09/2016 | Edition: #134 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://bouk.co/blog/hacking-developers/
PoC: https://github.com/bouk/extractdata
Description: How to steal any developer's local database.

URL: https://room362.com/post/2016/snagging-creds-from-locked-machines/
Description: Snagging creds from locked machines.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/ScorchSecurity/systorm
Description: NASM Standard Library for shellcode.

URL: http://goo.gl/x6TVjl (+)
Description: Trend Micro Deep Discovery hotfix_upload.cgi filename RCE (CVE-2016-5840).

URL: http://goo.gl/pYL8eZ (+)
Description: Trend Micro InterScan Web Security ManagePatches filename RCE (ZDI-16-348).

URL: https://github.com/rcvalle/vmmfuzzer
Description: A hypervisor or virtual machine monitor (VMM) fuzzer.

URL: https://github.com/nccgroup/ABPTTS
Description: TCP tunneling over HTTP/HTTPS for web application servers.

URL: https://github.com/r00tkillah/HORSEPILL
Description: Linux Rootkit (BH16 - PoC of a ramdisk based containerizing Linux rootkit).

URL: https://github.com/SafeBreach-Labs/pacdoor
Description: PoC JavaScript malware implemented as a Proxy Auto-Configuration (PAC) File.

URL: https://gist.github.com/rvrsh3ll/cc93a0e05e4f7145c9eb
Description: Grab credentials from a running openvpn process in Linux.

URL: https://github.com/p3nt4/PowerShdll
Description: Run PowerShell with DLLs only (rundll32, PowerShdll.dll or powershdll.exe).

URL: https://sumofpwn.nl/advisory/2016/ajax_load_more_local_file_inclusion_vulnerability.html
Description: Ajax Load More Local File Inclusion vulnerability.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://goo.gl/VaK5Ts (+)
More: https://github.com/rastapasta/pokemon-go-xposed
Description: Reverse engineering and removing Pokémon GO’s certificate pinning.

URL: https://sektioneins.de/en/blog/16-09-02-pegasus-ios-kernel-vulnerability-explained.html
Description: PEGASUS iOS Kernel Vulnerability Explained (CVE-2016-4656).

URL: http://blog.zorinaq.com/nginx-resolver-vulns/
Description: Nginx resolver vulnerabilities allow cache poisoning attack.

URL: https://enigma0x3.net/2016/07/22/bypassing-uac-on-windows-10-using-disk-cleanup/
Description: Bypassing UAC on Windows 10 using Disk Cleanup.

URL: https://sites.utexas.edu/iso/2016/07/21/using-nodejs-to-deobfuscate-malicious-javascript/
Description: Using NodeJS To Deobfuscate Malicious JavaScript.

URL: http://www.keysniffer.net/
Description: Security vulns affecting non-Bluetooth wireless keyboards from eight vendors.

URL: https://osandamalith.com/2016/08/01/making-your-shellcode-undetectable-using-net/
PoC: https://github.com/OsandaMalith/VBShellCode
Description: Making your Shellcode Undetectable using .NET.

URL: https://stratumsecurity.com/2010/04/26/owasp-2010-adding-it-all-up/
Description: OWASP Top 10 (A6) in real world (SSRF Exploit).

URL: http://goo.gl/AwXfpT (+)
Description: Captain Hook - Pirating AVs to Bypass Exploit Mitigations.

URL: https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html
PoC: http://lcamtuf.coredump.cx/whack/
Description: CSS mix-blend-mode is bad for your browsing history.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/Nummer/Destroy-Windows-10-Spying
Description: Destroy Windows Spying tool.

URL: https://github.com/mozilla/http-observatory
Description: Mozilla HTTP Observatory.

URL: https://github.com/cnlohr/channel3
Description: ESP8266 Analog Broadcast Television Interface.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 37 | Month: September | Year: 2016 | Release Date: 16/09/2016 | Edition: #135 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://blog.fletchto99.com/2016/september/asus-disclosure/
Description: ASUS Broken API Authentication.

URL: https://goo.gl/kjWNZv (+)
Description: Reading Uber’s Internal Emails (Bug Bounty report worth $10,000).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/v3n0m-Scanner/V3n0M-Scanner
Description: Scanner in Python3.5 for SQLi/XSS/LFI/RFI and other Vulns.

URL: https://github.com/decalage2/oletools
Description: Python tools to analyze Microsoft OLE2 files.

URL: https://blog.didierstevens.com/2016/08/12/mimikatz-golden-ticket-dcsync/
Description: mimikatz - Golden Ticket + DCSync.

URL: https://github.com/endrazine/wcc
Slides: https://goo.gl/OYhxLC (+)
Description: The Witchcraft Compiler Collection.

URL: https://github.com/jesusprubio/bluebox-ng/
Description: Pentesting framework using Node.js powers. Specially focused in VoIP/UC.

URL: https://github.com/hashcat/kwprocessor
Description: Keyboard-walk generator with configureable basechars, keymap and routes.

URL: https://gist.github.com/chtg/bac6459587dbb79190d0a4c235901f03
Description: PHP Session Data Injection Vulnerability.

URL: https://gist.github.com/chtg/a2acf86d44315146e85b6f88f4d2b5eb
Description: Use After Free Vulnerability in unserialize().

URL: https://github.com/tihmstar/partialZipBrowser
Description: Tool for browsing and downloading files from zip files on remote webserver.

URL: https://github.com/violentshell/rover
Extra: https://github.com/jduck/challack | https://github.com/Gnoxter/mountain_goat
Description: Proof of Concept code for CVE-2016-5696.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://honeybadger.readthedocs.io/en/latest/
PoC: https://github.com/david415/HoneyBadger
Description: HoneyBadger is a TCP attack inquisitor and 0Day catcher.

URL: https://goo.gl/nj3zNK (+)
Description: Get Arbitrary Wildcard SSL Certs from Comodo via Dangling Markup Injection.

URL: https://www.vusec.net/projects/flip-feng-shui/
Description: Flip Feng Shui - New VM attack vector.

URL: https://goo.gl/m1JdoI (+)
Description: "Fileless" UAC Bypass Using eventvwr.exe and Registry Hijacking.

URL: https://github.com/juliocesarfort/public-pentesting-reports
Description: Public penetration testing reports Dump.

URL: https://goo.gl/0C91rO (+)
Description: Samsung's smart camera. A tale of IoT & network security.

URL: https://httpsonly.blogspot.pt/2016/08/cve-2016-0782-writeup.html
Description: Apache ActiveMQ Pwn (CVE-2016-0782).

URL: https://goo.gl/JIOvxT (+)
Description: Abusing Kerberos to NTLM fallback to defeat BitLocker FDE.

URL: https://linux-audit.com/elf-binaries-on-linux-understanding-and-analysis/
Description: The 101 of ELF Binaries on Linux - Understanding and Analysis.

URL: https://blog.exodusintel.com/2016/08/09/vxworks-execute-my-packets/
Description: VxWorks - Execute My Packets.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://ohshitgit.com/
Description: Oh shit, git!

URL: https://support.microsoft.com/en-us/kb/261186
Description: Computer Randomly Plays Classical Music.

URL: https://weblog.sh/
Description: Blog from the Command-Line.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 38 | Month: September | Year: 2016 | Release Date: 23/09/2016 | Edition: #136 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://sasi2103.blogspot.pt/2016/09/combination-of-techniques-lead-to-dom.html
Description: Combination of techniques lead to DOM Based XSS in Google.

URL: https://goo.gl/DjOEHf (+)
Description: Facebook Page Takeover.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://www.blackhillsinfosec.com/?p=5230
PoC: https://github.com/lukebaggett/google_socks
Description: Google Docs becomes Google SOCKS - C2 Over Google Drive.

URL: https://goo.gl/tnW7hD (+)
Description: Spawning a Shell using DDEE and SQL Injection.

URL: https://nixaid.com/encrypted-chat-with-netcat/
Description: Encrypted chat with netcat.

URL: https://github.com/platomav/MEAnalyzer
Description: Intel Engine Firmware Analysis Tool.

URL: https://github.com/XiphosResearch/exploits/tree/master/DoubtfullyMalignant
Description: DoubtfullyMalignant - BenignCertain DoS PoC (Why Not :D).

URL: https://github.com/juliocesarfort/nukemyluks
Description: Nuke My LUKS (Panic Button!).

URL: https://andreas-mausch.github.io/whatsapp-viewer/
Description: Android viewer for msgstore.db.crypt5, .crypt7 and .crypt8 databases.

URL: https://github.com/adaptivethreat/BloodHound
Description: Six Degrees of Domain Admin.

URL: https://github.com/mongodb-labs/disasm
Description: Interactive Disassembler GUI.

URL: https://github.com/securesocketfunneling/ssf
Description: Secure Socket Funneling (SSF) is a network tool and toolkit.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://deadcode.me/blog/2016/09/02/Blind-Java-Deserialization-Commons-Gadgets.html
Part II: https://deadcode.me/blog/2016/09/18/Blind-Java-Deserialization-Part-II.html
Description: Blind Java Deserialization Vulnerability - Commons Gadgets

URL: https://goo.gl/ClLuZH (+)
Description: Intercepting Passwords to Escalate Privileges on OS X.

URL: https://goo.gl/ENPsiI (+)
Description: How a malware could infect digitally signed files (MacOS).

URL: http://blog.nickbloor.co.uk/2016/08/drupal-coder-module-unauthenticated.html
Description: Drupal Coder Module - Unauthenticated RCE (SA-CONTRIB-2016-039).

URL: https://goo.gl/Uqcs96 (+)
Description: Samsung Security Manager Multiple RCE Vulnerabilities.

URL: https://hostoftroubles.com/
Description: Host of Troubles Vulnerabilities.

URL: https://tom.vg/2016/08/request-and-conquer/
Description: Storage quota side-channel attacks in the browser.

URL: http://antirez.com/news/96
Description: A few things about Redis security.

URL: https://access.redhat.com/blogs/766093/posts/2592591
Description: A bite of Python.

URL: https://www.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered/
Description: Reverse Engineering Xiaomi's Analytics app.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/janbrennen/rice
Description: Scripts used for fun/rice, as seen on TV^H^H the internet.

URL: https://github.com/mandatoryprogrammer/NorthKoreaDNSleak
Description: Snapshot of North Korea's DNS data taken from zone transfers.

URL: https://44con.com/2016/09/19/getting-started-with-your-hidiot-badge/
Description: Getting Started With Your HIDIOT Badge.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 39 | Month: September | Year: 2016 | Release Date: 30/09/2016 | Edition: #137 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://blog.k3170makan.com/2016/09/abusing-webvtt-and-cors-for-fun-and.html
Description: Abusing WebVTT and CORS for fun and profit.

URL: https://goo.gl/sGPM4p (+)
Description: An unlikely XXE in Hikvision’s Remote Access Camera Cloud.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/Shellntel/luckystrike
Slides: http://www.slideshare.net/NickLanders/outlook-and-exchange-for-the-bad-guys
Description: A PowerShell utility for the creation of malicious Office macro documents.

URL: https://github.com/mwrlabs/XRulez
Blog: https://labs.mwrinfosecurity.com/blog/malicous-outlook-rules/
Description: A command line tool for creating malicious outlook rules.

URL: https://github.com/sensepost/ruler
More: https://sensepost.com/blog/2016/mapi-over-http-and-mailrule-pwnage/
Description: A tool to abuse Exchange services.

URL: https://github.com/mozilla/ssh_scan
Description: A prototype SSH configuration and policy scanner.

URL: https://github.com/shellphish/fuzzer
Description: A Python interface to AFL.

URL: https://back-flip.blogspot.pt/2016/08/steal-google-account-on-stolen-or.html
Description: Steal Google account on stolen or unattended unlocked phone.

URL: https://github.com/melvinsh/vcsmap
Description: Tool to scan public version control systems for sensitive information.

URL: https://gist.github.com/freddyb/29eedc12b3ae4b1a26d645ee90a5912d
Description: Finding the SqueezeBox Radio Default SSH Password.

URL: https://github.com/jbremer/tracy/tree/master/src/zipjail
Description: Usermode sandbox for unpacking archives w/ unzip, rar, and 7z utilities. 

URL: https://github.com/m0nad/HellRaiser
Description: HellRaiser Vulnerability Scanner.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://jaq.alibaba.com/community/art/show?articleid=532
PoC: https://github.com/zhengmin1989/OS-X-10.11.6-Exp-via-PEGASUS
Description: Local privilege escalation for OS X 10.11.6 via PEGASUS.

URL: https://goo.gl/2tSUyp (+)
Description: Azure 0day Cross-Site Scripting with Sandbox Escape.

URL: https://www.optiv.com/blog/mssql-agent-jobs-for-command-execution
Description: MSSQL Agent Jobs for Command Execution.

URL: http://lab.truel.it/flash-sandbox-bypass/
Description: Flash sandbox bypass - local data exfiltration (CVE-2016-4271).

URL: https://goo.gl/P0cFa8 (+)
Description: ObiHai ObiPhone - Multiple Vulnerabilties.

URL: https://sweet32.info/
Description: SWEET32 - Birthday attacks on 64-bit block ciphers in TLS and OpenVPN.

URL: https://goo.gl/lVm81H (+)
Description: Exploiting PHP-7 unserialize.

URL: http://www.sjoerdlangkemper.nl/2016/08/29/kayako-xss/
Description: XSS in Kayako helpdesk software.

URL: https://www.aidanwoods.com/blog/faulty-login-pages
Description: Google's Faulty Login Pages.

URL: https://thel3l.me/blog/winprivesc/index.html
Description: Basic Windows Privilege Escalation.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/ionescu007/lxss
Description: Fun with the Windows Subsystem for Linux (WSL/LXSS).

URL: http://tinysubversions.com/notes/ethical-ad-blocker/
Description: The Ethical Ad Blocker.

URL: https://archive.org/details/softwarelibrary_msdos_games
Description: Software Library - MS-DOS Games.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 40 | Month: October | Year: 2016 | Release Date: 07/10/2016 | Edition: #138 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://diracdeltas.github.io/blog/backdooring-js/
Description: Backdooring your javascript using minifier bugs.

URL: https://5haked.blogspot.pt/2016/10/how-i-hacked-pornhub-for-fun-and-profit.html
Description: How I hacked Pornhub for fun and profit.

URL: https://hackerone.com/reports/61312
Description: Bypass of the SSRF protection (Slack commands, Phabricator integration).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/chango77747/AdEnumerator
Blog: http://securityblog.gr/3617/active-directory-enumeration-from-non-domain-system/
Description: Active Directory Enumeration from Non-Domain System.

URL: https://github.com/eteran/edb-debugger
Description: edb is a cross platform x86/x86-64 debugger.

URL: https://github.com/putterpanda/mimikittenz
Descripion: A post-exploitation PS tool for extracting juicy info from memory.

URL: https://goo.gl/c2opyI (+)
Description: Remote Root Code Execution/Privilege Escalation (MySQL, MariaDB, PerconaDB).

URL: https://173210.github.io/psp2
Description: How to Reverse-Engineer PS Vita.

URL: https://github.com/nccgroup/BinProxy/
Description: BinProxy is a proxy for arbitrary TCP connections.

URL: https://github.com/goldshtn/etrace
Description: Command-line tool for ETW tracing on files and real-time events.

URL: https://github.com/Naville/WTFJH
Description: iOS Security Runtime Inspection.

URL: https://github.com/artkond/rpivot
Description: RPIVOT - reverse socks4 proxy for penetration tests.

URL: https://github.com/mak-/parameth
Description: This tool can be used to brute discover GET and POST parameters.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://www.mbsd.jp/blog/20160921_2.html
Description: Safari's URL redirection XSS (CVE-2016-4585).

URL: http://paper.seebug.org/58/
Description: CSRF protection bypass on Django via GA (CVE-2016-7401).

URL: https://goo.gl/Jt751V (+)
Description: Hacked - Investigating An Intrusion On My Server.

URL: https://goo.gl/t7rg3A (+)
Description: How I Could Have Hacked Multiple Facebook Accounts.

URL: http://paper.seebug.org/42/
Description: BadURLScheme in iOS.

URL: http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html
Description: UXSS in Safari's showModalDialog (CVE-2016-4758).

URL: https://hackerone.com/reports/158148
Description: RCE and Shell via Image file.

URL: https://www.jardinesoftware.net/2016/09/12/xxe-in-net-and-xpathdocument/
Description: XXE in .Net and XPathDocument.

URL: https://goo.gl/UiIWfL (+)
Description: Hidden SNMP community in Cisco SG220 series (SNMP All over again).

URL: http://calebmadrigal.com/hackrf-replay-attack-jeep/
Description: HackRF Replay Attack Jeep.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/ethicalhack3r/DVWA/issues/101
Description: SQL injection vulnerability in low.php (😈 or facepalm).

URL: https://goo.gl/pkPDb2 (+)
Description: Researching protection and recovering Namco System ES1 arcade.

URL: https://github.com/Microsoft/BotBuilder
Description: The Microsoft Bot Builder SDK.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 41 | Month: October | Year: 2016 | Release Date: 14/10/2016 | Edition: #139 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://blog.tarq.io/node-js-request-smuggling/
Description: Node.JS Request Smuggling (Again!).

URL: http://blog.wesecureapp.com/xss-by-tossing-cookies/
Description: XSS by tossing cookies.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/mothran/unicorn-decoder
Description: Simple shellcode decoder using unicorn-engine.

URL: https://github.com/commonexploits/vlan-hopping
Slides: http://info-assure.co.uk/public_downloads/not-only-frogs-can-hop.pdf
Description: Not only frogs can hop (VLAN Hopping).

URL: https://github.com/sh4hin/Androl4b
Description: VM for Assessing Android apps, Reverse Eng. and Malware Analysis.

URL: https://github.com/tcstool/Fireaway
Description: Next Generation Firewall Audit and Bypass Tool.

URL: https://www.cgsec.co.uk/powershell-empire-cve-2016-0189-profit/
Description: Powershell Empire + CVE-2016-0189 = Profit.

URL: https://github.com/felixwilhelm/mario_baslr/
Description: PoC for breaking hypervisor ASLR using branch target buffer collisions.

URL: https://github.com/trylinux/lift/
Description: Low-Impact Fingerprint Tool.

URL: https://github.com/darkoperator/dnsrecon
Description: DNS Enumeration Script.

URL: https://github.com/dafthack/MailSniper
Description: Tool for searching through email in a MS Exchange env. for keywords. 

URL: https://github.com/secrary/SSMA
Description: SSMA - Simple Static Malware Analyzer.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://hackerone.com/reports/53004
Description: Blacklist bypass on Callback URLs (DNS rebinding FTW!)

URL: https://goo.gl/ZQK5fU (+)
Description: Reading Uber's Internal Emails (Bug Bounty report worth $10,000).

URL: https://goo.gl/63HPVG (+)
Description: Breaching a CA - Blind XSS in the GeoTrust SSL Operations Panel.

URL: https://goo.gl/ZxXu7l (+)
PoC: https://github.com/outflankbv/NetshHelperBeacon
Description: Using NetShell to execute evil DLLs and persist on a host.

URL: http://rednaga.io/2016/09/21/reversing_go_binaries_like_a_pro/
Description: Reversing GO binaries like a pro.

URL: https://www.virtuesecurity.com/blog/jquery-security-model/
Description: Understanding jQuery Security.

URL: https://github.com/jaredmichaelsmith/awesome-vehicle-security
Description: Resources dump for learning about vehicle security and car hacking.

URL: http://blog.rewolf.pl/blog/?p=1630
Description: MSI ntiolib.sys/winio.sys local privilege escalation.

URL: https://goo.gl/6KQMdJ (+)
Description: Multiple vulnerabilities found in the Dlink DWR-932B.

URL: https://blog.nelhage.com/2011/03/exploiting-pickle/
More: https://intoli.com/blog/dangerous-pickles/ | https://goo.gl/oy8SBx (+)
Description: Exploiting Misuse of Python's "Pickle" (Oldies).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://www.gwan.com/blog/20160405.html
Description: Google's "Director of Engineering" Hiring Test.

URL: http://nedbatchelder.com//blog/201609/computing_primes_with_css.html
Description: Computing primes with CSS.

URL: https://github.com/samyk/BPL
Description: Blind Public License (BPL).


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 42 | Month: October | Year: 2016 | Release Date: 21/10/2016 | Edition: #140 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://secalert.net/slack-security-bug-bounty.html
Description: Slack, a brief journey to mission control.

URL: https://sites.google.com/site/bughunteruniversity/best-reports/openredirectsthatmatter
Description: Open redirects that matter (Google VRP).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://goo.gl/o6KYtc (+)
MSF Module: https://github.com/rapid7/metasploit-framework/pull/7341
Description: Pre-auth RCE vulnerability in Metasploit Community, Express and Pro 4.12.

URL: https://github.com/ScadaExposure/Shodan-PHP-REST-API
Description: Advanced PHP5 REST API for Shodan.io.

URL: https://github.com/infosecguerrilla/ReflectiveSOInjection
Description: Injection technique for loading of a library from memory into a host process.

URL: https://github.com/CrySyS/membrane/
Description: Memory forensics tool to detect code loading behavior by stealthy malware.

URL: https://github.com/hahwul/droid-hunter
Description: Android application vulnerability analysis and Android pentest tool.

URL: https://github.com/MooseDojo/myBFF
Description: myBFF - a Brute Force Framework.

URL: https://github.com/tillmannw/streams
Description: Interactive command line tool for fast TCP stream processing.

URL: https://github.com/k4m4/onioff
Description: An onion url inspector for inspecting deep web links.

URL: https://github.com/0x27/linux.mirai
Description: Leaked Linux.Mirai Source Code for Research/IoC Development Purposes.

URL: https://github.com/DavidBuchanan314/pwn-mbr
Description: A simple MBR hijack demonstration.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/nG92Fe (+)
More: https://hackerone.com/reports/132104
Description: Using Chrome's web-custom-data UTI to inject a stored XSS in Slack.

URL: https://techanarchy.net/2016/10/extracting-lastpass-site-credentials-from-memory/
PoC: https://github.com/kevthehermit/volatility_plugins/tree/master/lastpass
Description: Extracting LastPass Site Credentials from Memory.

URL: http://lightbulbone.com/2016/10/04/intro-to-macos-kernel-debugging.html
Description: Introduction to MAC OS Kernel Debugging.

URL: https://www.ixiacom.com/company/blog/equation-groups-firewall-exploit-chain
Description: The Equation Group's Firewall Exploit Chain.

URL: https://goo.gl/oE7r5q (+)
PoC: https://github.com/infobyte/CVE-2016-2776
Description: A tale of a DNS packet (CVE-2016-2776).

URL: http://www.seg.inf.uc3m.es/~guillermo-suarez-tangil/papers/2016mal-iot.pdf
Description: Analysis and Exploitation of Arduino devices in the Internet of Things.

URL: https://archive.is/TpVVg
Description: Capcom.sys + Usage example -  Street Fighter V, Capcom "rootkit".

URL: https://goo.gl/oHV88F (+)
Description: Pwning a thin client in less than one minute, again!

URL: https://desc0n0cid0.blogspot.pt/2016/09/stack-based-buffer-overflow.html
Description: Stack-based Buffer Overflow exploitation to shell by example.

URL: http://www.ms509.com/?p=439
Description: Exploit analysis and practical - From Crash to hijack PC (CVE-2015-3825).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://goo.gl/1HSx1l (+)
Description: Two years spamming spammers back.

URL: https://robinlinus.github.io/socialmedia-leak/
Description: Your Social Media Fingerprint.

URL: https://github.com/JordanMilne/YMail-Pineapple
Description: MITMing Yahoo! Mail with a Wifi Pineapple Mark V and Flash.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 43 | Month: October | Year: 2016 | Release Date: 28/10/2016 | Edition: #141 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://robots.thoughtbot.com/is-your-site-leaking-password-reset-links
Description: Is Your Site Leaking Password Reset Links?

URL: https://henryhoggard.co.uk/blog/Paypal-2FA-Bypass
Description: Paypal 2FA Bypass (facepalm).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/CoolerVoid/raptor_waf
Description: Raptor - Web application firewall using DFA.

URL: https://sourceforge.net/projects/rcexploiter/
Description: Brute-forcing WAN/LAN services.

URL: https://github.com/horrorho/InflatableDonkey
Description: iOS9 iCloud backup retrieval proof of concept.

URL: https://www.leavesongs.com/HTML/chrome-xss-auditor-bypass-collection.html
Description: Browser Security a Chrome XSS Auditor bypass Dump.

URL: http://x42.obscurechannel.com/?p=310
Description: Reverse Meterpreter Shell via Slack Client 2.2.1 – DNSAPI.dll Hijack.

URL: https://github.com/mwrlabs/needle
Description: The iOS Security Testing Framework.

URL: https://regala.im/2016/10/05/fixing-burp-ssl-handshake-failed-alert/
Description: Fixing Burp SSL handshake failed alert (Tips and Tricks).

URL: https://github.com/sensepost/DNS-Shell
Blog: https://sensepost.com/discover/tools/DNS-shell/
Description: DNS-Shell is an interactive Shell over DNS channel.

URL: https://github.com/uZetta27/EasyROP
Description: A Python tool to generate ROP chains.

URL: https://github.com/sanvil/vsaudit
Description: VOIP Security Audit Framework.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/yzBzCN (+)
More: http://paper.seebug.org/86/ (CVE-2016-8870)
More II: http://paper.seebug.org/88/ (CVE-2016-8869) 
PoC CVE-2016-8869: https://github.com/XiphosResearch/exploits/tree/master/Joomraa 
Description: Joomla (< 3.6.4) Account Creation/Elevated Privileges write-up and exploit.

URL: http://dirtycow.ninja/
More: https://www.martijnlibbrecht.nu/2/
Description: Privilege escalation vulnerability in the Linux Kernel (CVE-2016-5195).

URL: https://www.vusec.net/projects/drammer/
Description: Drammer - Flip Feng Shui Goes Mobile (Android Rowhammer).

URL: https://hackerone.com/reports/150179
Description: Html Injection and Possible XSS in sms-be-vip.twitter.com.

URL: http://paper.seebug.org/91/
Description: Bypass unsafe-inline mode CSP.

URL: https://www.thanassis.space/android.html
Description: Freeing my tablet (Android hacking, SW and HW) Epic!

URL: https://www.pietroalbini.org/blog/gandi-security-vulnerability-2fa-bypass/
Description: Gandi security vulnerability - 2FA Bypass (Such Security!).

URL: http://www.miasm.re/blog/2016/09/03/zeusvm_analysis.html#first-stages
Description: ZeusVM analysis.

URL: https://zone13.io/post/Snagging-credentials-over-WiFi-Part1/
Description: Snagging Active Directory credentials over WiFi.

URL: https://goo.gl/XczEiJ (+)
Description: Finding the right exploit code (Tips and Tricks).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://www.gifcities.org/#/
Description: The Geocities Animated GIF Search Engine.

URL: https://shubs.io/guide-to-building-the-tastic-rfid-thief/
Description: Guide to building the Tastic RFID Thief.

URL: https://codepo8.github.io/logo-o-matic/
Description: C-64 charset logo generator.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 44 | Month: November | Year: 2016 | Release Date: 04/11/2016 | Edition: #142 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://www.blackhillsinfosec.com/?p=5396
Description: Bypassing Two-Factor Authentication on OWA and Office365 Portals.

URL: https://hackerone.com/reports/178152
Description: GitLab read files on application server, leads to RCE.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/shipcod3/mySapAdventures
Description: A quick methodology on testing/hacking SAP Applications for n00bz.

URL: http://blog.x1622.com/2016/01/poc-how-to-steal-httponly-session.html
Description: Get httponly session cookies via Apache cookie overflow (CVE-2012-0053).

URL: https://gist.github.com/anonymous/908a087b95035d9fc9ca46cef4984e97
Description: WordPress RCE via specially crafted .mo language file.

URL: https://github.com/CoolerVoid/0d1n/
Description: Web security tool to make fuzzing at HTTP.

URL: https://osandamalith.com/2016/10/10/fun-with-sqlite-load_extension/
Description: Fun with SQLite Load_Extension.

URL: https://github.com/thomaspatzke/WASE
Description: The Web Audit Search Engine - Index and Search HTTP Requests and Responses.

URL: https://github.com/praetorian-inc/pyshell
Description: PyShell - Shellify Your HTTP Command Injection!

URL: https://github.com/cloudburst/libheap/
Description: gdb python library for examining the glibc heap (ptmalloc).

URL: https://bitquark.co.uk/blog/2016/10/03/exfiltrating_files_with_busybox
Description: Exfiltrating files with BusyBox (Tips and Tricks).

URL: https://github.com/ebux/AVTECH
Description: Avtech devices multiple vulnerabilities.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://bloggerbust.ca/2016/10/26/browsersmack-a-browser-stack-proxy-vulnerability/
Description: BrowserSmack – a browser stack proxy vulnerability.

URL: https://goo.gl/4JiEfd (+)
Description: Host header injection and lax host parsing serving malicious data.

URL: https://goo.gl/LFF2Qa (+)
Description: Sniffing Out Trusts With BloodHound.

URL: https://goo.gl/czhcHM (+)
Description: Breaking JEA, PowerShel'’s New Security Barrier.

URL: http://www.alexkyte.me/2016/10/how-textsecure-protocol-signal-whatsapp.html
Description: How the Textsecure Protocol (Signal, WhatsApp, Facebook, Allo) Works.

URL: https://vah13.github.io/AVDetection/
Description: A simple way for detection the remote user's antivirus.

URL: http://blog.senr.io/blog/jtag-explained
Description: JTAG Explained - Why "IoT", Engineers and Manufacturers Should Care.

URL: https://rudk.ws/2016/10/17/reverse-engineering-by-using-chrome/
Description: Reverse Engineering using Chrome.

URL: https://goo.gl/Z7Aly4 (+)
Description: From PouchDB to RCE - a Node.js injection vector.

URL: https://devwerks.net/blog/16/how-not-to-use-html-purifier/
Description: How NOT to use HTML Purifier (Collabtive Bug).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://goo.gl/D8jxL8 (+)
Description: They Live and the secret history of the Mozilla logo.

URL: https://www.cs.umd.edu/hcil/members/bshneiderman/nsd/rejection_letter.html
Description: Rejection letter from the Communications of the ACM.

URL: https://github.com/jonitrythall/svgpocketguide
Description: Pocket Guide to Writing SVG.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 45 | Month: November | Year: 2016 | Release Date: 11/11/2016 | Edition: #143 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://www.blacknurse.dk/
PoC: https://github.com/jedisct1/blacknurse
Description: ICMP DoS attack causes high CPU load on firewalls.

URL: http://blog.andrewlang.net/post/152805939304/tumblr-xss-exploit
Description: Tumblr XSS Exploit (or oficial feature).

URL: http://blog.securityfuse.com/2016/11/gmail-account-hijacking-vulnerability.html
Description: Gmail Account Hijacking Vulnerability.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/stufus/parse-mimikatz-log
Blog: https://labs.mwrinfosecurity.com/tools/parsing-mimikatz-log-files/
Description: A relatively flexible tool to parse mimikatz output.

URL: https://github.com/ernw/knxmap
Description: KNXnet/IP scanning and auditing tool for KNX home automation installs.

URL: https://github.com/flipchan/LayerProx
Description: An encrypted traffic obfuscation proxy, simulates general webtraffic.

URL: http://secalert.net/#CVE-2016-4977
Description: RCE in Spring Security OAuth (CVE-2016-4977).

URL: https://github.com/manwhoami/MMeTokenDecrypt
Description: Decrypts and extracts iCloud and MMe authorization tokens for MacOS.

URL: https://www.netzob.org/
Description: Reverse Engineering Communication Protocols.

URL: https://github.com/michenriksen/birdwatcher
Description: Data analysis and OSINT framework for Twitter.

URL: https://github.com/arthepsy/ssh-audit
Description: SSH server auditing tool.

URL: https://github.com/suraj-root/spade
Description: Android APK backdoor embedder.

URL: https://github.com/x64dbg/x64dbgbinja
Description: Official x64dbg plugin for Binary Ninja.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://slashcrypto.org/2016/11/07/Netflix/
Description: Netflix Account Takeover through Automated Phone Calls.

URL: https://goo.gl/CXHtg5 (+)
Description: OpenSSL 1.1.0 - Remote client memory corruption.

URL: https://hosakacorp.net/p/systemd-user.html
Description: Abusing systemd user services.

URL: https://goo.gl/KAEZe6 (+)
Description: Server-side JavaScript (Remote Code) Execution in ASP.

URL: https://goo.gl/rcf3ao (+)
Description: SQL Injection - Calling Stored Procedures Dynamically.

URL: https://zuh4n.blogspot.co.uk/2016/10/adobe-importance-of-up-to-date.html
Description: Adobe Bug Bounty Journey.

URL: https://cyseclabs.com/blog/cve-2016-6187-heap-off-by-one-exploit
Description: Exploiting Linux kernel heap off-by-one (CVE-2016-6187).

URL: http://www.fuzzysecurity.com/tutorials/27.html
Description: Anatomy of UAC Attacks.

URL: http://b.fl7.de/2016/08/d-link-nas-dns-xss-via-smb.html
Description: D-Link NAS, DNS Series - Stored XSS via Unauthenticated SMB.

URL: https://www.invincealabs.com/blog/2016/11/wemo-hardware-bypass/
Description: Breaking BHAD - Getting Local Root on the Belkin WeMo Switch.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://websdr.ewi.utwente.nl:8901/?tune=7030usb
Description: Wide-band WebSDR.

URL: http://386bsd.org/
Description: 386BSD was the first open source Berkeley UNIX OS.

URL: https://hackerone.com/reports/180074
Description: BAD Code!


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 46 | Month: November | Year: 2016 | Release Date: 18/11/2016 | Edition: #144 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://github.com/samyk/poisontap
Description: When a RPi0/Node.js is plugged into a protected computer. 😈

URL: https://github.com/b3rito/yodo
Description: Sudo permissions nightmare or dirtyc0w FTW!


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://gist.github.com/x-42/3d822d85e6b547e7018c919c6d657e8e
Blog: http://x42.obscurechannel.com/?p=335
Description: .desktop file payload dropper (SE vector for linux targets).

URL: https://github.com/danigargu/urlfuzz
Description: Another web fuzzer written in NodeJS.

URL: https://github.com/Neohapsis/bbqsql
Description: A Blind SQL Injection Exploitation Tool.

URL: https://github.com/attackercan/regexp-security-cheatsheet
Description: Regexp Security Cheatsheet.

URL: https://kimiyuki.net/blog/2016/09/16/one-gadget-rce-ubuntu-1604/
Description: One-gadget RCE in Ubuntu 16.04 libc.

URL: https://sourceforge.net/projects/vbscan/
Description: OWASP VBScan (short for [VB]ulletin Vulnerability [Scan]ner).

URL: https://github.com/dzonerzy/PyJFuzz
Burp Plugin: https://github.com/dzonerzy/Burp-PyJFuzz
Blog: https://www.dzonerzy.net/post/pyjfuzz-to-the-next-level
Description: Trivial python JSON object fuzzer.

URL: https://gallery.technet.microsoft.com/Net-Cease-Blocking-Net-1e8dcb5b
Description: Net Cease - Hardening Net Session Enumeration.

URL: https://github.com/google/fuzzer-test-suite
Description: Set of tests for fuzzing engines.

URL: https://www.poweradmin.com/paexec/
Description: Launch Remote Windows Apps.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
Description: Cryptsetup Initrd root Shell (CVE-2016-4484).

URL: http://d3adend.org/blog/?p=851
Description: Maxthon Browser Arbitrary File Write, Login Page UXSS, and SQLi.

URL: https://goo.gl/eWXUvR (+)
Description: Risky design decisions in Chrome and Fedora enable drive-by downloads.

URL: https://sethsec.blogspot.pt/2016/11/exploiting-python-code-injection-in-web.html
Description: Exploiting Python Code Injection in Web Applications.

URL: https://goo.gl/lR1WeY (+)
Description: A single byte write opened a root execution exploit ChromeOS Pwn.

URL: https://woumn.wordpress.com/2016/09/24/smashing-the-stack-into-a-reverse-shell/
Description: Smashing the Stack into a Reverse Shell. 

URL: http://www.ioactive.com/Arnaboldi-XML-Schema-Vulnerabilities.pdf
Description: Assessing and Exploiting XML Schema's Vulnerabilities.

URL: http://www.davidlitchfield.com/BypassingXSSFiltersusingXMLInternalEntities.pdf
Description: Bypassing Chrome's and IE's XSS Filters using XML Internal Entities.

URL: https://goo.gl/gme14H (+)
Description: Linq Injection – From Attacking Filters to Code Execution.

URL: http://zseano.com/tut/4.html
Description: XSS and getting the alert.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/mattrajca/sudo-touchid
Description: A fork of `sudo` with Touch ID support.

URL: https://sidbala.com/h-264-is-magic/
Description: H.264 is Magic.

URL: https://yifan.lu/2016/11/01/taihen-cfw-framework-for-ps-vita/
Description: taiHEN - CFW Framework for PS Vita.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 47 | Month: November | Year: 2016 | Release Date: 25/11/2016 | Edition: #145 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://cure53.de/pentest-report_curl.pdf
Description: Pentest-Report cURL by Cure53.

URL: https://medium.com/@joewalnes/tail-f-to-the-web-browser-b933d9056cc#.4rnmefbo1
Description: tail -f to the web-browser 😁.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/antisnatchor/phishlulz
Description: PhishLulz is a Ruby toolset aimed at automating Phishing activities.

URL: https://github.com/Arno0x/CSharpScripts
Description: Playing with PE and Shellcode reflective injection (C# Scripts).

URL: https://github.com/vspandan/IFuzzer
Description: An Evolutionary Interpreter Fuzzer (Javascript Research).

URL: https://github.com/henshin/filebuster
Description: An extremely fast and flexible web fuzzer.

URL: https://averagesecurityguy.github.io/2016/10/21/recon-ng-dorks-burp/
Description: Recon-ng + Google Dorks + Burp = ... (Tips and Tricks).

URL: https://github.com/SafeBreach-Labs/pwndsh
Description: Post-exploitation framework (and an interactive shell) in #!.

URL: https://github.com/nabla-c0d3/ssl-kill-switch2
Description: Tool to disable SSL certificate validation (iOS and OS X Apps).

URL: https://github.com/renatahodovan/fuzzinator
Description: Fuzzinator Random Testing Framework.

URL: https://www.netresec.com/?page=findject
Description: Script that can find injected TCP packets in HTTP sessions.

URL: https://github.com/AppSecConsulting/Pentest-Tools/blob/master/jetty-bleed.py
Blog: https://www.appsecconsulting.com/blog/making-jetty-bleed
Description: Making Jetty Bleed.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://slack.engineering/syscall-auditing-at-scale-e6a3ca8ac1b8#.hlfdfpeiv
Description: Syscall Auditing at Scale.

URL: https://www.utkusen.com/blog/sending-valid-phishing-emails-from-microsoftcom.html
Description: Sending Phishing E-mails From Microsoft.com Domain by Using Office 365.

URL: https://goo.gl/ssq3Oo (+)
Description: Continuous security testing of your app w/ OWASP ZAP and Elasticsearch.

URL: https://github.com/bowlofstew/rootkit.com
Description: ROOTKIT.com site users section Dump.

URL: http://blog.0x3a.com/post/153468210759/monitoring-dns-inside-the-tor-network
Description: Monitoring 'DNS' inside the Tor network.

URL: https://goo.gl/0wvoBX (+)
Description: Adobe Reader Privileged JavaScript 0Days (CVE-2016-6957/CVE-2016-6958).

URL: http://ropgadget.com/posts/pebwalk.html
Description: Stepping through PE structures to find function addresses.

URL: https://arno0x0x.wordpress.com/2015/11/27/hacking-voip/
Description: Hacking voice over IP communications.

URL: https://pierrekim.github.io/blog/2016-11-01-gpon-ftth-networks-insecurity.html
Description: GPON FTTH (Fiber To The Home) networks (in)security.

URL: https://www.n00py.io/2016/10/using-email-for-persistence-on-os-x/
Description: Using email for persistence on OS X.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://graffiti.gaurs.io/
Description: Graffiti is a core java based tool used to analyse jar files.

URL: http://jerrygamblin.com/2016/11/12/automated-burp-suite-scanning-and-reporting-to-slack/
Description: Automated Burp Suite Scanning and Reporting To Slack.

URL: http://www.glamenv-septzen.net/en/view/6
Description: Why BIOS loads MBR into 0x7C00 in x86?


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 48 | Month: December | Year: 2016 | Release Date: 02/12/2016 | Edition: #146 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://hackerone.com/reports/182358
More: https://hackerone.com/reports/186230
Description: "Export as .zip" feature nightmare (Geez).

URL: http://blog.intothesymmetry.com/2016/11/all-your-paypal-tokens-belong-to-me.html
Description: All your Paypal OAuth tokens belong to me - localhost for the win.

URL: http://ianduffy.ie/blog/2016/11/26/azure-bug-bounty-pwning-red-hat-enterprise-linux/
Description: Azure bug bounty Pwning Red Hat Enterprise Linux.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://legalhackers.com/exploits/tomcat-rootprivesc-deb.sh
Blog: http://legalhackers.com/videos/Apache-Tomcat-DebPkg-Root-PrivEsc-Exploit.html
Description: Tomcat on Debian-based distros - Local Root PE Exploit (CVE-2016-1240). 

URL: https://github.com/stamparm/fetch-some-proxies
Description: Simple Python script for fetching "some" (usable) proxies.

URL: https://github.com/szimeus/evalyzer
Description: Using WinDBG to tap into JavaScript (deobfuscation helper and more).

URL: https://github.com/ryhanson/phishery
Description: Auth Credential Harvester with a Word Document Template URL Injector.

URL: https://github.com/1N3/PrivEsc
Description: Dump of Windows, Linux and MySQL PE scripts and exploits.

URL: https://github.com/B4rD4k/Vproxy
Description: Forward HTTP/S Traffic To Proxy Instance via PPTP VPN.

URL: https://github.com/whoot/TelphOWN
Description: Telpho10 (German "Hybrid ISDN/VoIP Telefonanlage") Ownage Tool.

URL: https://github.com/violentshell/Rollmac
Description: Automated WiFi time or data limit evasion (Airport pwnage).

URL: https://gist.github.com/subTee/c51ea995dfaf919fd4bd36b3f7252486
Description: Turn Msbuild.exe into a keylogger.

URL: https://github.com/gerry/pyevilgrade
Description: mitmproxy inline script to implement some evilgrade functionality.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://paper.seebug.org/95/
Report: http://www.talosintelligence.com/reports/TALOS-2016-0220/
Description: Memcached Command Execution (CVE-2016-8704/CVE-2016-8705/CVE-2016-8706).

URL: http://research.aurainfosec.io/bypassing-saml20-SSO/
Description: Bypassing SAML 2.0 SSO with XML Signature Attacks.

URL: https://goo.gl/bCn3yk (+)
Description: The art of Golden Ticket Kerberos Keys.

URL: https://github.com/dakami/ratelock
Description: Restricting Data Loss with Serverless Cloud Enforcement.

URL: https://www.contrastsecurity.com/security-influencers/dom-xss-in-wix.com
Description: DOM XSS in wix.com.

URL: https://g-laurent.blogspot.pt/2016/11/ms16-137-lsass-remote-memory-corruption.html
PoC: https://github.com/lgandx/PoC/tree/master/LSASS
Description: LSASS SMB NTLM Exchange Remote Memory Corruption.

URL: https://goo.gl/HskhRe (+)
Description: Atom.io Misconfiguration Allowed Code Execution on Untrusted Networks.

URL: https://eprint.iacr.org/2016/1013.pdf
Description: A Formal Security Analysis of the Signal Messaging Protocol.

URL: http://labs.lastline.com/evasive-jscript
Description: Evasive JScript.

URL: https://deadcode.me/blog/2016/11/05/Active-Deauth-Kismet-Wardriving.html
Description: Active WiFi deauth with Kismet for Wardriving.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://gist.github.com/kennwhite/1f3bc4d889b02b35d8aa
Description: Most VPN Services are Terrible.

URL: https://github.com/joke2k/faker
Description: Faker is a Python package that generates fake data for you.

URL: https://natmchugh.blogspot.pt/2014/10/how-i-created-two-images-with-same-md5.html
Description: How I created two images with the same MD5 hash.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 49 | Month: December | Year: 2016 | Release Date: 09/12/2016 | Edition: #147 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/QAtMIt (+)
Description: Taking Over 120K Domains via a DNS Vulnerability in major providers.

URL: https://insert-script.blogspot.pt/2016/12/firefox-svg-cross-domain-cookie.html
Description: Firefox - SVG cross domain cookie vulnerability.

URL: https://goo.gl/jX2CTk (+)
Description: Backdoor in Sony IPELA Engine IP Cameras.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/offensive-security/exploit-database
Blog: https://www.exploit-db.com/searchsploit/
Description: The Exploit Database Git Repository.

URL: https://github.com/upgoingstar/datasploit
Description: A tool to perform various OSINT techniques.

URL: https://github.com/gchq/CyberChef
Description: Tool for encryption, encoding, compression, data analysisa nd more.

URL: https://github.com/chaitin/pro
Description: PRO - PROgramming ROP like a PRO.

URL: https://github.com/mandatoryprogrammer/cloudflare_enum
Description: Cloudflare Enumeration Tool v1.2.

URL: https://github.com/jedisct1/iptoasn-webservice
Description: Web service to map IP addresses to AS information, using iptoasn.com.

URL: https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
Description: Tar extract pathname bypass.

URL: https://github.com/xdavidhu/mitmAP
Description: A python program, to create a fake AP, and sniff data.

URL: https://github.com/tinysec/jswd
Description: Chakra-based windbg javascript extension.

URL: https://github.com/pyupio/safety-db
Description: A curated database of insecure Python packages.

URL: https://github.com/Bioruebe/UniExtract2
Description: Universal Extractor (ZIP, RAR, self-extracting, apps installers, ...).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://objective-see.com/blog/blog_0x14.html
More: https://apple.lib.utah.edu/?p=1444
Description: Bypassing Apple's System Integrity Protection.

URL: http://www.adlice.com/google-chrome-secure-preferences/
Description: Google Chrome - Bypassing Secure Preferences.

URL: http://colin.keigher.ca/2016/12/going-viral-on-imgur-with-powershell.html
Description: Going viral on Imgur with Powershell and PNG.

URL: https://mambrui.github.io/2016/11/rooting-vm
Description: Rooting an appliance for fun (and maybe profit?).

URL: https://blog.paranoidsoftware.com/dirty-cow-cve-2016-5195-docker-container-escape/
Description: Dirty COW - (CVE-2016-5195) - Docker Container Escape.

URL: https://goo.gl/yCPYpL (+)
Description: Digging Into SysInternals - PsExec.

URL: https://dougallj.wordpress.com/2016/11/13/exploiting-dolphin-part-1/
Description: Exploiting Dolphin (Wii emulator).

URL: https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
Description: Roundcube 1.2.2 - Command Execution via Email.

URL: https://goo.gl/eIfu9b (+)
Description: Security Testing of WebSockets.

URL: https://blog.zimperium.com/analysis-of-multiple-vulnerabilities-in-airdroid/
Description: Analysis of multiple vulnerabilities in AirDroid.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/seiferteric/qrtun
Description: IP Over QR Code Tunnel.

URL: https://peteris.rocks/blog/htop/
Description: htop explained.

URL: https://laurent22.github.io/so-injections/
Description: SQL injections vulnerabilities in Stack Overflow PHP questions.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 50 | Month: December | Year: 2016 | Release Date: 16/12/2016 | Edition: #148 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://urlscan.io
Description: Letting you know what your website is doing.

URL: https://klikki.fi/adv/yahoo2.html
Description: Yahoo Mail stored XSS.

URL: https://vulnsec.com/2016/netgear-router-rce/
More: https://kalypto.org/research/netgear-vulnerability-expanded/
Description: NetGear Router Vulnerability Expanded.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/SilverMoonSecurity/PassiveFuzzFrameworkOSX
Slides: http://www.slideshare.net/PacSecJP/moony-li-pacsec18
Description: OSX kernel vuln. fuzzer based on passive inline hook mechanism.

URL: https://github.com/YalcinYolalan/WSSAT
Description: WSSAT - Web Service Security Assessment Tool.

URL: https://github.com/benjamin-42/Trident
Related: https://jaq.alibaba.com/community/art/show?articleid=532
Description: Trident PoC CVE-2016-4655 and CVE-2016-4656.

URL: https://github.com/SpamScope/spamscope
Blog: https://honeynet.org/node/1329
Description: Fast Advanced Spam Analysis Tool.

URL: https://github.com/pmsosa/duckhunt
Description: Prevent RubberDucky (or other keystroke injection) attacks.

URL: https://github.com/unix-ninja/shellfire
Description: Exploitation shell for LFI, RFI, and command injection vulns.

URL: https://github.com/chrisallenlane/novahot
Description: A webshell framework for penetration testers.

URL: https://github.com/adde88/hostapd-mana-openwrt
Description: hostapd-mana - build-files, and installation-files for OpenWRT.

URL: https://github.com/dflemstr/rq
Description: Tool for doing record analysis and transformation (Handy).

URL: https://github.com/robertdavidgraham/telnetlogger
Description: Simple program to log login attempts on Telnet (port 23).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://github.com/rootkovska/codehash.db
Description: A public database for software and firmware hashes.

URL: https://humblesec.wordpress.com/2016/12/08/escaping-a-restricted-shell/
Description: Escaping a restricted shell.

URL: https://goo.gl/MLt1p7 (+)
Description: Trango Systems Hidden root Account Vulnerability (all models).

URL: https://goo.gl/xvrb0T (+)
Description: GitLab Vulnerabilities Analysis (CVE-2016-9086 and more).

URL: https://gist.github.com/dergachev/7916152
Description: Why You Can't Un-Root a Compromised Machine.

URL: https://jolmos.blogspot.pt/2016/11/rtldecompresbuffer-vulnerability.html
Description: RtlDecompresBuffer vulnerability.

URL: https://goo.gl/CKQPZv (+)
Description: Word Up! Microsoft Word OneTableDocumentStream Underflow.

URL: https://blog.lizzie.io/notes-about-cve-2016-7117.html
Description: Notes about CVE-2016-7117 (Linux RCE).

URL: https://github.com/pierre-ernst/s11n-hackfest2016
Description: Fixing the Java Serialization mess.

URL: https://goo.gl/3BHsWQ (+)
Description: Compromising a Linux D. using... 6502 processor opcodes on the NES?!


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/commaai
More: https://github.com/udacity/self-driving-car
Description: Make your own self-driving car.

URL: http://www.ateijelo.com/blog/2016/09/13/making-an-msx-font
Description: Making an MSX font.

URL: https://github.com/thejoshwolfe/yauzl/issues/48
Description: The .zip file specification is flawed.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 51 | Month: December | Year: 2016 | Release Date: 23/12/2016 | Edition: #149 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://labs.detectify.com/2016/12/15/postmessage-xss-on-a-million-sites/
Description: postMessage XSS on a million sites.

URL: https://goo.gl/ULx7Ud (+)
Description: Critical Vulnerability Compromising Verizon Email Accounts.

URL: https://donncha.is/2016/12/compromising-ubuntu-desktop/
Description: Reliably compromising Ubuntu desktops by attacking the crash reporter.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/riyazwalikar/adbrute
Description: ADBrute allows you to test the security of users in an AD Environment. 

URL: https://goo.gl/CTp8We (+)
Description: Root Privilege Escalation in  MySQL/MariaDB/PerconaDB (CVE-2016-6664/CVE-2016-5617).

URL: https://github.com/mempodippy/vlany
Description: Linux LD_PRELOAD rootkit (x86 and x86_64 architectures).

URL: https://github.com/Wh1t3Rh1n0/air-hammer/
Description: A WPA Enterprise horizontal brute-force attack tool.

URL: https://github.com/fdiskyou/hunter
Description: (l)user hunter using WinAPI calls only.

URL: https://github.com/stanislav-web/OpenDoor
Description: OWASP Directory Access scanner.

URL: https://goo.gl/fb63MI (+)
Description: Root Privilege Escalation in Nginx (CVE-2016-1247).

URL: https://github.com/mazen160/bfac
Description: BFAC (Backup File Artifacts Checker).

URL: https://github.com/cryptax/fittools
Description: Wristband research tools.

URL: https://github.com/tinysec/public/tree/master/CVE-2016-7255
Description: PoC for CVE-2016-7255 (Win32k Elevation of Privilege Vulnerability).

URL: https://github.com/google/sandbox-attacksurface-analysis-tools
Description: Suite of tools to test various properties of sandboxes on Windows.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://nebelwelt.net/publications/files/16STM.pdf
More: https://sites.google.com/site/exploitdevpshape/
Description: PSHAPE - Automatically Combining Gadgets for Arbitrary Method Execution.

URL: https://goo.gl/zllfk3 (+)
Description: GNU tar extract path Bypass Analysis (CVE-2016-6321).

URL: http://blog.skylined.nl/20161206001.html
Description: MSIE jscript9 Java­Script­Stack­Walker Analysis (MS15-056, CVE-2015-1730).

URL: https://hub.zhovner.com/geek/how-skype-fixes-security-vulnerabilities/
Description: How Skype fixes security vulnerabilities.

URL: https://c0rni3sm.blogspot.pt/2016/12/fiat-chrysler-automobiles-bug-bounty.html
Description: Fiat Chrysler Auto BB - Account Takeover due to a Misconfiguration.

URL: http://rednaga.io/2016/11/14/hackingteam_back_for_your_androids/
Description: HackingTeam back for your Androids, now extra insecure!

URL: http://www.sec-down.com/wordpress/?p=696
Description: Yahoo! Escalated Remote File Inclusion Vulnerability.

URL: https://goo.gl/xxEiWP (+)
Description: Fun with Windows binaries – application white-list bypass using msiexec.

URL: https://goo.gl/aZSbLk (+)
Description: A journey from JNDI/LDAP manipulation ro RCE dream land.

URL: https://www.pelock.com/articles/how-to-write-a-crackme-for-a-ctf-competition
Description: How to write a CrackMe for a CTF competition.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/simon-whitehead/hakka
Description: A game where each level requires a bit of hacking.

URL: https://github.com/tunnelshade/pocuito
Description: Chrome extension to record and replay your web apps PoCs.

URL: https://www.unforgettable.dk/
Description: 42.zip.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 52 | Month: December | Year: 2016 | Release Date: 30/12/2016 | Edition: #150 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://randywestergren.com/persistent-xss-verizons-webmail-client/
Description: Persistent XSS in Verizon’s Webmail Client.

URL: https://chloe.re/2016/12/04/dealing-with-user-uploaded-files/
Description: Dealing with user uploaded files.

URL: http://tayyabqadir.com/2016/12/17/paypal-2fa-bypass-by-tayyab-qadir/
Description: PayPal 2Fa Bypass By Tayyab Qadir.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/rapid7/IoTSeeker
Description: IoT devices scanner looking for default, factory set credentials.

URL: https://github.com/iljavs/ircfuzz
Description: Fuzzer for IRC clients (Mirror).

URL: https://gitlab.com/e271/usblogger/tree/master
Description: Usblogger is a keylogger for embedded devices like the RPi.

URL: https://github.com/p0w3rsh3ll/AutoRuns
Description: Live incident response and enumerate autoruns artifacts.

URL: https://hackerone.com/reports/142549
Description: Information Disclosure through .DS_Store.

URL: https://github.com/redpois0n/native-tear
Description: Clone of hidden tear (Ransomware) written in C++.

URL: https://github.com/lgandx/Responder-Windows
Description: Responder Windows Version Beta.

URL: https://github.com/r00t-3xp10it/morpheus
Description: Morpheus - Automated Ettercap TCP/IP Hijacking Tool.

URL: https://goo.gl/fsiEqm (+)
Description: WordPress XMLRPC brute force attacks via BurpSuite.

URL: https://github.com/aszone/avenger-sh
Description: Project for finding vunerabilities in mass.

URL: https://github.com/cornerpirate/socat-shell
Description: Get a Reverse shell with bash tab completion and full shell.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://github.com/drduh/macOS-Security-and-Privacy-Guide
Description: A practical guide to securing macOS.

URL: https://d0hnuts.com/2016/12/21/basics-of-making-a-rootkit-from-syscall-to-hook/
Description: Basics of Making a Rootkit - From syscall to hook!

URL: https://goo.gl/uMEzce (+)
Description: FreePBX 13: From Cross-Site Scripting to Remote Command Execution.

URL: https://goo.gl/SFAHof (+)
Description: A Story About TP-link Device Debug Protocol (TDDP) Research.

URL: https://goo.gl/Vh6ufm (+)
Description: ASP.NET Core 5-RC1 HTTP Header Injection Vulnerability.

URL: http://blogs.360.cn/360safe/2016/11/29/three-roads-lead-to-rome-2/
Description: Three roads lead to Rome (CVE-2016-7201).

URL: http://0xthem.blogspot.pt/2015/03/hijacking-ssh-to-inject-port-forwards.html
Description: Hijacking SSH to Inject Port Forwards.

URL: https://dhavalkapil.com/blogs/SQL-Attack-Constraint-Based/
Description: SQL Attack (Constraint-based).

URL: https://goo.gl/nzmNqK (+)
Description: Bypassing Application Whitelisting By Using dnx.exe.

URL: https://www.robertputt.co.uk/2016/11/28/learn-from-your-attackers-ssh-honeypot/
Description: Learn from your attackers – SSH HoneyPot.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://docker-saigon.github.io/post/Docker-Internals/
Description: Docker Internals.

URL: https://github.com/ajgon/street-fighter-motd
Description: Street Fighter MOTDs.

URL: https://github.com/taviso/hotcorner
Description: Minimal Emulation of GNOME 3 Hot Corners with Windows 10.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 01 | Month: January | Year: 2017 | Release Date: 06/01/2017 | Edition: #151 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/NE7btw (+)
Description: Disclosing the Primary Email address for each Facebook user.

URL: https://github.com/opsxcq/exploit-CVE-2016-10033/
More: https://goo.gl/JgPZHN (+) | https://goo.gl/g8mZSi (+) | https://goo.gl/TOkEMa (+)
Description: Exploit PHP’s mail() to get Remote Code Execution (RCE).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://gist.github.com/subTee/c34d0499e232c1501ff9f0a8dd302cbd
Description: Execute C# From XSLT - Just Interesting.

URL: https://github.com/Sliim/pentest-env
Description: Pentest environment (kali linux) deployer using vagrant and chef.

URL: https://github.com/mwrlabs/wePWNise
Description: Tool to generate VBA code that can be used in Office macros/templates.

URL: https://github.com/idanr1986/cuckoo-droid/
Description: CuckooDroid - Automated Android Malware Analysis.

URL: https://github.com/NytroRST/ShellcodeCompiler
Description: Compiles C/C++ code, position-independent and NULL-free shellcode (Win).

URL: https://github.com/Cn33liz/MSBuildShell
Description: MSBuildShell, a Powershell Host running within MSBuild.exe.

URL: https://github.com/CyberPoint/Ruxcon2016ETW
Description: Make Event Tracing for Widows (ETW) Great Again (Ruxcon 2016).
 
URL: https://github.com/dhamaniasad/HeadlessBrowsers
Description: A list of (almost) all headless web browsers in existence.

URL: https://github.com/anbud/DroidDucky
Description: Simple duckyscript interpreter in Bash.

URL: http://security.szurek.pl/e107-cms-211-privilege-escalation.html
Description: e107 CMS 2.1.1 Privilege Escalation.

URL: https://github.com/milo2012/owaDump
Description: Search Email Accounts (OWA) for Passwords, PAN numbers and more.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://hacksys.vfreaks.com/research/shellcode-of-death.html
Description: "Shellcode of Death" (Windows x86).

URL: http://lucumr.pocoo.org/2016/12/29/careful-with-str-format/
Description: Be Careful with Python's New-Style String Format.

URL: http://asintsov.blogspot.pt/2016/12/bypassing-exploit-protection-of-norton.html
Description: Bypassing Exploit protection of NORTON Security.

URL: https://goo.gl/f5qb4m (+)
Description: Covert persistence in Express.js applications.

URL: https://goo.gl/eLAj3P (+)
Description: Command Injection/Elevation – Environment Variables Revisited.

URL: https://www.swordshield.com/2016/10/multi-tool-multi-user-http-proxy/
Description: Multi-Tool/User HTTP Proxy - Empire + Metasploit Tweaks (Tips and Tricks).

URL: https://bugs.chromium.org/p/project-zero/issues/detail?id=978
Description: The Insecurity of Security Software - Kaspersky SSL Interception.

URL: http://www.peter.hartmann.tk/single-post/2016/11/29/Fuzzing-Qt-with-libFuzzer
Description: Fuzzing Qt with libFuzzer.

URL: https://haveyousecured.blogspot.pt/2016/12/attempting-to-detect-responder-with.html
Description: (Attempting) to Detect Responder with Sysmon.

URL: https://subt0x10.blogspot.pt/2016/12/mimikatz-delivery-via-clickonce-with.html
Description: Mimikatz Delivery via ClickOnce with URL Parameters.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/stepchowfun/doesgoogleexecutejavascript
Description: Does Google Execute JavaScript?

URL: https://github.com/alexertech/python_crash_course
Description: Python Crash Course.

URL: https://threejs.org
Description: Web 3D Studio.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 02 | Month: January | Year: 2017 | Release Date: 13/01/2017 | Edition: #152 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://blog.orange.tw/2017/01/bug-bounty-github-enterprise-sql-injection.html
Description: GitHub Enterprise SQL Injection (Bug Bounty).

URL: http://sebastian-lekies.de/csp/bypasses.php
Description: Collection of CSP bypasses (Dump).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://goo.gl/Qz8NV1 (+)
PoC: https://goo.gl/U3XVhw (+)
Description: Exfiltration of User Credentials using WLAN SSID.

URL: https://github.com/lightbulb-framework/lightbulb-framework
Blog: https://goo.gl/v9ejov (+)
Description: Python framework for auditing web applications firewalls.

URL: https://github.com/mwrlabs/KernelFuzzer
Description: Cross Platform Kernel Fuzzer Framework.

URL: https://github.com/Sab0tag3d/SIET/
Description: Smart Install Exploitation Tool.

URL: https://github.com/koczkatamas/kaitai_struct_webide
Description: Online editor/visualizer for Kaitai Struct .ksy files.

URL: https://github.com/x64dbg/SlothBP
Description: Collaborative Breakpoint Manager for x64dbg.

URL: https://github.com/dagrz/aws_pwn
Description: A collection of AWS penetration testing junk.

URL: https://github.com/reevesrs24/WinMACSpoofer
Description: Windows application for spoofing the MAC address.

URL: https://github.com/codepr/creak
Description: Poison, reset, spoof, redirect MiTM script.

URL: https://github.com/zxsecurity/gpsnitch
Description: GPS Spoofer Catcher, the GPS IDS.

URL: https://github.com/rotlogix/lobotomy
Description: Android Reverse Engineering.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/7diAiw (+)
PoC: https://github.com/silentsignal/burp-collab-gw
Description: Exploiting blind SQL injections with Burp Collaborator.

URL: https://lowleveldesign.wordpress.com/2016/11/30/decrypting-asp-net-4-5/
Description: Decrypting ASP.NET 4.5.

URL: http://www.hemanthjoseph.com/2016/11/how-i-bypassed-apples-most-secure-find.html
Description: How I Bypassed Apple's Most Secure iCloud Activation Lock.

URL: http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html
Description: Remote Code Execution in CCTV-DVR affecting over 70 different vendors.

URL: https://siguza.github.io/cl0ver/
PoC: https://github.com/Siguza/cl0ver
Description: tfp0 (task-for-pid-zero) powered by Pegasus.

URL: https://hackmag.com/security/ad-forest/
Description: The Forest Is Under Control. Taking over the entire AD forest.

URL: http://www.netmux.com/blog/cracking-12-character-above-passwords
Description: Cracking The 12+ Character Password Barrier, Literally (Tips&Tricks).

URL: http://ramtin-amin.fr/#nvmedma
Description: Secure Rom extraction on iPhone 6s.

URL: https://github.com/saaramar/Deterministic_LFH
Description: Have fun with the LowFragmentationHeap (Windowns Research).

URL: https://goo.gl/PVbpJs (+)
Description: Solving an Android Crackme with a Little Symbolic Execution.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://hackerone.com/reports/5534
Description: Permanent Denial of Service.

URL: https://www.foo.be/2016/12/OpenPGP-really-works
Description: OpenPGP really works.

URL: http://chris.beams.io/posts/git-commit/
Description: How to Write a Git Commit Message.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 03 | Month: January | Year: 2017 | Release Date: 20/01/2017 | Edition: #153 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://finnwea.com/blog/stealing-passwords-from-mcdonalds-users
Description: Stealing passwords from McDonald's users (AngularJS Security).

URL: http://insert-script.blogspot.pt/2016/10/pdf-how-to-steal-pdfs-by-injecting.html
Description: PDF - How to steal PDFs by injecting JavaScript.

URL: http://4lemon.ru/2017-01-17_facebook_imagetragick_remote_code_execution.html
Description: Facebook's ImageTragick Remote Code Execution.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://goo.gl/MdCd6S (+)
Description: Nagios Core < 4.2.2 - Curl Command Injection (CVE-2016-9565-2008-4796).

URL: https://github.com/zxsecurity/tardgps
Description: Tool for change the time on a GPS-enabled NTP server.

URL: https://github.com/cheetahsec/avmdbg
Description: Lightweight debugger for android virtual machine.

URL: http://techlog360.com/all-windows-cmd-commands/
Description: List Of All Available Windows CMD Commands.

URL: https://github.com/JonnyHightower/neet
Description: Neet - Network Enumeration and Exploitation Tool.

URL: https://github.com/mandatoryprogrammer/JudasDNS
Description: Nameserver DNS poisoning attacks made easy.

URL: http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html
Description: SHIFT+F10 to get a Command Prompt ;).

URL: https://digi.ninja/blog/rdp_show_login_page.php
Description: Windows RDP client, show login page.

URL: https://gitlab.com/micaksica/CVE-2016-1000304
Description: Arbitrary code execution vector for PouchDB (CVE-2016-1000304).

URL: http://dumpco.re/cve-2016-7434/
Description: ntpd remote pre-auth Denial of Service (CVE-2016-7434).

URL: https://github.com/ytisf/PyExfil
Description: A couple of beta stage tools for data exfiltration.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/U57NCx (+)
PoC: https://github.com/malerisch/omnivista-8770-unauth-rce
Description: How I learned GIOP and gained Unauthenticated RCE.

URL: https://github.com/nebgnahz/awesome-iot-hacks
Description: Hacks in IoT Space so that we can address them (hopefully).

URL: https://goo.gl/ZA2NUG (+)
Description: A look at how private messengers handle key changes.

URL: http://blog.amossys.fr/intro-to-use-after-free-detection.html
Description: Use-After-Free detection in binary code by static analysis.

URL: https://goo.gl/abZVVL (+)
Description: Hacking 27% of the Web via WordPress Auto-Update.

URL: https://insinuator.net/2016/12/analyzing-yet-another-smart-home-device/
Description: Analyzing yet another Smart Home device.

URL: https://www.curesec.com/blog/article/blog/Tap-039n039-Sniff-185.html
Description: Tap 'n' Sniff (Red Team Tricks).

URL: https://www.dsinternals.com/en/impersonating-office-365-users-mimikatz/
Description: Impersonating Office 365 Users With Mimikatz.

URL: https://goo.gl/YXYM3N (+)
Description: Practical Android Debugging Via KGDB.

URL: https://hackerone.com/reports/187134
Description: JSBeautifier BApp - Race condition leads to memory disclosure.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://yolocaust.de/
Description: YOLOCAUST (Wake up call!).

URL: https://github.com/koalaman/shellcheck
Description: ShellCheck, a static analysis tool for shell scripts.

URL: https://gist.github.com/marcan/a2eafd605d3d6ac76eb10a7c64f736c3
Description: Linux kernel initialization, translated to bash.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 04 | Month: January | Year: 2017 | Release Date: 27/01/2017 | Edition: #154 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/90LFIj (+)
PoC: https://github.com/Mawalu/whatsapp-phishing
Description: Hijacking Whatsapp accounts using Whatsapp Web.

URL: https://goo.gl/KuuOMq (+)
Description: Facebook Bug Bounty - Delete Any Video on Facebook.

URL: https://httpsonly.blogspot.pt/2017/01/0day-writeup-xxe-in-ubercom.html
Description: 0day writeup - XXE in uber.com.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/vvalien/SharpMeter
Demo: https://pbs.twimg.com/tweet_video/Cym5KtNXcAE9J5H.mp4
Description: A Simple Way To Make Meterpreter Reverse Payloads.

URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Description: Windows Privilege Escalation Methods for Pentesters.

URL: https://gist.github.com/anonymous/f0b9a85e25ea097f810b4d79e9e005a5
Description: This script attempts to decode common PowerShell encoded scripts.

URL: https://gist.github.com/chtg/4849e0c2cfc1f08eb6532f347594c66c
Description: GMP Deserialization Type Confusion Vulnerability (MyBB <= 1.8.3 RCE).

URL: https://github.com/JLospinoso/beamgun/
Description: A USB Rubber Ducky defeat program for Windows.

URL: https://gist.github.com/Wack0/a3435cafa5eb372b190f971190a506b8
Description: IoT webcams - RCE, reverse shell PoC (qemu).

URL: https://github.com/lanmaster53/honeybadger
Description: HoneyBadger is a framework for targeted geolocation.

URL: https://github.com/Screetsec/Brutal
Description: Teensy 3.x payloads generation tool.

URL: https://github.com/IOActive/I-know-where-your-page-lives
Description: Derandomizing the latest Windows 10 Kernel (ZeroNights 2016).

URL: https://github.com/ewilded/shelling
Description: OS command injection research and testing.

URL: http://andresriancho.github.io/nimbostratus/
Description: Tools for fingerprinting and exploiting Amazon cloud infrastructures.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://yurichev.com/writings/toy_decompiler.pdf
PoC: https://github.com/dennis714/random_notes/tree/master/toy%20decompiler
Description: Toy decompiler for x86-64 written in Python.

URL: https://woumn.wordpress.com/2016/12/07/rop-heap-spray-for-a-reverse-shell-in-ie8/
Description: ROP&Heap Spray for a Reverse Shell in IE8.

URL: http://sten0.ghost.io/2016/10/13/abusing-dorking-and-robots-txt/
Description: Dorking and Robots.txt.

URL: https://nation.state.actor/mcafee.html
Description: McAfee Virus Scan for Linux (Pwn).

URL: https://boredhackerblog.blogspot.pt/2016/02/how-we-broke-into-your-house.html
Description: How we broke into your house (RTL-SDR research).

URL: https://pentest.blog/data-ex-filtration-with-dns-in-sqli-attacks/
Description: Data Exfiltration with DNS in SQLi attacks.

URL: https://securitycafe.ro/2017/01/18/practical-jsonp-injection/
Description: Practical JSONP Injection.

URL: https://0x00sec.org/t/remote-exploit-shellcode-without-sockets/1440
Description: Remote Exploit. Shellcode without Sockets.

URL: http://blog.tihmstar.net/2017/01/how-to-downgrade-without-jailbreak.html
Description: How to downgrade without jailbreak using prometheus.

URL: https://goo.gl/eUDIqC (+)
Description: Hooking Android System Calls for Pleasure and Benefit.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://astronaut.io/
Description: Home videos from the past week.

URL: https://goo.gl/N9Ia4k (+)
Description: A Pentester’s Cache of 0-days.

URL: https://github.com/oneuijs/You-Dont-Need-jQuery
Description: You Don't Need jQuery.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 05 | Month: February | Year: 2017 | Release Date: 03/02/2017 | Edition: #155 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://s1gnalcha0s.github.io/epub/2017/01/25/This-book-reads-you.html
Description: This book reads you - exploiting ePub book format.

URL: http://phrack.org/papers/cyber_grand_shellphish.html
Description: Cyber Grand Shellphish.

URL: https://hackerone.com/reports/166942
Description: Leaking OAuth authorization to 3rd party websites (callbacks).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://doxmyipwindowstool.codeplex.com/
Description: Simple IP address browser for Windows.

URL: https://github.com/OWASP/glue
Description: Application Security Automation.

URL: https://github.com/nowsecure/r2frida
Description: Radare2 and Frida better together.

URL: https://phpinfo.me/2016/07/07/1275.html
Description: Redis Hacks Dump (Tips&Tricks).

URL: https://github.com/mazen160/server-status_PWN
Description: Apache server-status monitor and information extraction.

URL: https://github.com/John-Lin/docker-snort
Description: Snort in Docker for Network Functions Virtualization (NFV).

URL: https://github.com/dxa4481/whatsinmyredis
Description: Redis ransomware and data stealer.

URL: https://github.com/darryllane/Bluto
Description: Recon swiss army knife.

URL: https://github.com/govolution/avet
Description: AntiVirus Evasion Tool.

URL: https://github.com/Cn33liz/HSEVD-ArbitraryOverwriteGDI
Description: HackSys Extreme Vulnerable Driver.

URL: http://security.szurek.pl/winpower-v4904-privilege-escalation.html
Description: WinPower V4.9.0.4 Privilege Escalation.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://web-in-security.blogspot.pt/2017/01/printer-security.html
More: http://seclists.org/fulldisclosure/2017/Jan/89
Description: Printer Exploitation Research.

URL: https://raz0r.name/articles/universal-isomorphic-web-applications-security/
Description: Universal (Isomorphic) Web Applications Security (React and Redux).

URL: https://goo.gl/9LGkzY (+)
Description: Simple domain fronting PoC with GAE C2 server.

URL: https://lukasa.co.uk/2016/12/Debugging_Your_Operating_System/
Description: Debugging Your Operating System - A Lesson In Memory Allocation.

URL: https://github.com/dennis714/RE-for-beginners
Description: Reverse Engineering for Beginners (Book).

URL: http://blog.thinkst.com/p/canarytokensorg-quick-free-detection.html
PoC: http://canarytokens.com/generate
Description: Quick, Free, Detection for the Masses.

URL: https://goo.gl/qFFdEI (+)
Description: Exploiting IoT enabled BLE smart bulb security.

URL: https://goo.gl/wrJFoL (+)
Description: Local Privilege Escalation in Illumos via /proc.

URL: http://blog.volema.com/nginx-insecurities.html#.WFMh_WGLSV5
Description: Some cases of insecure NGINX configurations.

URL: http://blog.frizk.net/2016/12/filevault-password-retrieval.html
Description: macOS FileVault2 Password Retrieval.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://incept10n.com/
Description: Polyglot Inception4 (JPEG = CSS = JS = HTML).

URL: https://www.expeditedssl.com/aws-in-plain-english
Description: Amazon Web Services in Plain English.

URL: https://cmdchallenge.com/
Description: Are you up for the command line challenge?


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 06 | Month: February | Year: 2017 | Release Date: 10/02/2017 | Edition: #156 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/9zv6U7 (+)
More: https://blogs.akamai.com/2017/02/wordpress-web-api-vulnerability.html
PoCs: https://goo.gl/ZMkHWG (+)
Description: Content Injection Vulnerability in WordPress.

URL: http://sirdarckcat.blogspot.pt/2017/02/unpatched-0day-jquery-mobile-xss.html
Description: Unpatched (0day) jQuery Mobile XSS.

URL: https://goo.gl/fuAQaC (+)
Description: Turning Self-XSS into Good-XSS (AirBnb Bug Bounty).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/secretsquirrel/fido
More: https://modexp.wordpress.com/2017/02/03/shellcode-iat/
Description: Teaching old shellcode new tricks.

URL: https://github.com/iadgov/Secure-Host-Baseline
Description: DoD Windows 10 Secure Host Baseline (Configs and files).

URL: https://sensepost.com/blog/2016/intercepting-passwords-with-empire-and-winning/
Description: Intercepting passwords with Empire and winning!

URL: https://github.com/mozilla/minion
Description: Minion is a security testing framework built by Mozilla.

URL: https://github.com/CoalfireLabs/java_deserialization_exploits
Description: A collection of Java Deserialization Exploits.

URL: https://github.com/trustedsec/tap
Description: The TrustedSec Attack Platform (TAP).

URL: https://zerosum0x0.blogspot.pt/2016/05/xml-attack-for-c-remote-code-execution.html
Description: XML Attack for C# Remote Code Execution.

URL: https://github.com/yujokang/epex
Description: EPEx - Error Path Exploration for Finding Error Handling Bugs.

URL: https://github.com/mateuszk87/PcapViz
Description: Visualize network topologies and graph statistics based on pcap files.

URL: https://github.com/sensepost/xrdp
Description: RDP tool for X11 protocol exploiting unauthenticated x11 sessions.

URL: https://goo.gl/8eHB5Y (+)
Description: Microsoft PowerShell - XML External Entity Injection.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/ssYMu2 (+)
More: https://goo.gl/yTcjNS (+)
Description: OpenSSL 1.1.0 Vulnerability Analysis (CVE-2016-7054).

URL: https://goo.gl/CYvxms (+)
Description: Type Juggling and PHP Object Injection, and SQLi, Oh My!

URL: https://goo.gl/KqHGkN (+)
Description: Exploiting Node.js deserialization bug for Remote Code Execution.

URL: https://filippo.io/Ticketbleed/
Description: Ticketbleed - F5 BIG-IP TLS/SSL stack issue (CVE-2016-9244).

URL: https://hackerone.com/reports/172562
Description: LZMADecompressor.decompress Use After Free in Python.

URL: https://techblog.mediaservice.net/2016/10/exploiting-ognl-injection/
Description: Exploiting OGNL Inj. of Apache Struts (Expression Language Injection).

URL: https://osandamalith.com/2017/02/03/mysql-out-of-band-hacking/
Description: MySQL Out-of-Band Hacking.

URL: https://securityresear.ch/2017/02/08/oneplus3-bootloader-vulns/
Description: Owning a Locked OnePlus 3/3T - Bootloader Vulnerabilities.

URL: https://blog.appcanary.com/2017/http-security-headers.html
Description: Everything you need to know about HTTP security headers.

URL: http://theori.io/research/chakra-jit-cfg-bypass
Description: Chakra JIT CFG Bypass.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/andrew-d/emoji256
Description: Base256 encoding with emoji.

URL: https://github.com/Sliim/pentest-lab
Description: Pentest Lab on OpenStack with Heat & Chef provisioning.

URL: https://xuset.github.io/planktos/
Description: Serving websites over bittorrent.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 07 | Month: February | Year: 2017 | Release Date: 17/02/2017 | Edition: #157 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://deadpool.sh/2017/RCE-Springs/
Description: Spring Boot RCE.

URL: https://www.brokenbrowser.com/uxss-ie-htmlfile/
Description: SOP bypass/UXSS on IE11 htmlFile.

URL: https://goo.gl/nlojkc (+)
Description: Google Bug Hunter Account Hijack with Two Clicks in IE.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/farrokhi/dnsdiag
Blog: https://blog.webernetz.net/2016/12/06/detect-dns-spoofing-dnstraceroute/
Description: DNS Diagnostics and Performance Measurement Tools.

URL: https://github.com/rsmudge/ElevateKit
Description: Cobalt Strike's Beacon payload w/ 3rd Party PE scripts.

URL: https://goo.gl/R9gdqX (+)
Description: Adobe Flash Player SOP bypass.

URL: http://blog.inspired-sec.com/archive/2017/02/14/Mail-Server-Setup.html
Description: Mail Servers Made Easy.

URL: https://github.com/decalage2/ViperMonkey
Docker: https://github.com/xme/dockers/tree/master/vipermonkey
Description: A VBA parser and emulation engine to analyze malicious macros.

URL: https://github.com/JakeWharton/pidcat
Description: Colored logcat to show log entries for a specific application.

URL: https://github.com/techbliss/Python_editor
Description: Better CodeEditor for Ida Pro.

URL: https://github.com/graniet/Inspector
Description: Privilege Escalation Unix helper.

URL: https://github.com/refractionPOINT/limacharlie
Description: Endpoint monitoring stack.

URL: https://github.com/GDSSecurity/xxe-recursive-download
Description: This tool exploits XXE to retrieve files from a target server. 

URL: https://github.com/PinDemonium/PinDemonium
Description: An implementation of a generic unpacker based on Intel PIN.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/vOXIvA (+)
PoC: https://github.com/cloudsek/Mutator
Description: Cloud-AI – An Artificial Intelligence on the Cloud.

URL: https://goo.gl/ywuBjX (+)
Description: Arbitrary command execution vulnerabilities in RVM <=1.28.0.

URL: https://what.pwned.me/index.php/2017/01/23/axis-206-pwned/
Description: How To Pwn An AXIS 206 IP Cam And Have Fun With It Afterwards.

URL: http://exfil.co/2017/01/17/wiegotcha-rfid-thief/
Related: http://pidoorman.co.uk/
Description: Wiegotcha – RFID Thief.

URL: https://www.x41-dsec.de/lab/advisories/x41-2016-signal/
Description: Vulnerabilities in Signal Private Messenger.

URL: https://www.tazj.in/en/1486830338
Description: Reverse-engineering WatchGuard Mobile VPN.

URL: https://goo.gl/X7rYaC (+)
Description: Command Injection Vulnerability in Hostinger.

URL: http://blog.ioactive.com/2016/12/in-flight-hacking-system.html
Description: In Flight Hacking System.

URL: https://www.foo.be/2017/01/Squashfs_As_A_Forensic_Container
Description: Squashfs As A Forensic Container.

URL: http://pwnanisec.blogspot.pt/2017/02/use-after-free-in-google-hangouts.html
Description: Use After Free in Google Hangouts ActiveX.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://vulnsec.com/2017/reverse-engineering-a-book-cover/
Description: Reverse Engineering a book cover (Writeup).

URL: https://gist.github.com/danielfaust/998441
Description: Samsung TV Remote Control Python Script.

URL: https://goo.gl/lUkrm7 (+)
Description: Designing a Business Card in LaTeX.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 08 | Month: February | Year: 2017 | Release Date: 24/02/2017 | Edition: #158 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://shattered.it/
PoC: https://alf.nu/SHA1
Description: We have broken SHA-1 in practice.

URL: https://dhavalkapil.com/blogs/Attacking-the-OAuth-Protocol/
More: https://sakurity.com/oauth
Description: Attacking the OAuth Protocol.

URL: https://thesbros.github.io/2017/02/16/geforce-experience-vulnerability.html
Description: Path traversal vulnerability in NVIDIA GeForce Experience.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://goo.gl/Les62U (+)
PoC: https://github.com/NetSPI/crossdomainscanner
Description: Defeating CSRF protections through expired cross-domain.xml domains.

URL: https://github.com/olivo/redos-detector
Description: Detect RegEx denial-of-service vulnerabilities in Android apps.

URL: https://github.com/f-secure/reflash
Description: ActionScript3 dynamic instrumentation tool.

URL: https://nlnetlabs.nl/projects/dnssec-trigger/
Description: Dnssec-trigger reconfigures the local unbound DNS server.

URL: https://github.com/yassineaddi/BackdoorMan
Description: Find malicious, hidden and suspicious PHP scripts/shells.

URL: http://newandroidbook.com/tools/jtrace.html
Description: jtrace - augmented, Android aware strace (work in Linux).

URL: http://bernardodamele.blogspot.pt/2011/09/reverse-shells-one-liners.html
Description: Reverse shells one-liners (Oldies).

URL: https://github.com/jakev/pushstore-parser
Description: Script to parse Apple Push Notification service files (".pushstore").

URL: http://security-assessment.com/files/documents/advisory/SplunkAdvisory.pdf
Description: Splunk Enterprise 6.4.3 - Server-Side Request Forgery (SSRF).

URL: https://github.com/google/wycheproof
Description: Project Wycheproof tests crypto libraries against known attacks.

URL: https://github.com/paulgclark/waveconverter
Description: An Open Source tool for RF reverse engineering.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://ruimarinho.gitbooks.io/yubikey-handbook/content/
More: http://www.tedunangst.com/flak/post/using-yubikeys-everywhere
Description: Yubikey Handbook.

URL: https://goo.gl/hE1V1S (+)
Description: Compromising Domain Admin in Internal Pentest.

URL: https://www.stevencampbell.info/2017/02/configure-pentest-dropbox-dns-tunneling/
Description: Configure pentest dropbox DNS tunneling.

URL: https://shiftordie.de/blog/2017/02/18/smtp-over-xxe/
Description: SMTP over XXE − how to send emails using Java's XML parser.

URL: http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html
Description: Java/Python FTP Injections Allow for Firewall Bypass.

URL: https://goo.gl/WW01xo (+)
Description: Hacking Android phone. How deep the rabbit hole goes.

URL: http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf
Blog: https://www.vusec.net/projects/anc/
Description: ASLR^CACHE Attack Defeats Address Space Layout Randomization.

URL: https://security.tencent.com/index.php/blog/msg/110
Description: Android Voice mail forgery vulnerability analysis (CVE-2016-6771).

URL: https://goo.gl/TBPei2 (+)
Description: How to Test Horizontal&Vertical Authorization Issues in Web Apps?

URL: https://goo.gl/R3ehjE (+)
Research: https://jhalderm.com/pub/papers/interception-ndss17.pdf
Description: SSL Fingerprinting and Hijacking.

URL: https://lamehackersguide.blogspot.pt/2017/02/weaponizing-postscript.html
Description: Weaponizing PostScript.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/k4m4/movies-for-hackers
Description: A curated list of movies every hacker & cyberpunk must watch.

URL: https://github.com/DimitriFourny/csgo-hack
Description: Counter-Strike - Global Offensive Hack.

URL: https://github.com/SirCmpwn/evilpass
Description: Slightly evil password strength checker.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 09 | Month: March | Year: 2017 | Release Date: 03/03/2017 | Edition: #159  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/3V9m3m (+)
PoC: https://github.com/eastee/rebreakcaptcha
Description: Breaking Google’s ReCaptcha v2 using.. Google.

URL: http://omergil.blogspot.pt/2017/02/web-cache-deception-attack.html
Description: Web Cache Deception Attack.

URL: https://www.zyantific.com/blog/bypassing-telekom-fon-hotspot-authentication/
Description: Bypassing Telekom FON hotspot authentication.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://www.xorrior.com/Empire-Domain-Fronting/
More: https://goo.gl/CsFOFH (+)
Description: Empire Domain Fronting.

URL: https://github.com/kylemcdonald/FreeWifi
Description: How to get free wifi.

URL: http://leucosite.com/FireFox-RCE/
Description: FireFox RCE by chaining small bugs.

URL: https://github.com/adtac/autovpn
Description: Easily connect to a VPN in a country of your choice.

URL: https://github.com/Kevin-Robertson/Inveigh/
Description: Inveigh is a Windows PowerShell LLMNR/NBNS spoofer/mitm tool.

URL: https://github.com/tunz/js-vuln-db
Description: A collection of JavaScript engine CVEs with PoCs.

URL: https://goo.gl/9Z2HmN (+)
Description: Stack buffer overflow vulnerability in NETGEAR WNR2000 router.

URL: https://github.com/mattifestation/PowerShellArsenal
Description: A PowerShell Module Dedicated to Reverse Engineering.

URL: https://github.com/dana-at-cp/backdoor-apk
Description: Shell script to backdoor any Android APK file.

URL: https://akondrat.blogspot.pt/2016/12/pivoting-kerberos-golden-tickets-in.html
Description: Pivoting kerberos golden tickets in Linux.

URL: https://github.com/pwnsdx/Security-Bypass
Description: Bypass alerts of Little Flocker/Snitch, HandsOff! and BlockBlock.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://blog.xyz.is/2016/vita-netps-ioctl.html
PoC: https://github.com/henkaku/henkaku/blob/stage-2/urop/exploit.rop.in
Description: Vita sceNetIoctl use-after-free

URL: https://goo.gl/YjcDMC (+)
Description: Unexpected Journey into the AlienVault OSSIM/USM During Engagement.

URL: https://mijailovic.net/2017/01/22/removing-edge-magazine-drm/
Description: Removing Edge Magazine DRM.

URL: https://mo.github.io/2017/02/20/cross-origin-resource-sharing.html
Description: Same-Origin Policy, CSRF and CORS (Reference).

URL: https://improsec.com/blog//windows-kernel-shellcode-on-windows-10-part-1
Description: Windows Kernel Shellcode on Windows 10.

URL: https://goo.gl/3pCejL (+)
Description: This domain is my domain - G Suite A record vulnerability.

URL: http://timeofcheck.com/time-based-blind-sqli-on-news-starbucks-com/
Description: Time-based Blind SQLi on news.starbucks.com.

URL: https://goo.gl/aFfO6E (+)
Description: Lottapixel -My first 500$ bounty!

URL: https://sagi.io/2016/09/cve-2016-3873-arbitrary-kernel-write-in-nexus-9/
PoC: https://github.com/sagi/Android_POCs/tree/master/CVE-2016-3873
Description: CVE-2016-3873: Arbitrary Kernel Write in Nexus 9.

URL: https://team-sik.org/trent_portfolio/password-manager-apps/
Description: Security issues in major Android password manager apps.

URL: https://www.secureworks.com/blog/attacking-windows-smb-zero-day-vulnerability
Description: Attacking Windows SMB Zero-Day Vulnerability.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/x0rz/tweets_analyzer
Blog: https://goo.gl/TdgngP (+)
Description: Tweets metadata scraper & activity analyzer.

URL: https://github.com/Shmoopty/rpi-appliance-monitor
Description: Raspberry Pi Appliance Monitor.

URL: http://pc.textmod.es/
Description: Text Art Preservation.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 10 | Month: March | Year: 2017 | Release Date: 10/03/2017 | Edition: #160  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://klikki.fi/adv/bttv.html
Description: BetterTTV Chrome extension stored XSS.

URL: https://goo.gl/0GUXQJ (+)
Description: Hacking Slack using postMessage and WebSocket-reconnect.

URL: https://goo.gl/7yUj5d (+)
Description: Ok Google, Give Me All Your Internal DNS Information!


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/antire-book/dont_panic
Book: https://leanpub.com/anti-reverse-engineering-linux
Description: Linux bind shell with anti-reverse engineering techniques.

URL: https://github.com/michael-myers/MacOS-WPA-PSK
Description: Script to get wireless key from MacOS NVRAM.

URL: https://github.com/nettitude/xss_payloads
Description: Payloads for practical exploitation of cross site scripting.

URL: https://github.com/sirusdv/EdgeHTTP2Fuzzer
Description: HTTP/2 Peach Pit for Microsoft Edge.

URL: https://goo.gl/YrxqHQ (+)
Description: Bypassing Next-Gen AV For Fun and Profit

URL: https://github.com/Rurik/Noriben
Description: Noriben - Portable, Simple, Malware Analysis Sandbox.

URL: https://github.com/securifera/cowcron
Blog: http://research.aurainfosec.io/hunting-for-bugs-101/
Description: Cronbased Dirty Cow Exploit.

URL: https://github.com/subTee/AllTheThings
Description: Dump of known application WL/control bypasses in one file.

URL: https://www.redteam-pentesting.de/advisories/rt-sa-2016-001.txt
Description: Padding Oracle in Apache (2.3 to 2.5) mod_session_crypto.

URL: https://github.com/Arno0x/DNSDelivery
Description: DNSDelivery use DNS requests as a delivery channel.

URL: https://github.com/dekimir/RamFuzz
Description: A fuzzer for individual method parameters.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://www.exploitee.rs/index.php/Western_Digital_MyCloud
Blog: https://blog.exploitee.rs/2017/hacking_wd_mycloud/
More: http://gulftech.org/advisories/WDMyCloud%20Multiple%20Vulnerabilities/125
Description: Hacking the Western Digital MyCloud NAS.

URL: https://www.myhackerhouse.com/naenara-browser-3-5-exploit-jackrabbit/
Description: Naenara Browser 3.5 exploit (JACKRABBIT).

URL: https://squeal.net/bypassing-twitter-account-protection/
Description: Bypassing Twitter's account lockout protection.

URL: https://alephsecurity.com/2017/03/08/nexus9-fiq-debugger/
Description: Attacking Nexus 9 with Malicious Headphones.

URL: https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html
Description: Multiple vulns found in Wireless IP Camera (P2P) WIFICAM cameras.

URL: https://pages.nist.gov/mobile-threat-catalogue/
Description: Mobile Threat Catalogue.

URL: https://goo.gl/iVOK1o (+)
Description: Hijacking Broken Nameservers to Compromise Your Target.

URL: https://goo.gl/1Iml0J (+)
Description: Siklu EtherHaul Unauthenticated RCE Vulnerability (<7.4.0).

URL: https://goo.gl/6t10EZ (+)
Description: Privilege Escalation in Amazon Web Services.

URL: https://rftap.github.io/blog/2016/09/01/rftap-wifi.html
Description: Using RFtap to Detect MAC Spoofing.

URL: https://www.toshellandback.com/2017/02/11/psexec/
Description: *Puff* *Puff* PSExec.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://jamesbvaughan.com/python-twilio-scraping/
Description: Finding Free Food with Python.

URL: https://goo.gl/ObQkkZ (+)
Description: The selinux-coloring-book.

URL: https://thehftguy.com/2017/02/23/docker-in-production-an-update/
Description: Docker in Production - An Update.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 11 | Month: March | Year: 2017 | Release Date: 17/03/2017 | Edition: #161  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/wJH2GY (+)
Description: Trello Bug Bounty - Stealing the power-up tokens.

URL: https://goo.gl/3mVdcz (+)
Description: How I found a $5k Google Maps XSS (by fiddling with Protobuf).

URL: https://goo.gl/96ZeIk (+)
Description: Airbnb - Bypass "all" security mechanism to get valid issues.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/mazen160/struts-pwn
More: https://goo.gl/Ur1vWV (+) | https://goo.gl/0JIJtv (+)
Description: An exploit for Apache Struts CVE-2017-5638.

URL: https://github.com/Viralmaniar/Wifi-Dumper
Description: Tool to dump wifi profiles and cleartext passwords (Windows).

URL: https://github.com/plasma-disassembler/plasma
Description: Plasma is an interactive disassembler for x86/ARM/MIPS.

URL: https://github.com/C0reL0ader/EaST
Description: Exploits and Security Tools Framework.

URL: https://github.com/warner/magic-wormhole
Description: Get things from one computer to another, safely. 

URL: https://blog.sourceclear.com/rails_admin-vulnerability-disclosure/
Description: Rails_admin Vulnerability Disclosure.

URL: https://github.com/cr0hn/dockerscan
Description: Docker security analysis tools.

URL: https://github.com/moflow/moflow/
Description: Framework for vulnerability discovery and triage. 

URL: https://github.com/dominicgs/USBProxy
Description: A USB MiTM device using USB On-The-Go, libUSB and gadgetFS.

URL: https://github.com/sysown/proxysql
Description: High-performance MySQL proxy with a GPL license. 

URL: https://github.com/matiasb/unpy2exe
More: https://github.com/4w4k3/rePy2exe
Python3: https://github.com/NVISO-BE/decompile-py2exe
Description: Extract .pyc files from executables created with py2exe.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://pentestdan.com/rop-primer-level-0-explained/
More: https://goo.gl/HJIWzN (+)
Description: ROP Primer Level 0 Explained.

URL: https://goo.gl/7t86Kw (+)
Description: Simple and Terrifying Encryption Story (Ruby AES gem).

URL: http://www.economyofmechanism.com/github-saml.html
Description: The road to your codebase is paved with forged assertions.

URL: https://securitycafe.ro/2017/02/28/time-based-data-exfiltration/
Description: Exploiting Timed Based RCE.

URL: https://goo.gl/YVYxD4 (+)
Description: PowerShell Execution Argument Obfuscation.

URL: https://bierbaumer.net/security/asuswrt/
Description: ASUSWRT - Multiple Vulnerabilities.

URL: https://bo0om.ru/telegram-love-phdays-en
Description: Telegram mass hack on PHDays.

URL: https://vez.mrsk.me/freebsd-defaults.txt
Description: FreeBSD - a lesson in poor defaults.

URL: https://goo.gl/XqLInP (+)
Description: MS Edge Fetch API allows setting of arbitrary request headers.

URL: http://www.redblue.team/2017/02/abusing-google-app-scripting-through.html
Description: Abusing Google App Scripting Through Social Engineering.

URL: http://jackson.thuraisamy.me/oracle-opera.html
Description: RCE and PII Data Exfil in Oracle's Hotel Mgmt (CVE-2016-5663/4/5).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/jaebradley/uber-cli
Description: Uber (CLI), at your fingertips.

URL: https://yurichev.com/blog/minesweeper/
Description: Cracking Minesweeper with Z3 SMT solver.

URL: https://rsync.samba.org/how-rsync-works.html
Description: How Rsync Works - A Practical Overview.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 12 | Month: March | Year: 2017 | Release Date: 24/03/2017 | Edition: #162  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/r9a3MX (+)
Description: SQL injection in an UPDATE query - a bug bounty story!

URL: https://goo.gl/n3QisR (+)
Description: GitHub Enterprise Remote Code Execution.

URL: http://netanelrub.in/2017/03/20/moodle-remote-code-execution/
Description: Moodle – Remote Code Execution (CVE-2017-2641).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/NickSanzotta/rc4Gen
Description: MSF Reverse TCP RC4 payload encoded in PS to the clipboard.

URL: https://github.com/j-0-t/staekka
Description: Stækka Metasploit - Plugin to extends Metasploit features.

URL: https://github.com/a2o/snoopy
Description: Log every executed command to syslog (a.k.a. Snoopy Logger).

URL: https://gist.github.com/subTee/3610a16a54bcbc1fe0ebc46313f5c02e
Description: JS Delivery via SCT (Windows).

URL: http://www.hackwhackandsmack.com/?p=1021
Description: Speeding up Proxychains with Nmap/Xargs (Tips&Tricks).

URL: https://github.com/cocoahuke/ioskextdump
Description: Dump Kext information from iOS kernel cache.

URL: https://github.com/pwndbg/pwndbg
Description: Makes debugging suck less.

URL: https://github.com/probablynotablog/usb-canary
Description: Linux tool that uses pyudev to monitor USB devices.

URL: https://github.com/Kkevsterrr/backdoorme
Description: Powerful auto-backdooring utility (Post-explotation).

URL: https://github.com/phar/eyephish
Description: OpenCV based IDN option generator PoC.

URL: https://github.com/richinseattle/Dockerfiles/blob/master/afl-tools.Dockerfile
Description: Pre-built image of AFL w/ clang/qemu/afl-dyninst/TriforceAFL.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://biterrant.io/
Description: BitErrant attack.

URL: https://github.com/Dor1s/libfuzzer-workshop
Description: Materials of "Modern fuzzing of C/C++ Projects" workshop.

URL: http://www.fuzzysecurity.com/tutorials/28.html
Description: Capcom Rootkit Proof-Of-Concept.

URL: https://goo.gl/RrCmN1 (+)
Description: Gargoyle, a memory scanning evasion technique.

URL: http://blog.inspired-sec.com/archive/2017/03/17/COM-Moniker-Privesc.html
Description: From Patch Tuesday to Domain Administrator.

URL: https://goo.gl/ZEw1eh (+)
Description: Escalating Local Privileges Using Mobile Partner.

URL: https://goo.gl/GB5Hd7 (+)
Description: How to hijack RDS and RemoteApp sessions transparently.

URL: https://www.hurricanelabs.com/blog/new-xssi-vector-untold-merits-of-nosniff
Description: A New XSSI Vector (or the untold merits of nosniff).

URL: https://github.com/dapetcu21/crypto-project
Description: Breaking Node.js 0.12's RNG.

URL: https://openai.com/blog/adversarial-example-research/
Description: Attacking machine learning with adversarial examples.

URL: https://blogs.securiteam.com/index.php/archives/3052
Description: Oracle Knowledge Management XXE Leading to a RCE.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/now-examples/linux-desktop
Description: "Web" Linux desktop w/ a VNC-over-WebSocket.

URL: http://hwreblog.com/projects/arduino_nand_reader.html
Description: Arduino based NAND chip reader

URL: https://github.com/cr-marcstevens/sha1collisiondetection
Description: Library and CLI to detect SHA-1 collision in a file.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 13 | Month: March | Year: 2017 | Release Date: 31/03/2017 | Edition: #163  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/gNY8Dv (+)
Description: This book reads you - using JavaScript.

URL: https://stephensclafani.com/2017/03/21/stealing-messenger-com-login-nonces/
Description: Stealing Messenger.com Login Nonces.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/sekirkity/BrowserGather
More: https://goo.gl/iUmCBi (+)
Description: Fileless web browser information extraction.

URL: https://github.com/jasondoyle/Google-Nest-Cam-Bug-Disclosures/
Description: Google-Nest-Cam-Bug-Disclosures.

URL: https://github.com/Maktm/FLIRTDB
Description: A community driven collection of IDA (FLIRT) signatures.

URL: https://github.com/theori-io/chakra-2016-11
Description: PoC for Edge bugs (CVE-2016-7200 & CVE-2016-7201).

URL: https://github.com/CunningLogic/PixelDump_CVE-2016-8462
Description: Pixel bootloader exploit for reading flash storage (CVE-2016-8462).

URL: https://github.com/bitbeans/SimpleDnsCrypt
Description: A simple management tool for dnscrypt-proxy (Windows).

URL: https://github.com/docileninja/dress
Description: Add symbols back into a stripped ELF binary (~strip).

URL: https://github.com/Raikia/FirePhish
Description: Full-fledged phishing framework to manage all phishing engagements. 

URL: https://github.com/comaeio/Hibr2Bin
Description: Comae Hibernation File Decompressor.

URL: https://artkond.com/2017/03/23/pivoting-guide/
Description: A Red Teamer's guide to pivoting.

URL: https://github.com/dafthack/HostRecon
Description: Reconnaissance phase helper tool avoiding system commands.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/5Zq7Hw (+)
Description: Improving the security of your SSH private key files.

URL: https://goo.gl/n4fhc3 (+)
Description: Escaping a Python sandbox with a memory corruption bug.

URL: https://saelo.github.io/posts/firefox-script-loader-overflow.html
Description: Exploiting a Cross-mmap Overflow in Firefox. (CVE-2016-9066).

URL: http://bugkraut.de/posts/tainting
Description: Taint me if you can (Ruby Security).

URL: https://www.ibrahim-elsayed.com/?p=150
Description: SQLi+XXE+File path traversal Deutsche Telekom – recon never ends!

URL: https://blog.silentsignal.eu/2017/02/17/not-so-unique-snowflakes/
Description: Not so unique snowflakes (UUIDs Security).

URL: https://goo.gl/Ysh7W7 (+)
Description: First Step to Browser Exploitation.

URL: https://goo.gl/nOQ2iQ (+)
Description: Getting read access on TGI Friday’s online ordering system.

URL: https://www.invincea.com/2017/03/powershell-exploit-analyzed-line-by-line/
Description: Powershell Exploit Analyzed Line-by-Line.

URL: http://bugkraut.de/posts/bounty-txt
Description: GitHub RCE by Environment variable injection Bug Bounty writeup.

URL: https://alephsecurity.com/2017/03/26/oneplus3t-adb-charger/
Description: Owning OnePlus 3/3T w/ a Malicious Charger - The Last Piece of the Puzzle.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://www.dancounsell.com/building-a-hackintosh-pro/
Description: Building a Hackintosh Pro.

URL: https://github.com/Mte90/FB-Android-Crash
Description: Let's crash the integrated browser in Facebook.

URL: http://cybersquirrel1.com/#
Description: Disrupting at the highest levels, its #CyberWar4Ever!


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 14 | Month: April | Year: 2017 | Release Date: 07/04/2017 | Edition: #164  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/MT32ED (+)
Description: Airbnb – Web to App Phone Notification IDOR.

URL: https://bugs.chromium.org/p/project-zero/issues/detail?id=1225
Description: LastPass RCE - Global properties can be modified across isolated worlds.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/ChrisTruncer/WMImplant
Blog: https://www.fireeye.com/blog/threat-research/2017/03/wmimplant_a_wmi_ba.html
Description: A WMI Based Agentless Post-Exploitation RAT Developed in PowerShell.

URL: https://github.com/akibsayyed/safeseven
Description: SS7 Assessment Tool.

URL: https://github.com/PanagiotisDrakatos/JavaRansomware
Description: Simple Ransomware Tool in Pure Java.

URL: http://hexinject.sourceforge.net/
Description: HexInject is a very versatile packet injector and sniffer.

URL: https://github.com/Va5c0/Steghide-Brute-Force-Tool
Description: Execute a brute force attack with Steghide to files.

URL: https://github.com/ezekg/git-hound
Description: Git plugin that prevents sensitive data from being committed.

URL: https://github.com/edwardz246003/IIS_exploit
Python PoC: https://github.com/danigargu/explodingcan
Description: IIS 6.0 RCE in Microsoft Windows Server 2003 R2 (CVE-2017-7269).

URL: https://gist.github.com/joernchen/f28ec01de20b22bbbee1622a41deb601
Description: Discourse RCE.

URL: https://github.com/dxa4481/truffleHog
Description: Searches git repos for high entropy strings aka secrets.

URL: https://github.com/mauro-g/snuck
Description: Automatic XSS filter bypass, with selenium.

URL: https://github.com/elttam/advisories/tree/master/firejail
Description: Firejail advisory for TOCTOU in --get and --put (local root).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/pIKwVU (+)
Description: WhatsApp & Telegram Accounts Takeovers.

URL: https://unmitigatedrisk.com/?p=570
Description: CAs and SSL and Phishing Oh My!

URL: https://razygon.github.io/2016/09/23/iOS-kernel-heap-review-5-10/
Description: iOS kernel heap review 5-10.

URL: https://cobbr.io/ObfuscatedEmpire.html
Description: Use an obfuscated, in-memory PS C2 channel to evade AV signatures.

URL: https://goo.gl/D6mU2f (+) | https://goo.gl/eHsPc1 (+)
Description: Hacking Polar Loop - Part 1 and 2.

URL: https://goo.gl/xcQhzl (+)
Description: Breaking down qwertyoruiopz's 4.0x userland exploit.

URL: https://capacitorset.github.io/mathjs/
Description: How we exploited a RCE vulnerability in math.js.

URL: https://www.aptive.co.uk/blog/unrestricted-file-upload-testing/
Description: Unrestricted File Upload Testing.

URL: https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/
Description: Synology Bug Bounty Report.

URL: http://offsecbyautomation.com/Automating-Web-Content-Discovery/
Description: Automating Web Content Discovery (Alerting).

URL: https://codewhitesec.blogspot.pt/2017/04/amf.html
Description: AMF – Another Malicious Format.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/kjempelodott/rickify
Description: How to rickroll Spotify for Android.

URL: https://mastodon.social/
Description: Mastodon is a free, open-source social network.

URL: https://calebfenton.github.io/2017/04/05/creating_java_vm_from_android_native_code/
Description: Creating a Java VM from Android Native Code.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 15 | Month: April | Year: 2017 | Release Date: 14/04/2017 | Edition: #165  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://www.notsosecure.com/anatomy-hack-sqli-via-crypto/
Description: Anatomy of a Hack - SQLi via Crypto.

URL: http://blog.intothesymmetry.com/2017/04/csrf-in-facebookdropbox-mallory-added.html
Description: CSRF in Facebook/Dropbox - "Mallory added a file using Dropbox".


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/beehive-lab/mambo
Slides: http://www.cs.man.ac.uk/~gorgovc9/slides_hipeac.pdf
Description: A Low-Overhead Dynamic Binary Modification Tool for ARM.

URL: https://gist.github.com/anonymous/5fd967b3fe5d9201e0ec7a1d35c03a19
Description: Xiaomi's locked bootloader is insecure and useless.

URL: https://github.com/x0rz/EQGRP
More: https://github.com/x0rz/EQGRP_Lost_in_Translation
Description: Decrypted content of ShadowBrokers (NSA Leaks).

URL: https://github.com/opsdisk/batchconfig
Description: Create custom Windows batch files from a configuration file.

URL: https://cedricvb.be/post/tracing-api-calls-in-burp-with-frida/
Description: Tracing API calls in Burp with Frida.

URL: https://github.com/droope/pwlist
Description: Password lists from strangers attempting to login into my server.

URL: https://github.com/LeonardoNve/dns2proxy
Description: Offensive DNS server.

URL: https://github.com/comsecuris/gdbida
Description: Visual bridge between a GDB session and IDA Pro's disassembler.

URL: https://github.com/montyly/gueb
Description: Static analyzer that performs use-after-free detection on binary. 

URL: https://github.com/CyberDefenseInstitute/CDIR
Description: CDIR Collector - live collection tool based on oss tool/library.

URL: https://github.com/wkleinhenz/PowerShell-Botnet
Description: A POC powershell botnet.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://www.uperesia.com/booby-trapped-shortcut-generator
Python: https://github.com/carnal0wnage/python_lnk_maker
Description: Booby trap a shortcut with a backdoor.

URL: https://goo.gl/JA65ce (+)
Description: Word Up! Microsoft Word OneTableDocumentStream Underflow.

URL: https://www.vgrsec.com/post20170402.html
Description: A look at how Windows handles Unicode.

URL: https://goo.gl/xQ8tdz (+)
Description: Cryptographic Flaws In Skype For Business.

URL: http://struct.github.io/oilpan_metadata.html
Description: Chrome Oilpan - Meta Data, Freelists and more.

URL: https://blogs.securiteam.com/index.php/archives/3107
Description: Horde Groupware Webmail Multiple RCE Vulnerabilities.

URL: https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html
Description: Race condition in n_hdlc Linux kernel driver (CVE-2017-2636).

URL: https://goo.gl/GnSddg (+)
Description: Exploring UNIFI IPTV Notes v1.0.

URL: https://github.com/true-systems/om5p-ac-v2-unlocker/wiki
Description: Open Mesh OM5P-AC v2 U-Boot unlocker.

URL: https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/
PoC: https://github.com/artkond/cisco-rce/
Description: Cisco Catalyst RCE Proof-Of-Concept (CVE-2017-3881).

URL: https://goo.gl/ObZ5eL (+)
Description: WD My Cloud Mirror 2.11.153 RCE and Authentication Bypass.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/cgvwzq/writeups/blob/master/how-to-wasm.md
Description: How to WebAssembly.

URL: https://github.com/solusipse/spectrology
Description: Images to audio files with corresponding spectrograms encoder.

URL: https://github.com/spacehuhn/DeauthDetector
Description: Detect deauthentication frames using an ESP8266.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 16 | Month: April | Year: 2017 | Release Date: 21/04/2017 | Edition: #166  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/buPacq (+)
Description: Stealing sensitive data w/ the W3C Ambient Light Sensor API.

URL: https://www.brokenbrowser.com/sop-bypass-abusing-read-protocol/
Description: SOP bypass courtesy of the reading mode (Edge).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/FuzzySecurity/PSKernel-Primitives/
Description: Exploit primitives for PowerShell (Kernel exploitation helper).

URL: https://github.com/fergarrui/custom-bytecode-analyzer
Description: Java bytecode analyzer customizable via JSON rules.

URL: https://github.com/reyammer/shellnoob
Description: A shellcode writing toolkit.

URL: https://goo.gl/TvYytI (+)
Description: OpenElec RCE via Man-In-The-Middle (CVE-2017-6445).

URL: https://github.com/typhoeus/typhoeus
Description: Typhoeus wraps libcurl in order to make fast and reliable requests.

URL: https://github.com/subTee/Shellcode-Via-HTA
Description: How To Execute Shellcode via HTA.

URL: https://github.com/lijiejie/htpwdScan
Description: A python HTTP weak pass scanner.

URL: https://github.com/z0noxz/powerstager
Description: Create an executable stager that downloads a selected PS payload.

URL: https://goo.gl/vi9oqr (+)
Description: Hack All The Things - Exfiltrating Data Via DNS Requests (Oldies). 

URL: http://threatexpress.com/2016/12/slack-notifications-for-cobalt-strike/
Description: Slack Notifications for Cobalt Strike.

URL: https://github.com/HJLebbink/asm-dude
Description: Assembly syntax highlight, code completion and folding for Visual Studio.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/EfyJxm (+)
PoC: https://github.com/bhdresh/CVE-2017-0199
Description: Microsoft RTF RCE (CVE-2017-0199).

URL: https://securedorg.github.io/RE101/
Description: Reverse Engineering Malware 101.

URL: https://github.com/axi0mX/alloc8
Description: Write-up for alloc8 untethered bootrom exploit for iPhone 3GS.

URL: http://www.threathunting.net/
Description: Hunting for adversaries in your IT environment (Dump).

URL: https://github.com/ChALkeR/notes/blob/master/Improper-markup-sanitization.md
Description: Improper markup sanitization in popular software.

URL: https://martinfowler.com/articles/session-secret.html
Description: One Line of Code that Compromises Your Server.

URL: https://securitybytes.io/sudont-escape-so-easily-ce8801bf9a4b#.a941nrlj4
Description: How poor sudo configuration leads to simple full root access.

URL: https://www.n0tr00t.com/2016/12/30/jsm-Bypass-via-CreateClassLoader.html
Description: JSM Bypass via createClassLoader.

URL: https://statuscode.ch/2016/01/subtle-vulnerabilties-with-php-and-curl/
Description: Subtle vulnerabilities with PHP and cURL.

URL: http://eryanbot.com/jtp/2012/06/30/game-hacking-utilizing-code-caves/
Description: Game Hacking-Utilizing Code Caves - JMP Method (Oldies).

URL: https://goo.gl/j0UImT (+)
Description: Trend Micro – Control Manager 6.0.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/Genymobile/gnirehtet
Description: Gnirehtet provides reverse tethering for Android.

URL: https://goo.gl/Vfkqdm (+)
Description: SEGA Mega Drive/Genesis hardware notes.

URL: http://blog.svenbrauch.de/2017/02/19/homemade-10-mbits-laser-optical-ethernet-transceiver/
Description: Homemade 10 Mbit/s Laser - Optical Ethernet transceiver.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 17 | Month: April | Year: 2017 | Release Date: 28/04/2017 | Edition: #167  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/SXXey1 (+)
Description: Old School Phishing Vulnerability on Outlook for Mac (CVE-2017-0207).

URL: https://hackerone.com/reports/220494
Description: GitHub Extension Unsanitised HTML leading to XSS on GitHub.com.

URL: https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol
Description: The world's most secure communications protocol. 🐵


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://offsecbyautomation.com/Open-Redirection-Bobrov/
Description: Open Redirect bug tested on different bug bounties to earn $4274.

URL: https://github.com/minimaxir/big-list-of-naughty-strings
Description: The Big List of Naughty Strings (QA/Fuzz Helper).

URL: https://github.com/zmap/zgrab
Description: Application layer scanner that operates with ZMap.

URL: https://github.com/0rbz/Intel_Inside
Description: Persistent SYSTEM Shell via Intel PROSet Wireless.

URL: https://github.com/kudelskisecurity/scannerl
Description: The modular distributed fingerprinting engine.

URL: https://github.com/secrary/InfectPE
Description: InfectPE - Inject custom code into PE file.

URL: https://github.com/trailofbits/manticore
Description: Dynamic binary analysis tool.

URL: https://github.com/qazbnm456/awesome-cve-poc
Description: A curated list of CVE PoCs.

URL: https://github.com/superkojiman/pwnbox
Description: Docker container for Reverse Eng. and Exploitation.

URL: https://github.com/fdiskyou/kcshell
Description: Interactive assembly/disassembly shell for various architectures.

URL: https://github.com/redpois0n/cry
Description: Cross platform PoC ransomware written in Go.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://jaq.alibaba.com/community/art/show?articleid=781
PoC: https://github.com/zhengmin1989/macOS-10.12.2-Exp-via-mach_voucher
Description: Local Privilege Escalation for macOS 10.12.2 and XNU port Feng Shui.

URL: https://blogs.securiteam.com/index.php/archives/2928
Description: Cisco Mobile Services Engine (MSE) Preauthentication RCE.

URL: https://www.ambionics.io/blog/drupal-services-module-rce
Description: Drupal 7.x Services module unserialize() to RCE.

URL: https://goo.gl/E2rgJ6 (+)
Description: That time I had to crack my own Reddit password.

URL: https://blog.cugu.eu/post/apfs/
Description: APFS filesystem format (Reverse).

URL: https://goo.gl/QG0FPF (+)
Description: UXSS in McAfee Endpoint Security and some extra goodies...

URL: https://www.scip.ch/en/?labs.20170105
Description: Razor Code – Don't Cut Yourself (.NET Classic File Upload Vuln).

URL: http://blog.opensecurityresearch.com/2013/01/windows-dll-injection-basics.html
More: https://ijustwannared.team/2018/02/13/reflective-dlls-and-you/
Description: Windows DLL Injection Basics (Oldies).

URL: https://textslashplain.com/2017/01/14/the-line-of-death/
Description: The Line of Death (Phishing...).

URL: https://goo.gl/NMtcp2 (+)
PoC: https://github.com/kgretzky/evilginx
Description: Evilginx - Advanced Phishing with Two-factor Authentication Bypass.

URL: https://goo.gl/AbEKml (+)
Description: Arbitrary Kernel Memory Reads on Illumos (OpenSolaris fork).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://www.youtube.com/watch?v=uNjxe8ShM-8
Description: On The Turing Completeness of PowerPoint.

URL: http://xproger.info/projects/OpenLara/
Description: Classic Tomb Raider open-source engine.

URL: https://www.ssh.com/ssh/port
Description: The story of getting SSH port 22.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 18 | Month: May | Year: 2017 | Release Date: 05/05/2017 | Edition: #168   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://www.paulosyibelo.com/2017/05/twitter-xss-csp-bypass.html
Description: Twitter XSS + CSP Bypass.

URL: https://hackerone.com/reports/212696
Description: RCE by command line argument injection (Imgur Bug Bounty).

URL: https://goo.gl/HZn7Yb (+)
Description: WordPress Core 4.6 - Unauthenticated Remote Code Execution (RCE).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/tyranid/ExploitDotNetDCOM
PoC: https://bugs.chromium.org/p/project-zero/issues/detail?id=1075
Description: A tool to exploit .NET DCOM for EoP and RCE.

URL: https://github.com/berzerk0/Probable-Wordlists
Description: Wordlists sorted by probability (Testing Helper).

URL: https://github.com/Nitr4x/whichCDN
Description: WhichCDN allows to detect if a given website is protected by a CDN. 

URL: https://github.com/EtixLabs/cameradar
Description: Cameradar hacks its way into RTSP CCTV cameras.

URL: https://github.com/alainesp/HashSuiteDroid
Description: Hash Suite Droid.

URL: https://github.com/m4ll0k/WPSeku
Description: Simple Wordpress Security Scanner.

URL: https://github.com/skahwah/automato
Description: Automate some of the user-focused enumeration tasks during an pentest.

URL: https://goo.gl/le4nvm (+)
Description: Microsoft Remote Desktop Client for Mac Remote Code Execution.

URL: https://github.com/dxflatline/flatpipes
Description: A TCP proxy over named pipes, keep your meterpreter session over 445.

URL: https://github.com/lateralblast/lunar
Description: A UNIX security auditing tool based on several security frameworks.

URL: https://github.com/tyranid/DotNetToJScript
Description: Create a JScript file which loads a .NET v2 assembly from memory.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://improsec.com/blog//bypassing-control-flow-guard-in-windows-10
PoC: https://github.com/MortenSchenk/RtlCaptureContext-CFG-Bypass
Description: Bypassing Control Flow Guard in Windows 10.

URL: https://stringbleed.github.io
Description: Stringbleed CVE 2017-5135 SNMP authentication bypass.

URL: https://goo.gl/F1xBst (+)
Description: Apache and Java Information Disclosures Lead to Shells.

URL: https://www.evilsocket.net/2017/04/27/Android-Applications-Reversing-101/
Description: Android Applications Reversing 101.

URL: https://blog.joshlemon.com.au/protecting-your-pdf-files-and-metadata/
Description: Removing Your PDF Metadata & Protecting PDF Files.

URL: http://www.abatchy.com/2017/05/tcp-bind-shell-in-assembly-null.html
Description: TCP Bind Shell in Assembly (null-free/Linux x86).

URL: https://goo.gl/V6EsOr (+)
Description: QuickZip 4.60 - Win7x64 SEH Overflow (Egghunter) w/ Custom Encoder.

URL: https://www.vgrsec.com/post20170219.html
More: https://goo.gl/KTPvGT (+)
Description: Unicode Domains are bad and you should feel bad for supporting them.

URL: http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html
Description: Windows Commands Abused by Attackers.

URL: https://poshsecurity.com/blog/deconstructing-secure-http-without-https
Description: Deconstructing Secure HTTP without HTTPS (Review).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/sidtechnical/hakuna-metadata-1
Description: Browsing history visualization.

URL: https://github.com/kamranahmedse/developer-roadmap
Description: Roadmap to becoming a web developer in 2017.

URL: https://theshell.xyz/
Description: Ghost in the Shell (remake).


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 19 | Month: May | Year: 2017 | Release Date: 12/05/2017 | Edition: #169   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5
Description: Remotely Exploitable Type Confusion in Windows 8,10, Server and more.

URL: https://hackerone.com/reports/88719
Description: Multiple DOMXSS on Amplify Web Player (Twitter Bug Bounty - Oldies).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/dfirfpi/decwindbx
Description: A sort of a toolkit to decrypt Dropbox Windows DBX files.

URL: https://github.com/corna/me_cleaner
Description: Tool for partial deblobbing of Intel ME/TXE firmware images.

URL: https://github.com/DamonMohammadbagher/NativePayload_DNS
Blog: https://goo.gl/Xdz99b (+)
Description: C# code for Backdoor Payloads transfer by DNS and Bypassing AVs.

URL: https://github.com/doyensec/ajpfuzzer
Description: A command-line fuzzer for the Apache JServ Protocol (ajp13).

URL: https://github.com/masatokinugawa/filterbypass/wiki
Description: Browser's XSS Filter Bypass Cheat Sheet.

URL: https://github.com/hasherezade/chimera_loader
Description: A PE injector type - alternative to RunPE and ReflectiveLoader.

URL: https://github.com/uber/focuson
Description: A tool to surface security issues in python code.

URL: https://github.com/cs01/gdbgui/
Description: A browser-based frontend/gui for GDB.

URL: https://github.com/Kevin-Robertson/Tater
Description: Tater is a PowerShell implementation of the Hot Potato Windows EoP.

URL: https://github.com/r00t-3xp10it/backdoorppt
Description: Transform your payload.exe into one fake Word Doc.

URL: https://github.com/embedi/amt_auth_bypass_poc
Description: Intel AMT authentication bypass example (CVE-2017-5689).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://quanyang.github.io/part-1-continuous-pwning/
PoC: http://taint.spro.ink/
Description: Continuous Pwning of the Top 1000 WordPress Plugins.

URL: https://goo.gl/h2dWbh (+)
Description: From 404 and default pages to RCE via .cshtml webshell

URL: https://phoenhex.re/2017-05-04/pwn2own17-cachedcall-uaf
Description: Pwn2Own 2017 - UAF in JSC::CachedCall (WebKit).

URL: https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/
Description: Git Shell Bypass By Abusing Less (CVE-2017-8386).

URL: https://goo.gl/728eER (+)
Description: RPCBomb - Remote rpcbind denial-of-service + patches.

URL: https://goo.gl/4J95NW (+)
Description: A long old way to Domain Admin: Propagating Infections.

URL: https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/
Description: Breaking the Security Model of Subgraph OS.

URL: https://bugs.chromium.org/p/project-zero/issues/detail?id=1096
Description: Cisco - Magic WebEx URL Allows Arbitrary Remote Command Execution.

URL: https://blogs.securiteam.com/index.php/archives/3171
Description: CloudBees Jenkins Unauthenticated Code Execution.

URL: http://snf.github.io/2017/05/04/exploit-protection-i-page-heap/
Description: How to Protect an Exploit: Detecting PageHeap.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/pirate/pocket-archive-stream
Description: Save an archived copy of all websites starred using Pocket.

URL: https://github.com/hobby-kube/guide
Description: Kubernetes clusters for the hobbyist.

URL: https://goo.gl/3npUqt (+)
Description: CAN bus reverse-engineering with Arduino and iOS.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 20 | Month: May | Year: 2017 | Release Date: 19/05/2017 | Edition: #170   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://slashcrypto.org/2017/05/17/5k_Error_Page/
Description: Google Bug Bounty - The 5k Error Page.

URL: https://goo.gl/ium1x1 (+)
Description: One Cloud-based Local File Inclusion = Many Companies affected.

URL: https://goo.gl/QNgi0K (+)
Description: Chaining 3 Minor Issues To Takeover Flickr Accounts (Yahoo Bug Bounty).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://goo.gl/9TL0an (+)
Description: Internet Explorer XSS Filter Bypass for POST with PDF.

URL: https://github.com/freener/exploits/tree/master/CVE-2016-5342
Description: EoP vulnerability in Qualcomm Wi-Fi (CVE-2016-5342).

URL: https://github.com/artkond/Invoke-Vnc
Description: Powershell VNC injector.

URL: https://goo.gl/XQohRS (+)
Description: Powershell Script that will use ADS to achieve persistence.

URL: https://github.com/504ensicsLabs/LiME
Description: LiME ~ Linux Memory Extractor.

URL: https://github.com/hteso/iaito
Description: A Qt and C++ GUI for radare2 reverse engineering framework.

URL: https://klue.github.io/blog/2017/04/macos_kernel_debugging_vbox/
Description: Debugging macOS Kernel using VirtualBox.

URL: https://github.com/XiphosResearch/exploits/tree/master/screen2root
Description: Get root with the help of Screen version 4.05.00.

URL: https://github.com/aainz/TinyNuke
Description: Source code of TinyNuke which is a zeus-style trojan.

URL: https://github.com/eliasgranderubio/dagda
Description: Static analysis of known vulnerabilities in docker images/containers.

URL: https://github.com/openstack/bandit
Description: Python AST-based static analyzer from OpenStack Security Group.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://checkmarx.gitbooks.io/go-scp/
Description: Go Language - Web Application Secure Coding Practices.

URL: https://irssi.org/2017/05/12/fuzzing-irssi/
Description: Fuzzing Irssi using AFL.

URL: https://shhnjk.blogspot.pt/2017/05/is-your-epub-reader-secure-enough.html
Description: Is your ePub reader secure enough?

URL: https://unmitigatedrisk.com/?p=586
Description: How to keep a secret in Windows.

URL: https://goo.gl/AuoG68 (+)
More: https://goo.gl/XpJGvM (+)
Description: Meraki RCE - When Red Team and Vulnerability Research fell in love.

URL: https://modexp.wordpress.com/2017/01/24/shellcode-x84/
Description: Multimode PIC for x86 (Reverse and Bind Shells for Windows).

URL: https://blog.bi.tk/2017/01/20/findbug/
Description: FindBUG XSS Challenge.

URL: https://goo.gl/7eGSu8 (+)
Description: Penetration Testing Amazon Web Services (AWS).

URL: https://xerub.github.io/ios/kpp/2017/04/13/tick-tock.html
Description: iOS Kernel Integrity Protection bypass.

URL: http://www.unixwiz.net/techtips/sql-injection.html
Description: SQL Injection Attacks by Example.

URL: https://goo.gl/KKSSqD (+)
Description: WordPress Core <= 4.7.4 Potential Unauthorized Password Reset.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://goo.gl/DGJIZJ (+)
Description: OH LORDY! Comey Wanna Cry Edition.

URL: https://devnull-as-a-service.com/features/
Description: /dev/null as a Service.

URL: https://github.com/schollz/howmanypeoplearearound
Description: Count the number of people around you by monitoring wifi signals.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 21 | Month: May | Year: 2017 | Release Date: 26/05/2017 | Edition: #171   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://kedrisec.com/twitter-publish-by-any-user/
Description: Publish tweets by any other user.

URL: https://www.ambionics.io/blog/oracle-peoplesoft-xxe-to-rce
Description: Oracle PeopleSoft Remote Code Execution - Blind XXE to SYSTEM Shell.

URL: https://randywestergren.com/xss-sms-hacking-text-messages-verizon-messages/
Description: XSS over SMS - Hacking Text Messages in Verizon Messages.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/nelenkov/gdrive-appdata
Description: Fetch Android appdata/ from Google Drive.

URL: https://github.com/jtesta/ssh-mitm
Description: SSH man-in-the-middle tool.

URL: https://github.com/ANSSI-FR/bootcode_parser
Description: Script to analyse the boot records used by BIOS based systems (!UEFI).

URL: https://github.com/bwall/HashPump
Description: Tool to exploit the hash len extension attack in hashing algorithms.

URL: https://github.com/SpiderLabs/Airachnid-Burp-Extension
Blog: https://goo.gl/fmzkPk (+)
Description: A Burp Extension to test Web Cache Deception attacks.

URL: https://github.com/hlldz/Invoke-Phant0m
Description: Windows Event Log Killer.

URL: https://github.com/python-security/pyt
Description: Static analysis of python web apps based on theoretical foundations.

URL: https://github.com/mbechler/marshalsec/
Description: Java Unmarshaller Security - Turning your data into code execution.

URL: https://github.com/ShellcodeSmuggler/IAT_POC
Description: IAT based payload helper for bypass post DEP/ASLR protections in EMET.

URL: https://github.com/stealth/plasmapulsar
Description: Generic root exploit against kde (CVE-2017-8422, CVE-2017-8849).

URL: http://www.debasish.in/2017/05/openxmolar-ms-openxml-format-fuzzing_20.html
Description: OpenXMolar - A MS OpenXML Format Fuzzing Framework.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://www.exfiltrated.com/research-BIOS_Based_Rootkits.php
Description: BIOS Based Rootkits.

URL: http://blog.timac.org/?p=1570
Description: Deobfuscating libMobileGestalt (iOS) keys.

URL: https://cobbr.io/ScriptBlock-Logging-Bypass.html
Description: PowerShell ScriptBlock Logging Bypass.

URL: http://cloak-and-dagger.org/
Description: Cloak & Dagger is a new class of attacks affecting Android devices.

URL: https://wald0.com/?p=112
Description: BloodHound 1.3 – The ACL Attack Path Update.

URL: https://goo.gl/Xzy1ql (+)
Description: From Serialized to Shell - Exploiting Google Web Toolkit w/ EL Injection.

URL: https://www.elttam.com.au/blog/playing-with-canaries/
Description: Playing with canaries (Looking at SSP over several architectures).

URL: https://goo.gl/4oruRY (+)
Description: Trend Micro ServerProtect Multiple Vulnerabilities (CVE-2017-9032/37).

URL: https://tyranidslair.blogspot.pt/2017/05/exploiting-environment-variables-in.html
Description: Exploiting Environment Variables in Scheduled Tasks for UAC Bypass.

URL: https://animal0day.blogspot.co.uk/2017/05/fuzzing-apache-httpd-server-with.html
Description: Fuzzing Apache httpd server with American Fuzzy Lop + persistent mode.

URL: https://medium.com/@d0znpp/how-to-bypass-libinjection-in-many-waf-ngwaf-1e2513453c0f
Description: How to bypass libinjection in many WAF/NGWAF.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://gist.github.com/winocm/e3eb9c9b061c7414441c45a4938a0c57
Description: Unicode_was_a_bad_idea.cc.

URL: https://github.com/FireyFly/pixd
Description: Colourful visualization tool for binary files.

URL: https://github.com/m3liot/ryanair-seats
Description: Tool to predict which seat you will have for free at Ryanair.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 22 | Month: June | Year: 2017 | Release Date: 02/06/2017 | Edition: #172  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://research.rootme.in/h1-xssi/
Description: HackerOne XSSI - Stealing multi line strings.

URL: https://ysx.me.uk/road-to-unauthenticated-recovery-downloading-github-saml-codes/
More: http://blog.intothesymmetry.com/2017/05/cross-origin-brute-forcing-of-saml-and.html
Description: Road to (unauthenticated) recovery - downloading GitHub SSO bypass codes.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/0x4D31/honeybits
Description: Create and place breadcrumbs, honeytokens/traps or honeybits.

URL: https://github.com/v-p-b/ivmi
Demo: https://asciinema.org/a/3j9el72b51ap041wezz06xsmp
Description: Interactive Virtual Machine Introspection.

URL: https://goo.gl/rkzXun (+)
Description: How to TCPdump effectively in Docker.

URL: https://github.com/ddurvaux/WebShoot
Description: Framework for analysis of suspicious website.

URL: https://github.com/lgandx/PoC/tree/master/SMBv3%20Tree%20Connect
Description: SMBv3 DoS - Windows 2012/2016 affected.

URL: https://github.com/olacabs/jackhammer
Description: Jackhammer - One Security vulnerability assessment/management tool.

URL: https://github.com/XiphosResearch/exploits/tree/master/Joomblah
Description: Exploit for Joomla 3.7.0 (CVE-2017-8917).

URL: https://github.com/anshumanbh/brutesubs
Description: Framework for running multiple open sourced subdomain bruteforcing tools.

URL: https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.py
Description: CUPS Reference Count Over Decrement Remote Code Execution (CVE-2015-1158).

URL: https://github.com/4w4k3/Insanity-Framework
Description: Generate Payloads and Control Remote Machines.

URL: http://www.thegreycorner.com/2017/01/exploiting-difficult-sql-injection.html
Description: Exploiting difficult SQL injection vulnerabilities using sqlmap.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://hackerone.com/reports/217745
Description: XSS in $shop$.myshopify.com/admin/ via "Button Objects" in malicious app.

URL: https://github.com/DhavalKapil/heap-exploitation
Description: Heap Exploitation Book.

URL: https://goo.gl/OBoFZ1 (+)
Description: Pivoting from blind SSRF to RCE with HashiCorp Consul.

URL: https://scarybeastsecurity.blogspot.pt/2017/05/bleed-more-powerful-dumping-yahoo.html
Description: Dumping Yahoo! authentication secrets with an out-of-bounds read.

URL: https://goo.gl/vHiyry (+)
Description: How to find 56 potential vulnerabilities in FreeBSD code in one evening.

URL: http://wphutte.com/avada-5-1-4-stored-xss-and-csrf/
Description: WordPress Avada 5.1.4 stored XSS and CSRF.

URL: https://winscripting.blog/2017/05/12/first-entry-welcome-and-uac-bypass/
Description: Welcome and fileless UAC bypass.

URL: https://goo.gl/p0molg (+)
Description: Bypassing Control Flow Guard with Structured Exception Handler.

URL: https://sizzop.github.io/2016/07/05/kernel-hacking-with-hevd-part-1.html
Description: Kernel Hacking With HEVD (Part 1 - 5).

URL: https://lowleveldesign.org/2017/03/07/how-to-securely-sign-dotnet-assemblies/
Description: How to securely sign .NET assemblies?

URL: https://ysx.me.uk/a-pair-of-plotly-bugs-stored-xss-and-aws-metadata-ssrf/
Description: A pair of Plotly bugs - Stored XSS and AWS Metadata SSRF.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://blog.martinfenner.org/2014/08/25/using-microsoft-word-with-git/
Description: Using Microsoft Word with git.

URL: http://kubernetesbyexample.com/
Description: Kubernetes By Example.

URL: https://www.shodan.io/host/203.254.47.164
Description: "Office of the president".


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 23 | Month: June | Year: 2017 | Release Date: 09/06/2017 | Edition: #173  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://vvyper.com/2017/05/22/instagram-stories-ssl/
Description: Instagram doesn't encrypt stories.

URL: https://hackerone.com/reports/231053
Description: XSS on any Shopify shop via abuse of postMessage listener.

URL: https://medium.com/@th3g3nt3l/how-i-got-5500-from-yahoo-for-rce-92fffb7145e6
Description: How I got 5500$ from Yahoo for RCE.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://www.rpcview.org/index.html
Source Code: https://github.com/silverf0x/RpcView
Description: Tool to explore and decompile all Microsoft RPC functionalities.

URL: https://github.com/joxeankoret/CVE-2017-7494
More: https://goo.gl/7nSHH2 (+) | https://goo.gl/r4CtHh (+)
Description: PoC exploit for CVE-2017-7494 (Samba RCE from a writable share).

URL: https://github.com/vesche/basicRAT
Description: Python RAT (Remote Access Trojan).

URL: https://github.com/vulnersCom/getsploit
Description: Command line utility for searching and downloading exploits.

URL: https://github.com/CalebFenton/apkfile
Description: Android app analysis and feature extraction library.

URL: https://github.com/AlsidOfficial/WSUSpendu
Description: Implement WSUSpendu attack.

URL: https://github.com/asciimoo/wuzz/
Description: Interactive cli tool for HTTP inspection.

URL: https://github.com/digininja/sitediff
Description: Fingerprint a web app using local files as sources.

URL: https://github.com/Screetsec/BruteSploit
Description: Bruteforce & Wordlist Sploit Framework.

URL: https://github.com/netzob/netzob
Description: Netzob - protocol learning, modeling and fuzzing.

URL: https://github.com/GoFetchAD/GoFetch
Description: Tool to exercise an attack plan generated by the BloodHound app.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://phoenhex.re/2017-06-02/arrayspread
PoC: https://github.com/phoenhex/files/tree/master/exploits/spread-overflow
Description: Exploiting an integer overflow with array spreading (WebKit).

URL: https://bling.kapsi.fi/blog/no-proc-process-recon.html
Description: Process reconnaissance without /proc.

URL: https://goo.gl/5EeZC0 (+)
Description: Lure10 - Exploiting Windows Automatic Association Algorithm.

URL: https://goo.gl/1HRwSB (+)
Description: The Chakra Exploit (CVE-2016-7200/CVE-2016-7201).

URL: https://msitpros.com/?p=3877
Description: Ping is okay? – Right? (Remote shell through ICMP).

URL: http://c0rni3sm.blogspot.pt/2017/06/from-js-to-another-js-files-lead-to.html
Description: From JS to another JS files lead to authentication bypass.

URL: https://raz0r.name/vulnerabilities/arbitrary-file-reading-in-next-js-2-4-1/
Description: Arbitrary File Reading in Next.js < 2.4.1.

URL: https://chao-tic.github.io/blog/2017/05/24/dirty-cow
Description: Dirty COW and why lying is bad even if you are the Linux kernel.

URL: https://sploitfun.wordpress.com/2015/02/10/understanding-glibc-malloc/
Description: Understanding glibc malloc.

URL: https://goo.gl/gJ1LiQ (+)
Description: Privilege Escalation in VirtualBox (CVE-2017-3316).

URL: https://oded.ninja/2017/05/14/amt-n-ken-hack/
Description: Conspiracy Theory - Intel's AMT Vulnerability & The Ken Thomson Hack.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/japaric/nvptx
Description: How to run Rust code on your NVIDIA GPU.

URL: https://github.com/shipcod3/mazda_getInfo
Description: Mazda car's infotainment system hack.

URL: https://sonniesedge.co.uk/blog/a-day-without-javascript
Description: A day without Javascript.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 24 | Month: June | Year: 2017 | Release Date: 16/06/2017 | Edition: #174  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://pentestit.com/wordsteal-steal-ntlm-hashes-remotely/
Description: WordSteal - Steal NTLM Hashes from a Remote Computer!

URL: https://www.hackerone.com/blog-How-To-Server-Side-Request-Forgery-SSRF
Description: How To - Server-Side Request Forgery (SSRF).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/knapsy/scripts/blob/master/PingExfil2.ps1
Description: Exfiltrate data over ICMP (Windows).

URL: https://goo.gl/Zy8Nhe (+)
Description: Custom Infected MS Word generator for Metasploit.

URL: https://github.com/m4b/bingrep
Description: Greps through binaries from various OSs and architectures.

URL: https://github.com/ufrisk/pcileech
Blog: http://blog.frizk.net/2017/08/attacking-uefi.html
Description: Direct Memory Access (DMA) Attack Software.

URL: https://firefart.at/post/turning_piwik_superuser_creds_into_rce/
Description: Turning Piwik Superuser Credentials into Remote Code Execution.

URL: https://github.com/thomasdullien/functionsimsearch
Description: Perform code similarity searches using MinHashing of small subgraphs.

URL: https://github.com/ajinabraham/NodeJsScan/
Description: NodeJsScan is a static security code scanner for Node.js applications.

URL: https://github.com/airbus-seclab/crashos
Description: Vuln research in hypervisors by creating unusual system configurations.

URL: https://github.com/ALSchwalm/dwarfexport
Description: Export dwarf debug information from IDA Pro.

URL: https://goo.gl/Tv6uRg (+)
Description: A Simple Tool for Linux Kernel Audits.

URL: https://0x00sec.org/t/c-a-simple-runtime-crypter/519
Description: C# - A Simple Runtime Crypter.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://0patch.blogspot.pt/2017/01/micropatching-remote-code-execution-in.html
Bug I: https://goo.gl/FQVajY (+) | Bug II: https://goo.gl/KirfPE (+)
Description: Micropatching RCE in WebEx Browser Extension (CVE-2017-3823).

URL: http://blog.blindspotsecurity.com/2016/09/nodejs-breaking-jade-pug-dlopen.html
Description: Node.js - Breaking Out of Jade/Pug with process.dlopen().

URL: https://goo.gl/AL1b7q (+)
Description: Analysis of a Ford Sync Gen 1 Module.

URL: https://www.securitysift.com/understanding-wordpress-auth-cookies
Description: Understanding WordPress Auth Cookies.

URL: https://medium.com/@br4nsh/from-linux-to-ad-10efb529fae9
Description: From Linux to AD - ...or how to read the SAMBA machine account.

URL: https://goo.gl/ea1gwR (+)
Description: How to Write Malleable C2 Profiles for Cobalt Strike.

URL: https://borgandrew.blogspot.pt/2017/01/h1-margin-bottom-0.html
Description: Format String Exploitation.

URL: https://goo.gl/t23oea (+)
Description: DLL Tricks with VBA to Improve Offensive Macro Capability.

URL: http://el.che.moe/Writeup_VoiceAttack.html
Description: A writeup about REing VoiceAttack.

URL: https://blog.kchung.co/rfid-hacking-with-the-proxmark-3/
Description: RFID Hacking with The Proxmark 3.

URL: https://habrahabr.ru/company/aladdinrd/blog/329166/
Description: A bug in NTFS, or hang the entire system.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://switchbrew.org
Description: Wiki dedicated to homebrew on the Nintendo Switch.

URL: http://www.lofibucket.com/articles/64k_intro.html
Description: How a 64k intro is made.

URL: https://angelmmiguel.github.io/svgi/
Description: The SVG inspection tool.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 25 | Month: June | Year: 2017 | Release Date: 23/06/2017 | Edition: #175  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/3dSAS2 (+)
Description: Authentication bypass on Airbnb via OAuth tokens theft.

URL: https://goo.gl/8SMkHF (+)
Description: Persistent XSS for Medium accounts (or Backdooring Domains).

URL: http://offsecbyautomation.com/Subdomain-Delegation-Takeover/
Description: Subdomain Delegation Takeover.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/wavestone-cdt/hadoop-attack-library
Blog: https://goo.gl/Rj3yGe (+)
Description: Pentest tools and resources targeting Hadoop envs (DevOoops). 

URL: https://sourceware.org/systemtap/
Description: SystemTap - CLI + Sripting for instrumentation of a running kernel.

URL: https://github.com/fremag/MemoScope.Net
Description: Dump and analyze .Net applications memory (GUI for WinDbg and ClrMd).

URL: https://github.com/worawit/MS17-010
Analysis: https://goo.gl/SMpAHj (+) | https://goo.gl/3KSY28 (+)
Description: MS17-010 and Related PoCs Dump.

URL: https://github.com/kdaoudieh/Bella
Description: Post-exploitation, data mining and remote administration tool for macOS.

URL: https://github.com/nathanlopez/Stitch
Description: A Cross Platform Python Remote Administration Tool (RAT).

URL: https://github.com/SkrewEverything/Swift-Keylogger
Description: Keylogger for MacOS written in Swift.

URL: https://github.com/stampery/mongoaudit
Description: A powerful MongoDB auditing and pentesting tool.

URL: https://github.com/SandboxEscaper/Def
Description: Gain arbitrary deletion rights as system via Windows Defender.

URL: https://github.com/FlUxIuS/p0f3plus
Description: A native and unofficial implementation of p0f3 in Python.

URL: https://github.com/ewilded/psychoPATH
Description: A blind webroot file upload & LFI detection tool.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/2gCFrE (+)
PoC: https://github.com/guidovranken/CVE-2017-3730
Description: OpenSSL 1.1.0 remote client DoS, affects servers as well (CVE-2017-3730).

URL: https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
Description: The OpenVPN post-audit bug bonanza.

URL: https://phoenhex.re/2017-06-21/firefox-structuredclone-refleak
Description: Share with care - Exploiting a Firefox UAF with shared array buffers.

URL: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Description: The Stack Clash (Advisory).

URL: https://goo.gl/ENZQiQ (+)
PoC: https://github.com/pentestpartners/siime_root
Description: Vulnerable Wi-Fi dildo camera endoscope 😂.

URL: https://bo0om.ru/just-enter-the-space-attacks-en
Description: Just-enter-the-space attacks (%20 FTW!).

URL: https://goo.gl/w38a3h (+)
Description: AWS Vulnerabilities and the attacker's perspective.

URL: https://goo.gl/KnVyxr (+)
Description: Reversing the Balong M3/MCU Console – Lightning the Path to Ring 0.

URL: https://github.com/wtsxDev/Fuzzing-resources
Description: List of fuzzing resources for learning Fuzzing and Exploit Dev.

URL: https://github.com/OWASP/owasp-mstg
Description: OWASP Mobile Security Testing Guide.

URL: https://oleb.net/blog/2017/01/fun-with-string-interpolation/
Description: Fun with String Interpolation.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://mostsecure.pw/
Description: The worlds most secure password!

URL: https://github.com/mandatoryprogrammer/RussiaDNSLeak
Description: Summary and archives of leaked Russian TLD DNS data.

URL: https://github.com/phpinternalsbook/PHP-Internals-Book
Description: PHP-Internals-Book.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 26 | Month: June | Year: 2017 | Release Date: 30/06/2017 | Edition: #176  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://ngailong.com/uber-login-csrf-open-redirect-account-takeover/
Description: Uber - Login CSRF + Open Redirect = Account Takeover.

URL: https://github.com/ChALkeR/notes/blob/master/Gathering-weak-npm-credentials.md
Description: Gathering weak npm credentials.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/eurialo/vsaudit
Description: VOIP Security Audit Framework.

URL: https://github.com/leostat/rtfm
Description: A DB of common, interesting or useful commands.

URL: https://github.com/sourceincite/tools/blob/master/pymsrpc/
Description: RPC marshalling and transport helper.

URL: https://goo.gl/WyXvVf (+)
Description: Monitoring HTTPS traffic of a single app on OSX.

URL: https://github.com/vysec/RedTips
Description: Red Team Tips as posted by @vysecurity on Twitter.

URL: https://github.com/0x09AL/WordSteal
Description: Steal NTML hashes from a computer via Word Document.

URL: https://github.com/nccgroup/LazyDroid
Description: Android application assessment helper (Bash).

URL: https://github.com/lief-project/LIEF
Description: LIEF - Library to Instrument Executable Formats.

URL: http://ostinato.org/
Description: Network Traffic Generator and Analyzer.

URL: https://github.com/D35m0nd142/LFISuite
Description: Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner.

URL: https://securityonline.info/bypass-waf-php-webshell-without-numbers-letters/
Description: PHP webshell without numbers and letters (Bypass WAF).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/ygKLLx (+)
More: https://goo.gl/dDqfEA (+)
Description: Reverse Engineering Samsung S6 SBOOT.

URL: https://blog.cylance.com/running-executables-on-macos-from-memory
Description: Running executables on MacOS from Memory.

URL: https://github.com/straightblast/UnRadAsyncUpload/wiki
Description: The danger of using Telerik's RadAsyncUpload by default (ASP.NET).

URL: https://www.bishopfox.com/blog/2017/06/how-i-built-an-xss-worm-on-atmail/
Description: How I Built An XSS Worm On Atmail.

URL: https://goo.gl/PU7zc2 (+)
Description: Yahoo Small Business (Luminate) and the Not-So-Secret Keys.

URL: https://yurichev.com/blog/symbolic/
Description: Symbolic execution (by example).

URL: https://www.contextis.com/resources/blog/hacking-unicorns-web-bluetooth/
Description: Hacking Unicorns with Web Bluetooth.

URL: https://goo.gl/ezUM9n (+)
Description: Loading and Debugging Windows Kernel Shellcodes with Windbg.

URL: https://jamescoote.co.uk/phishlulz-tutorial/
Description: Setup and run a Phishlulz campaign for free using Amazon AWS.

URL: https://jankopecky.net/index.php/2017/04/18/0day-textplain-considered-harmful/
Description: Text/Plain Considered Harmful.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://inspirobot.me/
Description: I'm InspiroBot.

URL: https://github.com/maierfelix/poxi
Description: A modern hackable pixel art editor.

URL: https://arogozhnikov.github.io/3d_nn/
Description: Visualizing level surfaces of a neural network with raymarching.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 27 | Month: July | Year: 2017 | Release Date: 07/07/2017 | Edition: #177  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/h7QdzQ (+)
Description: Escalating XSS in PhantomJS Image Rendering to SSRF/Local-File Read.

URL: https://medium.com/@FreedomCoder/following-the-white-rabbit-5e392e3f6fb9
Description: Following the white Rabbit - Down the SAML Code.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/neex/ffmpeg-avi-m3u-xbin
Bug: https://goo.gl/5sxNTW (+) | https://goo.gl/vFgmbE (+)
Description: AVI+M3U+XBIN ffmpeg exploit generator.

URL: https://github.com/mikeryan/crackle
Description: Crack and decrypt BLE encryption.

URL: https://github.com/iovisor/bcc
Description: Tools for BPF-based Linux IO analysis, networking and monitoring.

URL: https://github.com/pimps/wsuxploit
Description: Weaponize the use of WSUSpect Proxy.

URL: https://mrpapercut.com/sites/wscript/
Description: WScript Emulator.

URL: https://github.com/Cisco-Talos/MBRFilter
Description: Cisco Talos MBR Filter Driver (Readonly Sector 0 on disks).

URL: https://github.com/psych0tr1a/elScripto
Description: XSS explot kit/Blind XSS framework/BurpSuite extension.

URL: https://github.com/DenizParlak/Zeus
Description: AWS Auditing and Hardening Tool.

URL: https://www.mzrst.com/
Description: PPEE (puppy) is a Professional PE file Explorer.

URL: https://github.com/nccgroup/mnemosyne
Description: A Generic Windows Memory Scraping Tool.

URL: https://github.com/sam-b/windows_syscalls_dumper
Description: IDAPython script to dump windows sys call number/name as JSON.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://hacking-printers.net
PoC: https://github.com/RUB-NDS/PRET
Description: Hacking Printers Wiki - Printers (in)security Dump.

URL: https://goo.gl/VD8BxF (+)
Description: Avast Antivirus - Remote Stack Buffer Overflow with Magic Numbers.

URL: http://vegardno.blogspot.pt/2017/03/fuzzing-openssh-daemon-using-afl.html
Description: Fuzzing the OpenSSH daemon using AFL.

URL: https://lowleveldesign.org/2017/07/04/decrypting-tfs-secret-variables/
Description: Decrypting TFS secret variables.

URL: https://github.com/travisgoodspeed/md380tools/wiki/IDAPro
Description: Reversing MD380 Firmware with IDA Pro.

URL: https://www.itsec.nl/en/2017/06/26/drive-by-remote-code-execution-by-mamp/
Description: Drive-by remote code execution by MAMP.

URL: https://goo.gl/Jsze4P (+)
More: https://goo.gl/b1ZFP7 (+)
Description: Windows Keylogger (Attack on User-Land).

URL: https://goo.gl/41PZHT (+)
Description: Jenkins to meterpreter toying with powersploit.

URL: https://blog.rubidus.com/2017/02/06/preventing-subdomain-takeover/
Description: Preventing Subdomain Takeovers for Shared Hosting Providers.

URL: https://dev.to/fenceposterror/hacking-open-source-software-for-fun-and-non-profit
Description: Hacking Open Source Software for Fun and Non-Profit.

URL: https://zerosum0x0.blogspot.pt/2017/07/puppet-strings-dirty-secret-for-free.html
Description: Puppet Strings - Dirty Secret for Windows Ring 0 Code Execution.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://blog.haschek.at/post/f2fda
Description: How to defend your website with ZIP bombs.

URL: https://github.com/drego85/Why-VLC-NEED-to-enforce-HTTPS
Related: https://github.com/etix/mirrorbits/issues/59
Description: Why-VLC-NEED-to-enforce-HTTPS.

URL: http://www.righto.com/2017/07/bitcoin-mining-on-vintage-xerox-alto.html
Description: Bitcoin mining on a vintage Xerox Alto.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 28 | Month: July | Year: 2017 | Release Date: 14/07/2017 | Edition: #178  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://blog.zsec.uk/blind-xxe-learning/
Description: Hunting in the Dark - Blind XXE.

URL: https://goo.gl/5TNzwu (+)
Description: Making an XSS triggered by CSP bypass on Twitter.

URL: https://goo.gl/Y3odmB (+)
Description: Authentication bypass on Uber’s Single Sign-On via subdomain takeover.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/sensepost/objection
Blog: https://sensepost.com/blog/2017/objection-mobile-runtime-exploration/
Description: objection - Runtime Mobile Exploration.

URL: https://github.com/aploium/shootback
Description: Reverse TCP tunnel for NAT or firewall bypass (ngrok alternative).

URL: https://github.com/itsreallynick/office-crackros
Description: Crack your macros like the math pros.

URL: https://github.com/michenriksen/aquatone
Description: A Tool for Domain Flyovers.

URL: https://gist.github.com/hasherezade/e3b5682fee27500c5dabf5343f447de3
Description: Persistence key not visible for sysinternals autoruns (PoC).

URL: https://github.com/ac-pm/Inspeckage
Description: Android Package Inspector (Xposed Module).

URL: https://gist.github.com/ryhanson/227229866af52e2d963cf941af135a52
Description: Execute DLL via the Excel.Application object's RegisterXLL() method.

URL: https://github.com/secwiki/windows-kernel-exploits
Description: Windows kernel exploits (Dump).

URL: https://github.com/mdsecactivebreach/RDPInception
Blog: https://www.mdsec.co.uk/2017/06/rdpinception/
Description: Remote Desktop Protocol (RDP) Inception Attack.

URL: https://github.com/vitaly-kamluk/bitscout
Description: Remote forensics meta tool.

URL: https://github.com/didi/VirtualAPK
Description: A powerful and lightweight plugin framework for Android.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/BhW3Lt (+)
More: https://goo.gl/TVTVrg (+)
Description: Unitrends Vulnerability Hunting - RCE (CVE-2017-7280).

URL: https://goo.gl/GSGgjX (+)
Description: Coinbase AngularJS DOM XSS via Kiteworks.

URL: https://www.rcesecurity.com/2014/07/slae-shell-reverse-tcp-shellcode-linux-x86/
Description: SLAE - Shell Reverse TCP Shellcode (Linux/x86).

URL: https://myexploit.wordpress.com/hunt-for-the-domain-admin-da/
Description: Hunt for the Domain Admin (DA).

URL: https://krbtgt.pw/oracle-oam-10g-session-hijacking/
Description: Oracle OAM 10g Session Hijacking.

URL: https://goo.gl/is7Tyu (+)
Description: Samsung sBrowser – Android Forensics, A Look Into The Cache Files.

URL: http://boosterok.com/blog/broadpwn/
Oficial: https://blog.exodusintel.com/2017/07/26/broadpwn/
Description: A cursory analysis of @nitayart's Broadpwn bug (CVE-2017-9417).

URL: http://www.nmattia.com/posts/2017-03-05-crack-luks-stutter-gnu-parallel.html
Description: Recover a partial LUKS passphrase with GNU parallel.

URL: https://medium.com/wemake-services/testing-bash-applications-85512e7fe2de
Description: Testing Bash applications.

URL: https://blog.preempt.com/new-ldap-rdp-relay-vulnerabilities-in-ntlm
Description: New LDAP & RDP Relay Vulnerabilities in NTLM (CVE-2017-8563).

URL: http://acez.re/the-weak-bug-exploiting-a-heap-overflow-in-vmware/
Description: The Weak Bug - Exploiting a Heap Overflow in VMware.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://hacker-news.verylegit.link/
Description: Turn any link into a suspicious looking one.

URL: http://aem1k.com/symmetry/
Source: https://github.com/aemkei/symmetry/
Description: Symmetric JavaScript.

URL: https://trueschool.se/html/fonts.html
Description: Faithfully remade multi platform Amiga fonts in Amiga aspect.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 29 | Month: July | Year: 2017 | Release Date: 21/07/2017 | Edition: #179  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/wSKFLS (+)
Description: How to find internal subdomains? YQL, Yahoo! and bug bounty.

URL: https://xakep.ru/2017/07/06/safari-localfile-read/
PoC: https://github.com/Bo0oM/Safiler
Description: How to steal MacOS user data using a single document.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/ikoz/jdwp-lib-injector
Blog: https://koz.io/library-injection-for-debuggable-android-apps/
Description: Library injection for debuggable Android apps.

URL: https://github.com/Song-Li/cross_browser
Paper: http://yinzhicao.org/TrackingFree/crossbrowsertracking_NDSS17.pdf
Description: (Cross-)Browser Fingerprinting via OS and Hardware Level Features.

URL: https://gist.github.com/jobertabma/e9a383a8ad96baa189b65cdc8d74a845
Description: Commands to exfiltrate command output via ICMP packet size.

URL: https://github.com/graniet/gshark-framework
Description: Web post exploitation framework.

URL: https://blog.netspi.com/attacking-javascript-web-service-proxies-burp/
Description: Attacking JavaScript Web Service Proxies with Burp.

URL: https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/
Related: https://medium.com/@honze_net/reverse-shell-and-some-magic-39629ccd0e5c
Description: Upgrading simple shells to fully interactive TTYs.

URL: https://github.com/brannondorsey/sniff-probes
Description: Plug-and-play bash script for sniffing 802.11 probes requests.

URL: https://goo.gl/uLeBCf (+)
Description: Automating the Empire with the Death Star - Easy Domain Admin.

URL: https://github.com/skavanagh/KeyBox
Description: KeyBox is a web-based management SSH console.

URL: https://github.com/wafpassproject/wafpass
Description: Tool for benchmarking security solutions like WAF.

URL: https://goo.gl/ehHr8U (+)
Description: Auditing CSP headers with Burp and ZAP.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/RmmyFJ (+)
Description: From fuzzing Apache httpd server to CVE-2017-7668.

URL: http://blog.deniable.org/blog/2017/07/16/inject-all-the-things/
Description: Inject All the Things (DLL injection).

URL: http://wapiflapi.github.io/2015/04/22/single-null-byte-heap-overflow/
Description: Visualizing a single null-byte heap overflow exploitation.

URL: https://pentestarmoury.com/2017/07/19/s3-buckets-for-good-and-evil/
Description: S3 Buckets for Good and Evil.

URL: https://oneupsecurity.com/research/remote-code-execution-in-source-games
Description: Remote Code Execution in Source Games (CS:GO, TF2, Hl2:DM, ...).

URL: https://www.coresecurity.com/blog/solving-post-exploitation-issue-cve-2017-7308
PoC: https://github.com/xairy/kernel-exploits/blob/master/CVE-2017-7308/poc.c
Description: Solving a post exploitation issue with CVE-2017-7308.

URL: http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
Description: VBScript Injection via GNOME Thumbnailer.

URL: https://goo.gl/Qc7ZPm (+)
Description: Understanding the Internet of vibrating things - Lovense's toys.

URL: http://blog.sec-consult.com/2017/06/ghosts-from-past-authentication-bypass.html
Description: Authentication bypass and OEM backdoors in WiMAX routers.

URL: https://goo.gl/YGBuph (+)
Description: Dive into AWS S3 access controls – taking control over your assets.

URL: https://goo.gl/vfkPjf (+)
Description: MySQL Injection in Update, Insert and Delete.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://dmitry.gr/index.php?r=05.Projects&proj=25.%20VMU%20Hacking
Description: VMU hackery (2017).

URL: https://github.com/leozide/leocad/
Description: A CAD program for creating virtual LEGO models.

URL: https://github.com/P1kachu/talking-with-cars
Description: CAN analysis - Use your car as a gamepad!


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 30 | Month: July | Year: 2017 | Release Date: 28/07/2017 | Edition: #180  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/vDEMKL (+)
Description: Unrestricted File Upload to RCE (PayPal Bug Bounty).

URL: https://gerbenjavado.com/the-race-to-the-top-of-a-bug-bounty-program/
Description: The race to the top of a bug bounty program.

URL: https://goo.gl/jQJK3U (+)
Description: Cracking the Lens - Targeting HTTP's Hidden Attack Surface.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/tijme/not-your-average-web-crawler
Description: Not Your Average Web Crawler.

URL: https://github.com/fireeye/flare-vm
Description: Windows-based security distribution for security research.

URL: https://github.com/Oros42/IMSI-catcher
Description: This program show you IMSI numbers of cellphones around you.

URL: https://github.com/brannondorsey/wifi-cracking
Description: Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat.

URL: https://github.com/bsmali4/xssfork
Description: Xssfork - A xss detection tool.

URL: https://github.com/ScottyBauer/Android_Kernel_CVE_POCs
Description: Android Kernel Proofs of concept Exploits.

URL: https://asciinema.org/a/130730
Description: Unpack OSX malware packed with a modified UPX version.

URL: https://github.com/wallix/awless
Description: Fast, powerful and easy-to-use CLI to manage Amazon Web Services.

URL: https://github.com/marin-m/pbtk
Description: A toolset for reverse engineering and fuzzing Protobuf-based apps.

URL: https://github.com/skyleronken/owa_brute
Description: Horizontal Brute Forcing tool for OWA.

URL: https://github.com/malwareinfosec/EKFiddle
Description: A framework to study Exploit Kits.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://security.gerhardt.link/RCE-in-Factorio/
Description: Remote Code Execution in Factorio. 

URL: https://bling.kapsi.fi/blog/jvm-deserialization-broken-classldr.html
Description: Exploiting JVM deserialization vulns despite a broken class loader.

URL: https://elaineou.com/2017/01/19/how-the-twitter-app-bypasses-paywalls/
Description: How the Twitter App Bypasses Paywalls.

URL: https://goo.gl/s5Eyy4 (+)
Description: GoodSAM – CSRF/Stored XSS Chain Full Disclosure.

URL: https://goo.gl/kLaawx (+)
Description: Phishing Against Protected View.

URL: https://pierrekim.github.io/blog/2017-02-09-tplink-c2-and-c20i-vulnerable.html
Description: TP-Link C2 and C20i vulnerabilities analysis (root RCE, DoS and more).

URL: https://www.gironsec.com/blog/2017/07/keylogger-using-directx/
Description: KeyLogger using DirectX.

URL: http://rh0dev.github.io/blog/2017/the-return-of-the-jit/
Description: The Return of the JIT in Mozilla Firefox (x86) (CVE-2017-5375).

URL: https://bneg.io/2017/07/26/empire-without-powershell-exe/
Description: Empire without PowerShell.exe.

URL: https://goo.gl/aEPUuS (+)
Description: Finding Domain frontable Azure domains.

URL: https://goo.gl/djcEh1 (+)
Description: Code Injection in VMware Horizon’s macOS Client (CVE-2017-4918).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://www.stefanjudis.de/hidden-messages-in-javascript-property-names.html
Description: Hidden messages in JavaScript property names.

URL: https://hackernoon.com/a-collision-too-perfect-279a47fb5d42
Description: A Collision Too-Perfect.

URL: https://doesmysiteneedhttps.com/
Description: YES! Your site needs HTTPS.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 31 | Month: August | Year: 2017 | Release Date: 04/08/2017 | Edition: #181  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://blog.innerht.ml/testing-new-features/
Description: CSRF on Periscope Web OAuth authorization via Reverse iOS App.

URL: http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html
Description: From SSRF Execution Chain to RCE! (GitHub Enterprise).

URL: https://blog.zsec.uk/rce-starwars/
Description: May the Shells be with You - A Star Wars RCE Adventure!


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/vah13/extractTVpasswords
Description: Extract password from TeamViewer memory using Frida.

URL: https://github.com/xtiankisutsa/twiga
Description: Android device information gather and internals dump tool.

URL: https://github.com/mateuszk87/BadIntent
Description: Attack Android's Binder transactions using Burp Suite.

URL: https://github.com/mame82/P4wnP1
Description: P4wnP1 is a highly customizable USB attack platform for RPi0/W.

URL: https://github.com/matteyeux/triple_fetch
Description: Remote lldb debugserver for debugging userspace procs on iOS (CVE-2017-7047).

URL: https://github.com/adi0x90/attifyos
Description: Attify OS - Distro for pentesting IoT devices.

URL: https://github.com/ANSSI-FR/pycrate
Description: Tool for dev of encoders/decoders for various protocols and file formats.

URL: https://vallejo.cc/2017/07/16/anti-antidebugging-windbg-scripts/
Description: Anti-Antidebugging WinDbg Scripts.

URL: https://github.com/hjc4869/UacBypass
Description: Bypass Win10 default UAC config using IFileOperation and dll hijacking.

URL: https://gist.github.com/marcan/6a2d14b0e3eaa5de1795a763fb58641e
Description: SMBLoris attack Proof of Concept (MSF won't fix!).

URL: https://github.com/YalcinYolalan/WSSAT/
Description: Web Service Security Assessment Tool.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://paper.seebug.org/230/
Description: DokuWiki fetch.php SSRF vulnerability.

URL: https://0x00sec.org/t/reverse-engineering-101/1233
Description: Reverse Engineering 101.

URL: https://goo.gl/h5EJDE (+)
Description: Exploiting Script Injection Flaws in ReactJS Apps.

URL: http://rohk.io/free-bits-on-twitch/
Description: Acquire free bits on twitch.tv.

URL: https://goo.gl/mqi664 (+)
Description: Code Exec in SQLServer via Fileless CLR-based Custom Stored Procedures.

URL: http://blog.huntingmalware.com/notes/WMI
Description: Hooking Windows events without knowing anything about C/C++ (WMI PWR).

URL: https://comsecuris.com/blog/posts/path_of_least_resistance/
Description: Cellular Baseband to Application Processor Escalation on Mediatek Devices.

URL: https://scarybeastsecurity.blogspot.pt/2017/03/black-box-discovery-of-memory.html
Description: Black box discovery of memory corruption RCE on box.com.

URL: https://goo.gl/986jDv (+)
Description: A Technical Survey Of Common And Trending Process Injection.

URL: https://cybersyndicates.com/2017/02/os-x-packet-capture--empire/
Description: OS X Packet Capture & Empire.

URL: https://medium.com/0xcc/how-to-turn-photoshop-into-a-remote-access-tool-805485a9480
Description: How to turn Photoshop into a remote access tool.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://z4ziggy.wordpress.com/2017/07/21/zigfrid-a-passive-rfid-fuzzer/
Description: Zigfrid – A Passive RFID Fuzzer.

URL: https://blog.lessonslearned.org/building-a-more-secure-development-chromebook/
Description: Need a cheap "burner" laptop for travelling?

URL: https://github.com/denysdovhan/wtfjs
Description: What the f*ck JavaScript?


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 32 | Month: August | Year: 2017 | Release Date: 11/08/2017 | Edition: #182  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://bo0om.ru/xss-everywhere
Description: The adventures of xss vectors in curious places.

URL: https://sites.google.com/site/testsitehacking/10k-host-header
Description: $10k Host Header Bug - Google Bug Bounty (Report Everything!).

URL: http://staaldraad.github.io/pentest/phishing/2017/08/02/o356-phishing-with-oauth/
Description: Phishing with OAuth and o365/Azure.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/hannob/ctgrab
Blog: https://goo.gl/Z5uKeC (+)
Description: Monitoring hosts from Cert. Transparency for unprotected installers.

URL: https://github.com/jamie72/IPAPatch
Description: Patch iOS Apps, The Easy Way, Without Jailbreak.

URL: https://github.com/stealth/sshttp
Description: Run a webserver and a sshd on the same port w/o changes. 

URL: https://github.com/guelfoweb/knock
Description: Knock Subdomain Scan.

URL: https://github.com/RoliSoft/ReconScan
Description: Network reconnaissance and vulnerability assessment tools.

URL: http://blog.safebuff.com/2016/07/03/SSRF-Tips/
Related: https://goo.gl/vjVbKZ (+)
Description: Server Side Request Forgery (SSRF) Tips.

URL: https://github.com/D4Vinci/Dr0p1t-Framework
Description: A framework that creates an advanced FUD dropper with some tricks.

URL: https://github.com/CheckPointSW/android_unpacker
Description: A (hopefully) generic unpacker for packed Android apps.

URL: https://github.com/0x09AL/DropboxC2C/
Description: DropboxC2C is a post-exploitation agent which uses Dropbox for C&C Ops.

URL: https://github.com/ambionics/phpggc
Blog: https://www.ambionics.io/blog/php-generic-gadget-chains
Description: PHP Generic Gadget Chains - Exploiting unserialize in unknown environments.

URL: https://github.com/flowztul/keyexec
Description: Collection of scripts to automatically unlock LUKS devices on kexec reboot.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://blog.securelayer7.net/thick-client-penetration-testing-1/
More: https://goo.gl/ym5jYP (+) | https://goo.gl/s6WsNU (+)
Related: https://goo.gl/gXbBzw (+)
Description: Thick Client Penetration Testing.

URL: http://www.rvrsh3ll.net/blog/offensive/ssl-domain-fronting-101/
Description: SSL Domain Fronting 101.

URL: https://blog.doyensec.com/2017/08/03/electron-framework-security.html
Description: Modern Alchemy - Turning XSS into RCE (CVE-2017-12581).

URL: https://zerosum0x0.blogspot.pt/2017/04/doublepulsar-initial-smb-backdoor-ring.html
Description: DoublePulsar Initial SMB Backdoor Ring 0 Shellcode Analysis.

URL: https://goo.gl/FdwEKQ (+)
Advisory: https://goo.gl/3zHjkp (+)
Description: Win10 default user profile is potentially world writable (CVE-2017-0295).

URL: https://landave.io/2017/07/bitdefender-remote-stack-buffer-overflow-via-7z-ppmd/
Description: Bitdefender - Remote Stack Buffer Overflow via 7z PPMD.

URL: https://goo.gl/3xEuby (+)
Description: Why you should never use passwords on your SSH server.

URL: https://blog.phusion.nl/2015/01/20/docker-and-the-pid-1-zombie-reaping-problem/
Description: Docker and the PID 1 zombie reaping problem.

URL: https://ysx.me.uk/managed-apps-and-music-a-tale-of-two-xsses-in-google-play/
Description: Managed Apps and Music - A tale of two XSSes in Google Play.

URL: https://github.com/g0tmi1k/debian-ssh
Description: Debian OpenSSL Predictable PRNG - CVE-2008-0166 (Oldies!).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://www.phreedom.org/research/tinype/
Description: Creating the smallest possible PE executable.

URL: https://github.com/n1try/telegram-middleman-bot
Description: Translates push messages sent via HTTP into Telegram messages.

URL: https://goo.gl/fu93Mg (+)
Description: Operation Luigi -How I hacked my friend without her noticing.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 33 | Month: August | Year: 2017 | Release Date: 18/08/2017 | Edition: #183  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/XAq8qW (+)
Description: Backdoor of All Flickr API Calls by XSSI.

URL: http://lightningsecurity.io/blog/password-not-provided/
Description: Compromising Any Flurry User's Account (Yahoo Bug Bounty).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/Manouchehri/CVE-2017-1000117
Demo: https://asciinema.org/a/133009
Description: Git's vulnerability CVE-2017-1000117.

URL: https://github.com/MooseDojo/apt2/
Description: Automated penetration toolkit.

URL: https://github.com/nccgroup/demiguise
Description: Demiguise - HTA encryption tool.

URL: https://github.com/kudelskisecurity/check_all_apks
Description: Scripts for checking your phone for malware (Drozer).

URL: https://github.com/0x4D31/burpa
Description: A Burp Suite Automation Tool with Slack Integration.

URL: https://github.com/nccgroup/gitpwnd
Description: Tool that lets you use a git repo for C&C of compromised machines.

URL: https://github.com/EgeBalci/HERCULES
Description: HERCULES is a special payload generator that can bypass AV softwares.

URL: https://github.com/phpstan/phpstan
Description: PHP Static Analysis Tool - Discover bugs in your code w/out running it!

URL: http://redplait.blogspot.pt/2017/08/wincheck-rc858.html
Description: Tool that inspects undocumented Windows internal structures.

URL: https://gist.github.com/marcan/23e1ec416bf884dcd7f0e635ce5f2724
Description: Simple Bloom filter in Py3 for use with the HIBP password list.

URL: https://github.com/jessfraz/amicontained
Description: Find out what container runtime is being used/features available.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://illmatics.com/carhacking.html
Description: Car Hacking by Charlie Miller and Chris Valasek (Dump).

URL: https://goo.gl/Yg4QHV (+)
Description: Exploiting Second Order SQLi Flaws by using Burp & Custom Sqlmap Tamper.

URL: https://l.avala.mp/?p=241
Description: Turning LFI into RFI.

URL: https://lowlevelbits.org/reverse-engineering-stickies.app/
Description: Reverse Engineering Stickies.app.

URL: https://www.psattack.com/articles/20170810/application-compatibility-shims/
Description: Application Compatibility Shims.

URL: https://lolware.net/2017/08/01/capturing-mfa-logons.html
PoC: https://github.com/technion/3652fa
Description: Intercepting and Capturing MFA Logons.

URL: https://github.com/casperreverser/CasperReverse/blob/master/writeup.md
Description: Casper API Reverse Engineering.

URL: https://blog.netspi.com/attacking-sso-common-saml-vulnerabilities-ways-find/
Description: Attacking SSO - Common SAML Vulnerabilities and Ways to Find Them.

URL: https://goo.gl/P8EdJH (+)
Description: Mitigating PHP's long standing issue with OPCache leaking sensitive data.

URL: https://aspe1337.blogspot.pt/2017/04/writeup-of-cve-2017-7199.html
Description: Local privilege escalation in Tenable Nessus Agent 6.10.3 (CVE-2017-7199).

URL: http://www.exploit-monday.com/2017/07/bypassing-device-guard-with-dotnet-methods.html
Description: Bypassing Device Guard with .NET Assembly Compilation Methods.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://hackethereum.com/
Description: Don't just get hacked, experience it.

URL: https://gist.github.com/MerryMage/797c523724e2dc02ada86a1cfadea3ee
Description: Dumping the GBA BIOS.

URL: https://github.com/EdOverflow/security-txt
Description: A standard that allows websites to define security policies.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 34 | Month: August | Year: 2017 | Release Date: 25/08/2017 | Edition: #184  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://sheepsec.com/blog/username_enumeration_via_jar.html
Description: Needle in a haystack of .jar files (username enumeration).

URL: https://hackerone.com/reports/198690
Description: SSRF in alerts.newrelic.com exposes entire internal network.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/Plazmaz/LNKUp
Description: Generates malicious LNK file payloads for data exfiltration.

URL: https://github.com/modzero/mod0Umleitung
Description: A Masquerading DNS Server for Windows.

URL: https://github.com/alephsecurity/abootool
Description: Tool to dynamically discover hidden fastboot OEM commands.

URL: https://github.com/doadam/ziVA
More: https://jaq.alibaba.com/community/art/show?articleid=1045
Description: An iOS kernel exploit designated to work on all iOS devices <= 10.3.1.

URL: https://github.com/chrisfosterelli/dockerrootplease
Description: Gives you root on the hostOS, if you're a member of the 'docker' group.

URL: https://github.com/dweinstein/node-google-play
Description: Get details and download apps from Google Play.

URL: https://github.com/fozavci/viproy-voipkit
Description: VIPROY - VoIP Pen-Test Kit for Metasploit Framework.

URL: https://github.com/google/fscrypt
Description: Go tool for managing Linux filesystem encryption.

URL: https://github.com/mak/mlib
Description: Your bag of handy codes for malware researchers.

URL: https://github.com/derrekr/android_security/blob/master/CVE-2017-0576/
Description: Qualcomm crypto engine driver buffer overflow (CVE-2017-0576).

URL: https://github.com/SpiderLabs/portia
Description: Internal network pentest helper (Privilege escalation, Lateral movement,++).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/zsevzD (+)
Description: libFuzzer-gv - New techniques for dramatically faster fuzzing.

URL: https://duo.com/blog/hunting-malicious-npm-packages
Description: Hunting Malicious npm Packages.

URL: https://iayanpahwa.github.io/Reverse-Engineering-IoT-Devices/
Description: Reverse Engineering IoT Devices.

URL: https://toshellandback.com/2017/08/16/mousejack/
Description: Hostile Airwaves - Mousejacking.

URL: https://0x00sec.org/t/game-hacking-winxp-minesweeper/1266
Description: Game Hacking - WinXP Minesweeper.

URL: http://thecyberrecce.net/2017/02/12/reversing-the-trendnet-ts-402/
Description: Reversing the Trendnet TS-402.

URL: https://zhuanlan.zhihu.com/p/28575189
Description: Node.js postgres from SQL injection into code execution.

URL: https://goo.gl/KBsZtt (+)
Description: Trezor — security glitches reveal your private keys!

URL: https://goo.gl/ViLaih (+)
Description: Taking Down Entire Domain Using Vulnerabilities of a SIEM Product.

URL: http://nahamsec.com/secure-your-jenkins-instance-or-hackers-will-force-you-to/
Description: Secure your Jenkins instance or hackers will force you to!


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://ae7.st/g/
Description: Passphrase and Password Generator.

URL: https://dave.cheney.net/2017/08/21/the-here-is-key
Description: The HERE IS key.

URL: http://gbppr.dyndns.org/~gbpprorg/l0pht/l0pht.html
Description: The complete L0pht website from ~Sep ’97.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 35 | Month: September | Year: 2017 | Release Date: 01/09/2017 | Edition: #185 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://hackerone.com/reports/207042
Description: Stealing contact form data on HackerOne (XSS,frame-jumping and JSONP).

URL: https://medium.com/@arbazhussain/pre-domain-wildcard-cors-exploitation-2d6ac1d4bd30
Description: Pre-domain wildcard CORS Exploitation.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/monoxgas/sRDI
Blog: https://silentbreaksecurity.com/srdi-shellcode-reflective-dll-injection/
Description: Shellcode implementation of Reflective DLL Injection.

URL: https://github.com/ucsb-seclab/BootStomp
Paper: https://seclab.cs.ucsb.edu/media/uploads/papers/bootstomp.pdf
Description: BootStomp - A bootloader vulnerability finder.

URL: https://github.com/brannondorsey/mitm-router
Description: Man-in-the-middle wireless access point inside a docker.

URL: https://github.com/bruce30262/TWindbg
Description: PEDA-like debugger UI for WinDbg.

URL: https://goo.gl/d15wVv (+)
Description: Bypassing antivirus on OSX 10.11 with Metasploit – Avast.

URL: https://phoenixpwn.com/
Description: Semi-untethered jailbreak for 9.3.5. All 32-bit devices supported.

URL: https://github.com/xerub/kexty
Description: iOS KEXT (kernel) loader 7.x-9.x

URL: https://github.com/tintinweb/scapy-ssl_tls
Description: SSL/TLS layers for scapy the interactive packet manipulation tool.

URL: https://github.com/4w4k3/BeeLogger
Description: Generate Gmail Emailing Keyloggers to Windows on Linux.

URL: https://github.com/tklengyel/drakvuf
Description: DRAKVUF Black-box Binary Analysis.

URL: https://github.com/SafeBreach-Labs/BITSInject
Description: Inject jobs into the BITS (Background Intelligent Transfer Service) queue.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://sintonen.fi/advisories/qnap-qts-42-multiple-vulnerabilities.txt
Description: QNAP QTS 4.2.x multiple vulnerabilities.

URL: http://bsmt.me/posts/openxc-reversing/
Description: OpenXC Reversing (Car Hacking).

URL: https://goo.gl/7grxsj (+)
Description: EE 4GEE Mobile WiFi Router – Multiple Vulnerabilities Writeup.

URL: https://raw.githubusercontent.com/hatRiot/token-priv/master/abusing_token_eop_1.0.txt
Blog: https://goo.gl/V5axyJ (+)
Description: Abusing Token Privileges For Windows Local Privilege Escalation.

URL: https://gerbenjavado.com/manual-sql-injection-discovery-tips/
Description: Manual SQL injection discovery tips.

URL: https://goo.gl/7psV1M (+)
Description: Making third-party hosted scripts safer with Subresource Integrity.

URL: https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki
Description: Wiki to collect Red Team infrastructure hardening resources.

URL: https://appscreener.us/blog/?code=reading-ios-app-binary-files
More: https://appscreener.us/blog/?code=reading-ios-app-binary-files-part-2-swift
Description: Reading iOS app binary files.

URL: https://goo.gl/2JbZAv (+)
Description: Smuggling HTA files in Internet Explorer/Edge.

URL: https://goo.gl/xFHvXr (+)
Description: Exploitation of IMS in absence of confidentiality and integrity protection.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://research.swtch.com/zip
Description: Zip Files All The Way Down.

URL: https://chris.bolin.co/offline/
Description: You must go offline to view this page.

URL: http://madeintheusbwebsite.azurewebsites.net
Description: Nusbio - Hardware for .NET software.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 36 | Month: September | Year: 2017 | Release Date: 08/09/2017 | Edition: #186 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://zhchbin.github.io/2017/08/30/Uber-XSS-via-Cookie/
Description: XSS Injection via Cookie - Uber Bug Bounty.

URL: https://opnsec.com/2017/08/advanced-flash-vulnerabilities-in-youtube/
More: https://goo.gl/51CacB (+) | https://goo.gl/BDs1Fe (+)
Description: Advanced Flash Vulnerabilities in Youtube.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/v-p-b/oracle_forms
Paper: https://goo.gl/P4zfTA (+)
Description: Oracle Forms Test Scripts.

URL: https://github.com/smythtech/sdnpwn
Description: Software-Defined Networks (SDNs) penetration testing toolkit.

URL: https://github.com/evilsocket/smali_emulator
Description: Emulate a smali source file generated by apktool.

URL: https://blog.didierstevens.com/2017/09/05/abusing-a-writable-windows-service/
Description: Abusing A Writable Windows Service.

URL: https://github.com/mthbernardes/fses
Description: Fuc... Search Engines Scraper - PyLib to scrap url's from search engines.

URL: https://github.com/gendx/pdf-corpus
Description: Python script to quickly create hand-crafted PDF files (Handy).

URL: https://www.doyler.net/security-not-included/certreq-exfiltration
Description: CertReq Exfiltration – Getting Data via Native Tools & CSRs!

URL: https://github.com/evilcos/xssor2
Description: XSS'OR - Hack with JavaScript.

URL: https://github.com/lclevy/ab_decrypt
Description: ab_decrypt.py - An educational python tool to decrypt Android backups.

URL: https://github.com/neoneggplant/EggShell
Related: https://www.redcanary.com/blog/detecting-eggshell-surveillance-tool/
Description: iOS/macOS Remote Administration Tool.

URL: https://github.com/federicodotta/Brida
Blog: https://goo.gl/dGbT3D (+)
Description: The new bridge between Burp Suite and Frida!


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://lgtm.com/blog/apache_struts_CVE-2017-9805
PoC: https://www.exploit-db.com/exploits/42627/ | https://goo.gl/snfMLL (+)
Description: Using QL to find a RCE vulnerability in Apache Struts (CVE-2017-9805).

URL: http://blog.thinkst.com/2017/08/disrupting-aws-s3-logging.html
Description: Disrupting AWS S3 Logging.

URL: http://dmitry.gr/index.php?r=05.Projects&proj=23.%20PSoC4
Description: Exploiting PSoC4 for fun and profit.

URL: https://reactarmory.com/answers/how-can-i-use-css-in-js-securely
Description: How can I use CSS-in-JS securely?

URL: http://www.martinvigo.com/diy-spy-program-abusing-apple-call-relay-protocol/
Description: DIY Spy Program - Abusing Apple’s Call Relay Protocol.

URL: https://benkowlab.blogspot.pt/2017/08/from-onliner-spambot-to-millions-of.html
Description: From Onliner Spambot to millions of email's lists and credentials.

URL: http://blog.pentestbegins.com/2017/08/05/remote-xss-attack-using-csrf/
Description: XSS + CSRF + PayPal's Partner = Unauthorized access to Victim's Account.

URL: https://goo.gl/JhkeQj (+)
Description: Airbnb – Ruby on Rails String Interpolation led to RCE.

URL: http://www.ringzerolabs.com/2017/08/bypassing-anti-analysis-technique-in.html
Description: Bypassing Anti-Analysis Technique In Office Documents.

URL: https://blogs.securiteam.com/index.php/archives/3379
Description: Chrome v59 Turbofan Remote Code Execution (type confusion vulnerability).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://www.imperialviolet.org/2017/08/13/securitykeys.html
Description: Security Keys (101).

URL: https://blog.quarkslab.com/flash-dumping-part-i.html
Description: Flash Dumping.

URL: https://goo.gl/DtNjd8 (+)
Description: Creating a Surveillance Camera using a Pi Zero W.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 37 | Month: September | Year: 2017 | Release Date: 15/09/2017 | Edition: #187 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/H8T3kz (+)
Description: Exploiting JSON Cross Site Request Forgery (CSRF) using Flash.

URL: https://goo.gl/tkrdbm (+)
Description: Gaining Access To An Internal Chat System (SAML Hack - Uber BB).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/xorrior/RemoteRecon
Description: Remote Recon and Collection (post-exploitation).

URL: https://github.com/Cn33liz/StarFighters/
Description: A JS and VBScript Based Empire Launcher.

URL: https://github.com/DataSploit/datasploit
Description: A tool to perform various OSINT techniques.

URL: https://goo.gl/omukkh (+)
Description: How I got your phone number through Facebook.

URL: https://github.com/cujanovic/SSRF-Testing/
Description: SSRF (Server Side Request Forgery) testing resources.

URL: https://goo.gl/54L7rS (+)
Description: Posh-Sysmon Module for Creating Sysmon Configuration Files.

URL: https://github.com/securifybv/ShellLink
Description: A .NET Class Library for processing ShellLink (LNK) files.

URL: https://github.com/ex0dus-0x/D0xk1t
Description: Web-based OSINT and active reconaissance suite.

URL: https://github.com/gvb84/pbscan
Description: Faster and more efficient stateless SYN scanner and banner grabber.

URL: https://github.com/s4n7h0/Halcyon
Description: First IDE for Nmap Script (NSE) Development.

URL: https://github.com/jiayy/android_vuln_poc-exp
Description: This project contains PoCs and Exploits for Android vulnerabilities.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://rtpbleed.com/
Description: The RTP bleed Bug.

URL: http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper-1.pdf
Site: https://www.armis.com/blueborne/
PoC: https://github.com/ojasookert/CVE-2017-0785 | https://goo.gl/r6axfB (+)
Description: The IoT Attack Vector “BlueBorne” Exposes Almost Every Connected Device.

URL: https://goo.gl/3DfDJT (+)
Description: How I Snatched 153,037 ETH After A Bad Tinder Date (Epic!).

URL: https://goo.gl/WZXckr (+)
Description: Enlarge your botnet with top D-Link routers (DIR8xx).

URL: https://goo.gl/2CgsS4 (+)
Description: Detecting Reverse Engineering on Android Apps (Apktool XXE and DT). 

URL: https://courk.fr/index.php/2017/09/10/reverse-engineering-exploitation-connected-clock/
Description: Reverse Engineering & Exploitation of a “Connected Alarm Clock”.

URL: http://tinyhack.com/2017/09/05/mastercard-internet-gateway-service-hashing-design-flaw/
Description: Mastercard Internet Gateway Service: Hashing Design Flaw.

URL: https://www.mdsec.co.uk/2017/09/exploiting-cve-2017-8759-soap-wsdl-parser-code-injection/
PoC: https://goo.gl/kzaTu2 (+) | https://goo.gl/JrsR8c (+) | https://goo.gl/oAnNek (+)
Description: Exploiting SOAP WSDL Parser Code Injection (CVE-2017-8759).

URL: https://diablohorn.com/2017/09/09/understanding-practicing-java-deserialization-exploits/
Description: Understanding & practicing Java deserialization exploits.

URL: http://www.exploit-monday.com/2017/08/exploiting-powershell-code-injection.html
Description: Exploiting PS Code Injection Vulnerabilities to Bypass Constrained Language Mode.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://jesuscoin.network/
Description: Decentralizing Jesus on the Blockchain.

URL: https://quoteinvestigator.com/2013/03/06/artists-steal/amp/
Description: Good Artists Copy; Great Artists Steal.

URL: https://safiire.github.io/blog/2017/08/19/solving-danish-defense-intelligence-puzzle/
Description: Solving a Danish Defense Intelligence Puzzle.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 38 | Month: September | Year: 2017 | Release Date: 22/09/2017 | Edition: #188 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/SsWjW6 (+)
Description: How I hacked hundreds of companies through their helpdesk.

URL: https://goo.gl/NTE4H9 (+)
Description: Joomla! (v3.7.5) Takeover in 20 Seconds with LDAP Injection.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://www.virtuesecurity.com/blog/aws-penetration-testing-s3-buckets/
Plugin: https://github.com/VirtueSecurity/aws-extender
Description: AWS Penetration Testing - S3 Buckets.

URL: https://github.com/zyantific/zydis
Description: Fast and lightweight x86/x86-64 disassembler library.

URL: https://blog.avuln.com/article/4
Description: A couple more common OAuth 2.0 vulnerabilities.

URL: https://github.com/ucsb-seclab/dr_checker
Description: A Soundy Vulnerability Detection Tool for Linux Kernel Drivers.

URL: https://github.com/GDSSecurity/EvilAbigail
Description: Automated Linux evil maid attack.

URL: https://github.com/FireFart/burpcollaborator
Description: This runs Burp Collaborator as a non root user using systemd.

URL: https://github.com/byt3bl33d3r/Invoke-AutoIt
Description: Loads the AutoIt DLL and PowerShell into memory and get code exec.

URL: https://github.com/google/tamperchrome
Blog: https://www.sjoerdlangkemper.nl/2017/08/30/tamper-chrome/
Description: Hacking from within the browser with Tamper Chrome.

URL: https://github.com/IoTsec/Z3sec
Description: Penetration testing framework for ZigBee security research.

URL: https://github.com/anshumanbh/kubebot
Description: Slackbot built with a Kubernetes backend on the Google Cloud Platform.

URL: https://github.com/mrschyte/pentestkoala
Description: Modified dropbear server which acts as a client and allows authless login.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://patrickhurd.pro/blog/posts/popjsanalysis.html
More: http://patrickhurd.pro/blog/posts/616020jsanalysis.html
Description: pop.js Analysis.

URL: http://qiita.com/alfa/items/b0e807ae040fc8f61d20
Description: Vue can easily generate XSS when it is put on SSR (server side rendering).

URL: https://www.hopperapp.com/blog/?p=219
Description: Injecting missing methods at runtime (Hopper Disassembler).

URL: https://goo.gl/QTqj8t (+)
Description: Multi-Platform Macro Phishing Payloads.

URL: http://guptashubham.com/all-about-hackerone-private-program-terapeak/
Description: All About Hackerone Private Program Terapeak.

URL: https://wtf.horse/2017/09/19/common-wifi-attacks-explained/
Description: Common WiFi Attacks And How To Detect Them.

URL: https://0x10f8.wordpress.com/2017/08/07/reverse-engineering-an-eclipse-plugin/
Description: Reverse Engineering an Eclipse Plugin.

URL: https://www.antid0te.com/blog.html
Description: setattrlist() iOS Kernel Vulnerability Explained.

URL: http://blog.quarkslab.com/make-confide-great-again-no-we-cannot.html
Description: Make Confide great again? No, we cannot.

URL: https://goo.gl/fcmP1Y (+)
Description: Microsoft didn’t sandbox Windows Defender, so I did.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://dev.to/tkaczanowski/explaining-programming-to-6-years-old-kids
Description: Explaining Programming to 6 Years Old Kids.

URL: https://goo.gl/GbJLyc (+)
Description: The Curious Case of Null >= 0 (Javascript).

URL: https://learn.sparkfun.com/tutorials/gas-pump-skimmers
Description: Gas Pump Skimmers.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 39 | Month: September | Year: 2017 | Release Date: 29/09/2017 | Edition: #189 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/D2HWmu (+)
Description: Luminate Internal Privilege Escalation — Admin to Owner (No-brainer).

URL: https://goo.gl/mtUa28 (+)
Description: Filter Bypass to Reflected XSS on //finance.yahoo.com (Mobile version).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/federicodotta/HandyCollaborator
Blog: https://goo.gl/jHxuyU (+)
Description: Because Burp Suite Collaborator is useful also during manual testing!

URL: https://github.com/OpenJailbreak/evasi0n6
Description: Evasi0n6 Jailbreak by Evad3rs for iOS 6.0-6.1.2 (Oldies).

URL: https://github.com/rednaga/keystore-shim
Description: Shim to grab keystore backed data (Android).

URL: https://github.com/BeetleChunks/redsails
Description: Post-exploitation tool to bypass host based security monitoring/logging.

URL: https://github.com/utiso/dorkbot
Description: Command-line tool to scan Google search results for vulnerabilities.

URL: https://github.com/evilsocket/bleah
Description: A BLE scanner for "smart" devices hacking.

URL: https://github.com/secretsquirrel/SigThief
Related: https://twitter.com/subTee/status/912769644473098240
Description: Stealing Signatures and Making One Invalid Signature at a Time.

URL: https://github.com/spacehuhn/esp8266_deauther
Description: Deauthentication attack and other hacks using an ESP8266.

URL: https://github.com/jordanpotti/AWSBucketDump
Description: Security Tool to Look For Interesting Files in S3 Buckets.

URL: https://github.com/OALabs/BlobRunner
Description: Tool to quickly debug shellcode extracted during malware analysis.

URL: http://www.shawarkhan.com/2017/08/sarahah-xss-exploitation-tool.html
Description: Sarahah XSS Exploitation Tool - Compromising Sarahah Users.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://rails-sqli.org/
Description: Rails SQL Injection.

URL: https://un-excogitate.org/dormant-domination
Description: Dormant DOMination.

URL: https://goo.gl/SwBQnX (+)
Description: Fuzzing Mimikatz On Windows With WinAFL & Heatmaps.

URL: http://hatriot.github.io/blog/2017/09/19/abusing-delay-load-dll/
Description: Abusing Delay Load DLLs for Remote Code Injection.

URL: https://www.incapsula.com/blog/blocking-session-hijacking-on-gitlab.html
Description: Discovering a Session Hijacking Vulnerability in GitLab.

URL: https://specterops.io/assets/resources/SpecterOps_Subverting_Trust_in_Windows.pdf
PoC: https://github.com/mattifestation/PoCSubjectInterfacePackage
Description: Subverting Trust in Windows.

URL: http://defencely.com/blog/defencely-clarifies-python-object-injection-exploitation/
Description: Defencely Clarifies Python Object Injection Exploitation.

URL: https://www.twistlock.com/2017/06/25/alpine-linux-pt-1-2/
More: https://www.twistlock.com/2017/07/13/alpine-linux-pt-2-twistlock-security-alert/
Description: From vulnerability discovery to code exec (CVE-2017-9669/CVE-2017-9671).

URL: https://medium.com/@th3g3nt3l/900-xss-in-yahoo-recon-wins-65ee6d4bfcbd
Description: 900$ XSS in yahoo (Recon Win!).

URL: https://blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/
Description: A Penetration Tester's Guide to IPMI and BMCs.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://pokeinthe.io/2017/09/14/http-status-code-handling/
Description: HTTP Status Code Handling.

URL: https://github.com/xd4rker/MinerBlock
Description: Web extension to block web based cryptocurrency miners.

URL: https://github.com/KrauseFx/detect.location
Description: Access the user's iOS location data without actually having access.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 40 | Month: October | Year: 2017 | Release Date: 06/10/2017 | Edition: #190 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://blog.blackfan.ru/2017/09/devtwittercom-xss.html
Report: https://hackerone.com/reports/260744
Description: XSS and Open Redirect at dev.twitter.com.

URL: https://forsec.nl/2017/09/smart-home-remote-command-execution-rce/
Description: Smart home (Fibaro Home Center) - Remote Command Execution (RCE).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/NetSPI/BurpCollaboratorDNSTunnel
Blog: https://blog.netspi.com/dns-tunneling-with-burp-collaborator/
Description: A DNS tunnel utilizing the Burp Collaborator.

URL: https://github.com/Bo0oM/CVE-2017-7089
Description: Safari 10 Exploit SOP Bypass -> UXSS (CVE-2017-7089).

URL: https://github.com/nluedtke/linux_kernel_cves
Description: Tracking CVEs for the linux Kernel.

URL: https://github.com/lennartkoopmann/nzyme
Blog: https://goo.gl/Wbf8wk (+)
Description: WiFi Monitoring, Intrusion Detection And Forensics.

URL: https://github.com/cagataycali/xss-listener
Description: Simple XSS Listener with telegram integration.

URL: https://github.com/Netflix/Stethoscope
Description: Stethoscope - User-Focused Security.

URL: https://github.com/stealth/call-graphs
Description: Building call graphs for OpenSSH...

URL: https://github.com/e-ago/bitcracker
Description: Open source password cracking tool for memory units encrypted w/ BitLocker.

URL: https://wmie.codeplex.com/
Description: Browse and view WMI namespaces/classes/instances/props in a single view .

URL: https://github.com/PierreBlazquez/appbleed-ios
Description: AppBleed - Display the currently installed apps on a device (No Jailbreak).

URL: https://github.com/gdelugre/shell-factory
Description: Compiling shellcodes from a C++ src for multiple systems and architectures.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/X5tmUW (+)
Description: Mac OS X Local Javascript Quarantine Bypass.

URL: http://noxxi.de/research/breaking-dkim-on-purpose-and-by-chance.html
Description: Breaking DKIM - on Purpose and by Chance.

URL: https://phoenhex.re/2017-06-09/pwn2own-diskarbitrationd-privesc
More: https://phoenhex.re/2017-07-06/pwn2own-sandbox-escape
Description: Pwn2Own - Safari Sandbox (CVE-2017-2533).

URL: https://github.com/Plailect/keyshuffling
Description: Code Execution in the Nintendo 3DS Secure Bootchain.

URL: https://blog.filippo.io/we-need-to-talk-about-session-tickets/
Description: We need to talk about Session Tickets (TLS 1.2).

URL: https://goo.gl/AZ8qRV (+)
Description: Illusion Gap – Antivirus Bypass.

URL: https://halbecaf.com/2017/05/24/exploiting-a-v8-oob-write/
Description: Exploiting a V8 OOB write.

URL: https://sockpuppet.org/blog/2015/01/15/against-dnssec/
Description: Against DNSSEC (Oldies).

URL: https://goo.gl/Fk6FpM (+)
PoC: https://github.com/hannob/optionsbleed
Description: Optionsbleed - HTTP OPTIONS method can leak Apache's server memory.

URL: https://blog.ropchain.com/2017/04/03/disarming-emet-5-52/
Description: Disarming EMET 5.52 - Controlling it all with a single write action.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/k3170makan/PyMLProjects/tree/master/passwords
Description: Generating Passwords with an LSTM.

URL: https://ro-che.info/articles/2017-09-17-booking-com-manipulation
Description: How Booking.com manipulates you.

URL: https://jordaneldredge.com/projects/winamp2-js/
Description: A reimplementation of Winamp 2.9 in HTML5 and Javascript.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 41 | Month: October | Year: 2017 | Release Date: 13/10/2017 | Edition: #191 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://georgemauer.net/2017/10/07/csv-injection.html
Description: The Absurdly Underestimated Dangers of CSV Injection.

URL: https://justi.cz/security/2017/10/07/rubygems-org-rce.html
Description: Remote Code Execution on rubygems.org.

URL: https://blog.zsec.uk/subdomainhijack/
Description: My First CloudFront Domain Takeover/Hijack.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/sakurity/racer
Description: One-click utility to test race conditions.

URL: https://github.com/in7egral/ios-jailbreak-patchfinder64
Description: iOS kernel analyser for jailbreak research.

URL: https://github.com/dalmoz/sonoff-evil
Slides: https://goo.gl/FQoxvU (+)
Description: Sonoff evil firmware PoC.

URL: https://github.com/suraj-root/smap
Description: Shellcode mapper.

URL: https://github.com/Yukinoshita47/Yuki-Chan-The-Auto-Pentest
Description: Automated Penetration Testing tool.

URL: https://github.com/eldraco/Salamandra
Description: Salamandra Spy Microphone Detection Tool.

URL: https://github.com/NickstaDB/BaRMIe
Related: https://nickbloor.co.uk/2018/01/26/popping-password-protected-jmx/
Description: Java RMI enumeration and attack tool.

URL: https://github.com/nopernik/sshpry
Description: Seamlessly spy on SSH session like it is your tty.

URL: https://github.com/gelim/censys
Description: Python code to query the Censys public scan database.

URL: https://github.com/JohnTroony/Blisqy
Description: Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).

URL: https://github.com/cyberheartmi9/CVE-2017-12617
Description: JSP Upload Bypass/RCE vulnerability in Apache Tomcat (CVE-2017-12617).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/d6XGkh (+)
Description: Token-Based Authentication Protocols without Side-Channels.

URL: https://goo.gl/96rGuw (+)
Description: iOS Privacy - Easily get the user's Apple ID password, just by asking.

URL: http://www.chokepoint.net/2017/10/exposing-server-ips-behind-cloudflare.html
Description: Exposing Server IPs Behind CloudFlare.

URL: https://goo.gl/HEpNnN (+)
Tool: https://github.com/b-mueller/mythril/
Description: Mythril - A framework for bug hunting on the Ethereum blockchain.

URL: https://smartlockpicking.com/tutorial/my-smart-lock-vendor-disappeared/
Description: My smart lock vendor disappeared and shut the servers.

URL: https://goo.gl/z1zesp (+)
Slides: https://goo.gl/9yz6VL (+)
Description: Escalating Privileges in Linux using Voltage Fault Injection.

URL: https://blog.liftsecurity.io/2017/04/14/sql-and-more-via-xss-in-pgadmin4/
Description: SQL Injection & more via XSS in pgAdmin 4.

URL: https://goo.gl/F7fdBb (+)
Description: Introduction to Dynamic instrumentation in Mobile Security.

URL: https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
Related: https://goo.gl/xzjAS6 (+)
Description: Macro-less Code Exec in MSWord.

URL: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
Related: https://medium.com/websec/wordpress-sqli-how-to-find-ebee713457e4
Description: Wordpress SQLi Issue and How to Find.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/virtualabs/radiobit
Board: https://os.mbed.com/platforms/Microbit/
Description: BBC Micro - Bit RF firmware.

URL: http://clickheretosavetheworld.com/
Description: Click here to save the world.

URL: https://gavv.github.io/blog/pulseaudio-under-the-hood/
Description: PulseAudio under the hood.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 42 | Month: October | Year: 2017 | Release Date: 20/10/2017 | Edition: #192 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://kate.io/blog/git-bomb/
Description: Exploding Git Repositories.

URL: https://blogs.securiteam.com/index.php/archives/3430
Description: Webmin XSS -> RCE + CSRF + SSRF.

URL: https://kciredor.com/taking-over-every-ad-on-olx-automated-an-idor-story.html
Description: Taking over every Ad on OLX (automated), an IDOR story.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/b-mueller/apkx
Description: Extract Java Sources from Android APK Archives.

URL: https://github.com/4w4k3/Umbrella
Description: A Phishing Dropper designed to Pentest.

URL: https://github.com/tomwimmenhove/subarufobrob
Related: https://goo.gl/D6DyfA (+)
Description: Hijack a Subaru's key fob and steal all the things.

URL: https://github.com/Paradoxis/StegCracker
Description: Steganography Brute-Force tool to uncover hidden data inside files.

URL: https://github.com/floyd-fuh/JKS-private-key-cracker-hashcat
Description: Cracking passwords of private key entries in a JKS file.

URL: https://github.com/CylanceVulnResearch/ReflectiveDLLRefresher
Description: ReflectiveDLLRefresher - Universal Unhooking.

URL: https://github.com/wetw0rk/malicious-wordpress-plugin
Description: Simply generates a WP Plugin that will grant you a reverse shell.

URL: https://github.com/georgenicolaou/nfi
Description: Silensec's Nyuki Forensics Investigator (Mobile Forensics).

URL: https://github.com/minisllc/metatwin
Blog: https://goo.gl/SSHGQs (+)
Description: Borrowing Microsoft Metadata and Digital Signatures to "Hide" Binaries.

URL: https://github.com/realgam3/pymultitor
Description: Python Multithreaded Tor Script (Algorithm).

URL: https://github.com/agustingianni/memrepl
Description: Memory inspection REPL interface.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://www.nomotion.net/blog/sharknatto/
Description: SharknAT&To.

URL: https://warroom.securestate.com/cve-2017-9769/
Description: Razer rzpnk.sys IOCTL 0x226050 ZwOpenProcess (CVE-2017-9769).

URL: https://www.krackattacks.com/
PoC: https://goo.gl/3G5wNM (+)
More: https://github.com/kristate/krackinfo | https://goo.gl/zLiuea (+)
Description: Key Reinstallation Attacks - Breaking WPA2 by forcing nonce reuse.

URL: http://hexdetective.blogspot.pt/2017/02/exploiting-android-s-boot-getting.html
Description: Exploiting Android S-Boot - Arbitrary Code Exec in the Samsung Bootloader.

URL: https://goo.gl/kqbzgz (+)
Description: Apache Solr (XXE & RCE).

URL: http://codepool.me/NET-Reverse-Enginering-Part-1/
Description: .NET Reverse Engineering.

URL: https://goo.gl/Ap47c2 (+)
Description: Flipping Bits and Opening Doors (Reverse Engineering Research).

URL: https://crocs.fi.muni.cz/public/papers/rsa_ccs17
Related: https://goo.gl/QVJihq (+) | https://github.com/crocs-muni/roca
Description: ROCA - Vulnerable RSA generation (CVE-2017-15361).

URL: https://www.bamsoftware.com/papers/fronting/
PoC: https://github.com/rvrsh3ll/FindFrontableDomains
Description: Blocking-resistant communication through domain fronting.

URL: https://blog.flanker017.me/cve-2017-2416-gif-remote-exec/
Description: RCE by malformed GIF in iOS/MacOS ImageIO framework (CVE-2017-2416).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://goo.gl/sSF3up (+)
Description: NULL vs Empty Strings – Why Oracle Was Right and Apple Is Not.

URL: https://gist.github.com/1wErt3r/4048722
Description: A Comprehensive Super Mario Bros. Disassembly.

URL: https://github.com/d33tah/call-for-wpa3
Description: Call for WPA3 - What's wrong with WPA2 security and how to fix it!


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 43 | Month: October | Year: 2017 | Release Date: 27/10/2017 | Edition: #193 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://blog.intothesymmetry.com/2017/10/slack-saml-authentication-bypass.html
Description: Slack SAML authentication bypass.

URL: https://goo.gl/hMHdD7 (+)
Description: Access both iPhone cameras any time your app is running (iOS Privacy).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/insp3ctre/race-the-web
Description: Tests for race conditions in web applications.

URL: https://github.com/koenbuyens/kalirouter
Description: Intercepting kali router.

URL: https://github.com/p292/DDEAutoCS
Description: A cobaltstrike script that integrates DDEAuto Attacks.

URL: https://github.com/ecthros/uncaptcha
Description: Defeating Google's audio reCaptcha with 85% accuracy.

URL: https://github.com/TryCatchHCF/DumpsterFire
Description: DumpsterFire Toolset.

URL: https://github.com/Proteas/native-lldb-for-ios
Description: Native LLDB(v3.8) for iOS.

URL: https://github.com/operatorequals/chmod-stego
Description: Passing data through UNIX file privilege numbers (RWX Triplets).

URL: http://infosecninja.blogspot.pt/2017/09/android-kiosk-browser-lock-down.html
Description: Android Kiosk Browser Lock down Security Testing Checklist.

URL: http://subt0x10.blogspot.pt/2017/08/msxslexe-working-as-designed.html
Description: msxsl.exe Working As Designed.

URL: https://github.com/CredDefense/CredDefense
Media: https://goo.gl/nvC6uB (+) | https://goo.gl/PVomj1 (+)
Description: Credential and Red Teaming Defense for Windows Environments.

URL: https://goo.gl/5jwWoj (+)
Description: Security Issue in ASP.NET MVC3 JsonValueProviderFactory (Oldies).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://0.me.uk/ev-phishing/
Description: Phishing with EV.

URL: https://www.fidusinfosec.com/tp-link-remote-code-execution-cve-2017-13772/
Description: A Curious Tale of RCE, The TP-Link Story (CVE-2017-13772).

URL: http://bobao.360.cn/learning/detail/4534.html
Helper: https://github.com/feicong/lua_re
Description: Technical Analysis of Lua File Format in Lua Program.

URL: http://www.sysadminjd.com/adv170014-ntlm-sso-exploitation-guide/
Related: https://room362.com/post/2016/smb-http-auth-capture-via-scf/
Description: NTLM SSO - Exploitation Guide (SCF Hack Strikes Again).

URL: https://appelsiini.net/2017/reverse-engineering-location-services/
Description: Reverse Engineering Apple Location Services Protocol.

URL: https://nickcano.com/reversing-league-of-legends-client/
Description: Reversing the League of Legends Client.

URL: https://fail0verflow.com/blog/2017/ps4-namedobj-exploit/
Description: The First PS4 Kernel Exploit - Adieu.

URL: http://www.geeknik.net/7k9et2d9e
Description: Out of bounds bug in libcurl's IMAP FETCH (CVE-2017-1000257).

URL: https://embedi.com/blog/uefi-bios-holes-so-much-magic-dont-come-inside
Description: UEFI BIOS holes. So Much Magic. Don’t Come Inside.

URL: https://goo.gl/rYdJdk (+)
Description: Split Tunnel SMTP Exploit Explained.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://goo.gl/xASVx1 (+)
Description: Writing a retro 3D FPS engine from scratch.

URL: http://www.dicewarepasswords.com/
Description: DiceWARE.

URL: http://webjack.io/
Description: Arduino library for communication between a browser and an Arduino.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 44 | Month: November | Year: 2017 | Release Date: 03/11/2017 | Edition: #194 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/Up218B (+)
Description: How i found an SSRF in Yahoo! Guesthouse (Recon Wins).

URL: http://stamone-bug-bounty.blogspot.pt/2017/10/dom-xss-auth_14.html
Description: DOM Cross-site scripting (XSS) at Uber.

URL: https://goo.gl/Arvvgp (+)
Description: Messing with the Google Buganizer System for $15,600 in Bounties.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/cldrn/macphish
Description: Office for Mac Macro Payload Generator.

URL: https://github.com/milesrichardson/docker-onion-nmap
Related: https://goo.gl/enkmpw (+)
Description: Scan .onion hidden services with nmap using Tor, proxychains and dnsmasq.

URL: https://github.com/airbus-seclab/powersap
Description: Powershell SAP assessment tool.

URL: https://github.com/Arno0x/NtlmRelayToEWS
Description: ntlm relay attack to Exchange Web Services.

URL: https://github.com/chaitin/passionfruit
Description: Simple iOS app blackbox assessment tool.

URL: https://github.com/lclevy/unarcrypto
Description: Tool to depict cryptography usage in zip, rar and 7zip archives.

URL: https://benkowlab.blogspot.pt/2017/05/feedback-on-how-to-build-smb-honeypot.html
Description: Feedback on how build SMB Honeypot.

URL: https://github.com/checkyfuntime/iMessagesBackdoor
Description: Script to setup an event handler in order to install a backdoor.

URL: https://github.com/trustedsec/trevorc2
Blog: https://1337red.wordpress.com/an-introduction-to-trevorc2/
Description: TrevorC2 - Command and Control via Legitimate Behavior over HTTP.

URL: https://github.com/osqzss/gps-sdr-sim
Description: Software-Defined GPS Signal Simulator.

URL: https://github.com/sensepost/kwetza
Description: Script to inject existing Android apps with a Meterpreter payload.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/kojasB (+)
Related: https://goo.gl/B5Xmhi (+)
Description: Use CLR to maintain persistence (No-Admin).

URL: https://edoverflow.com/2017/broken-link-hijacking/
Description: Broken Link Hijacking - How expired links can be exploited.

URL: https://security.tencent.com/index.php/blog/msg/116
PoC: https://gist.github.com/PaulCher/324690b88db8c4cf844e056289d4a1d6
Description: FFmpeg Heap Overflow Vulnerability Analysis (CVE-2016-10190).

URL: https://lucasg.github.io/2017/10/15/Api-set-resolution/
Description: Windows API Sets schema (resolution).

URL: https://goo.gl/n6rbcT (+)
Description: Hacking with dex-oracle for Android Malware Deobfuscation.

URL: https://goo.gl/STZHRC (+)
Description: Browser security beyond sandboxing (Google Chrome).

URL: https://goo.gl/jkFJjg (+)
Description: Hey Chef, What's the Length of your Encrypted Password?

URL: https://goo.gl/mJoCR2 (+)
Description: Fake Crypto - MS Outlook S/MIME Cleartext Disclosure (CVE-2017-11776).

URL: http://agrrrdog.blogspot.pt/2017/03/autobinding-vulns-and-spring-mvc.html
Description: Autobinding vulns and Spring MVC.

URL: https://adamcaudill.com/2017/10/04/exploiting-jackson-rce-cve-2017-7525/
Related: https://goo.gl/EkqUQr (+)
Description: Exploiting the Jackson RCE (CVE-2017-7525).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/exploitagency/ESP-RFID-Thief
Description: ESP-RFID-Thief.

URL: https://www.sneakymonkey.net/2016/10/30/raspberrypi-nsm/
Description: RaspberryPi NSM.

URL: https://goo.gl/geiujj (+)
Description: How we found @rogerkver’s $1000 wallet obfuscated private key.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 45 | Month: November | Year: 2017 | Release Date: 10/11/2017 | Edition: #195 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://philippeharewood.com/posting-gifs-as-anyone-on-facebook/
Description: Posting GIFs as anyone on Facebook.

URL: https://ysx.me.uk/app-maker-and-colaboratory-a-stored-google-xss-double-bill/
Description: App Maker and Colaboratory - A stored Google XSS double-bill.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/UltimateHackers/Blazy/
Description: Login BF which also tests for CSRF, Clickjacking, Cloudflare and WAF.

URL: https://goo.gl/Apc2Mr (+)
Description: Dark Web OSINT With Python and OnionScan.

URL: https://diablohorn.com/2017/08/15/brute-forcing-encrypted-web-login-forms/
Description: Brute forcing encrypted web login forms.

URL: https://git.stan.sh/SL-Process/DataBuster-VPN
Description: Network-wide adblocker, anti-tracker, and privacy guardian.

URL: https://github.com/neex/gifoeb
Description: Exploit for ImageMagick's uninitialized memory disclosure in gif coder.

URL: https://github.com/enjoiz/BSQLinjector
Description: Blind SQL injection exploitation tool written in ruby.

URL: https://github.com/GraxCode/JByteMod-Beta
Description: JByteMod is a multifunctional bytecode editor.

URL: https://github.com/mwrlabs/OSXFuzz
Description: macOS 10.13 kernel fuzzer using multiple different methods.

URL: https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-6074
Description: DCCP double-free vulnerability - Linux kernel local root (CVE-2017-6074).

URL: https://github.com/xairy/kernel-exploits/blob/master/CVE-2017-1000112/poc.c
Description: Local root PoC Includes KASLR and SMEP bypasses (CVE-2017-1000112).

URL: https://github.com/alepacheco/AndroRW
Description: PoC Ransomware for android.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://pentestlab.blog/2017/08/29/command-and-control-dropbox/
PoC: https://github.com/Arno0x/DBC2
Description: Command and Control – DropBox.

URL: https://goo.gl/DD871b (+)
Description: Apache James 3.0.1 JMX Server Deserialization (CVE-2017-12628).

URL: https://reverse.put.as/2017/11/07/exploiting-cve-2017-5123/
Related: https://salls.github.io/Linux-Kernel-CVE-2017-5123/
Description: Exploiting CVE-2017-5123.

URL: https://pleasestopnamingvulnerabilities.com/
Description: Remote Kernel Bugs Affecting Android Phones.

URL: https://gdelugre.github.io/2017/11/06/samba-path-pivot-attack/
PoC: https://github.com/gdelugre/path-pivot
Description: Samba race CVE-2017-2619 using USB gadget.

URL: https://jesux.es/exploiting/blueborne-android-6.0.1/
Description: BlueBorne RCE on Android 6.0.1 - How to (CVE-2017-0781).

URL: https://modexp.wordpress.com/2017/10/30/poly-mutex-names/
Description: Polymorphic Mutex Names ("Malware" Research).

URL: http://research.rootme.in/stealing-csvs-crossdomain/
Description: Stealing CSVs crossdomain.

URL: https://goo.gl/QyY7fX (+)
Description: flatCore CMS 1.4.6 - Remote Code Execution and Easteregg.

URL: https://whereisk0shl.top/Dark%20Composition%20Exploit%20in%20Ring0.html
Description: Win32k Dark Composition - Attacking the Shadow Part of Graphic Subsys.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/xxhomey19/nba-go
Description: The finest NBA CLI.

URL: http://trillian.mit.edu/~jc/humor/ATT_Copyright_true.html
Description: The /bin/true Command and Copyright

URL: https://gamehistory.org/aladdin-source-code/
Description: Digging for treasure in Aladdin’s source code.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 46 | Month: November | Year: 2017 | Release Date: 17/11/2017 | Edition: #196 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://www.noob.ninja/2017/11/local-file-read-via-xss-in-dynamically.html
Description: Local File Read via XSS in Dynamically Generated PDF.

URL: https://justi.cz/security/2017/11/14/couchdb-rce-npm.html
Description: Remote Code Execution in CouchDB (CVE-2017-12635).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/D4Vinci/Cr3dOv3r
Description: Know the dangers of credential reuse attacks.

URL: https://github.com/UnkL4b/GitMiner
Description: Tool for advanced mining for content on Github.

URL: https://github.com/theori-io/pwnjs
Description: A Javascript library for browser exploitation.

URL: https://github.com/techbliss/EHF_attachment_converter
Description: Electronic Commerce Format (EHF) Attachment converter.

URL: https://github.com/orf/xcat
Description: Automate XPath injection attacks to retrieve documents.

URL: http://blog.vulspy.com/2017/11/09/Wordpress-4-8-2-SQL-Injection-POC/
Description: Wordpress <= 4.8.2 SQL Injection PoC.

URL: http://rickyhan.com/jekyll/update/2017/11/10/bypassing-recaptcha.html
Description: Hacking Google reCaptcha.

URL: https://github.com/0xdeadbeefJERKY/Office-DDE-Payloads
Description: Generate Office documents using macro-less command execution technique.

URL: https://www.illuminatejs.com
Description: IlluminateJs is a static javascript analysis engine (aka deobfuscator).

URL: https://github.com/salesforce/AutoTriageBot
Description: Verifies, deduplicates, and suggests payouts for incoming HackerOne reports.

URL: https://github.com/kgretzky/dcrawl
Description: Multi-threaded crawler for randomly gathering lists of unique domain names.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://bo0om.ru/chrome-and-safari-uxss
PoC: https://github.com/Bo0oM/CVE-2017-5124
Description: Chrome < 62 uxss exploit (CVE-2017-5124).

URL: https://staaldraad.github.io/2017/11/12/polycom-hdx-rce/
Description: Polycom HDX Series RCE.

URL: https://goo.gl/zgaNZu (+)
Description: Windows Defender Exploit Guard ASR VBScript/JS Rule.

URL: https://ionize.com.au/stealing-amazon-ec2-keys-via-xss-vulnerability/
Description: Stealing Amazon EC2 Keys via an XSS Vulnerability.

URL: https://rot.fi/2017/11/07/wan-to-lan-exploitation-of-4g-broadband-modem/
Description: WAN-to-LAN exploitation of 4G broadband modem.

URL: https://goo.gl/oPM722 (+)
Description: Getting Local Admin by Abusing the Anti-Virus Quarantine (#AVGater).

URL: https://goo.gl/k6wTv6 (+)
Description: Detecting CrackMapExec (CME) with Bro, Sysmon, and Powershell logs.

URL: https://depthsecurity.com/blog/using-python-to-get-a-shell-without-a-shell
Description: Using Python To Get A Shell Without A Shell.

URL: http://antonioparata.blogspot.pt/2017/11/shed-inspect-net-malware-like-sir.html
Tool: https://github.com/enkomio/shed
Description: Shed - Inspect .NET malware like a Sir.

URL: https://xorl.wordpress.com/2017/11/11/cve-2017-13089-wget-http-integer-overflow/
Description: wget HTTP integer overflow (CVE-2017-13089).

URL: https://edoverflow.com/2017/ruby-resolv-bug/
Description: Bypassing SSRF filters by abusing a bug in Ruby's resolver (CVE-2017-0904).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://korban.net/posts/postgres/2017-11-02-the-case-against-orms/
Description: The case against ORMs.

URL: https://martinmelhus.com/web-audio-modem/
Description: Web Audio Modem.

URL: https://github.com/Lallassu/voxelengine3
Description: Voxel-engine in Javascript.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 47 | Month: November | Year: 2017 | Release Date: 24/11/2017 | Edition: #197 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://statuscode.ch/2017/11/from-markdown-to-rce-in-atom/
Description: From Markdown to RCE in Atom.

URL: https://blog.zsec.uk/rce-chain/
Description: Leading the Blind to Light! - A Chain to RCE.

URL: https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about
PoCs: https://goo.gl/WDq2Ki (+) | https://github.com/0x09AL/CVE-2017-11882-metasploit
Description: Skeleton in the closet. MS Office vulnerability you didn’t know about.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/zodiacon/DriverMon
Description: Monitor activity of any driver.

URL: https://goo.gl/Mh8xdi (+)
Description: Analyzing a .NET Core Core Dump on Linux.

URL: https://github.com/n4xh4ck5/V1D0m
Description: Enumerate subdomains through Virustotal.

URL: https://github.com/b3rito/yotter
Description: Yotter - Find information leakage.

URL: https://github.com/hacktics/vehicle
Description: Viewstate Hidden Control Enumerator.

URL: https://ss64.com/ps/
Description: An A-Z Index of Windows PowerShell commands.

URL: https://mike-n1.github.io/ExtensionsOverview
Description: Why BlackList < WhiteList (XSS with various types of extensions).

URL: https://github.com/tiagorlampert/sAINT
Description: (s)AINT is a Spyware Generator for Windows systems written in Java.

URL: https://github.com/evilsocket/sg1
Description: Swiss army knife for data encryption, exfil and covert communication.

URL: https://goo.gl/sXaCHB (+)
Description: Windows oneliners to download remote payload and execute arbitrary code.

URL: https://github.com/hzqst/Syscall-Monitor
Description: System monitor program (like Sysinternal's Process Monitor) for Windows7+. 


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/6kXDq6 (+)
Description: Moodle URL Manipulation Remote Account Information Disclosure.

URL: https://openeffect.ca/snifflab-an-environment-for-testing-mobile-devices/
Code: https://github.com/andrewhilts/snifflab
Description: Snifflab - An environment for testing mobile devices.

URL: https://github.com/GrrrDog/TLS-Redirection
Description: TLS Redirection (and Virtual Host Confusion).

URL: https://goo.gl/SF3fE2 (+)
Description: Xplico Unauthenticated Remote Code Execution CVE-2017-16666.

URL: https://digi.ninja/blog/xss_steal_csrf_token.php
Description: Stealing CSRF tokens with XSS.

URL: https://goo.gl/UWPKNC (+)
Description: Auditing code for crypto flaws - The first 30 minutes.

URL: https://blog.xpnsec.com/becoming-system/
Description: Alternative methods of becoming SYSTEM.

URL: https://goo.gl/3LbCnL (+)
Description: Attacking Uninitialized Variables with Recursion.

URL: https://samczsun.com/privilege-escalation-legalrobot/
Description: Privilege Escalation on LegalRobot through Type Confusion.

URL: https://diablohorn.com/2017/05/21/quantum-insert-bypassing-ip-restrictions/
Description: Quantum Insert - Bypassing IP restrictions.

URL: https://blog.conscioushacker.io/index.php/2017/10/25/evading-microsofts-autoruns/
Description: Evading Microsoft's AutoRuns.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://goo.gl/hVo9SC (+)
Description: Disabling the Intel Management Engine. 

URL: https://nickjanetakis.com/blog/run-the-first-edition-of-unix-1972-with-docker
Description: Run the First Edition of Unix (1972) with Docker.

URL: https://goo.gl/oQexiF (+)
Description: 10 Year Old Root Exploit Found in 'man' Command.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 48 | Month: December | Year: 2017 | Release Date: 01/12/2017 | Edition: #198 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://ysx.me.uk/taking-note-xss-to-rce-in-the-simplenote-electron-client/
Description: Taking note: XSS to RCE in the Simplenote Electron client.

URL: https://objective-see.com/blog/blog_0x24.html
More: https://goo.gl/NVfhHN (+)
Description: macOS High Sierra easy root analysis (CVE-2017–13872).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://c0d3g33k.blogspot.pt/2017/11/story-of-json-xss.html
Description: Story of a JSON XSS.

URL: https://github.com/droidefense/engine
Description: Droidefense - Advance Android Malware Analysis Framework.

URL: https://github.com/depthsecurity/haveIbeenHarvested
Description: Automated HaveIbeenPwned lookups using theharvester results.

URL: https://github.com/mhelwig/apk-anal
Description: Android APK analyzer based on radare2 and others.

URL: https://github.com/intezer/linux-explorer
Description: Easy-to-use live forensics toolbox for Linux endpoints.

URL: https://github.com/frranck/asm2c
Description: Swift tool to transform DOS/PMODEW 386 TASM Assembly code to C code.

URL: https://github.com/tiagorlampert/CHAOS
Description: CHAOS Framework allow generate payloads and control remote machines.

URL: https://github.com/int0/ltmdm64_poc
Description: Windows 7 SP1 x64 Code Integrity Bypass POC using ltmdm64.sys.

URL: https://github.com/OsandaMalith/Exe2Image
Description: A simple utility to convert EXE files to JPEG images and vice versa.

URL: https://osandamalith.com/2017/03/24/places-of-interest-in-stealing-netntlm-hashes
Description: Places of Interest in Stealing NetNTLM Hashes.

URL: https://github.com/LordNoteworthy/al-khaser
Description: Public malware techniques used in the wild (VM, Emulation, Debuggers,...).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://jacksonbaker.net/reverse-engineering-the-misfit-bolt-btle-protocol/
More: https://goo.gl/UJX5RY (+)
Description: Reverse Engineering the Misfit Bolt BTLE Protocol.

URL: https://medium.com/bindecy/huge-dirty-cow-cve-2017-1000405-110eca132de0
PoC: https://github.com/bindecy/HugeDirtyCowPOC
Description: "Huge Dirty COW" - The incomplete Dirty COW patch (CVE-2017–1000405).

URL: https://haiderm.com/fully-undetectable-backdooring-pe-files/
Description: Fully undetectable backdooring PE files.

URL: https://goo.gl/k5FhZY (+)
Description: Find the True IP Address for a .Onion Hidden Service with Burp.

URL: https://goo.gl/1oGthj (+)
PoC: https://github.com/appsecco/spaces-finder
Description: Hunting publicly accessible DigitalOcean Spaces.

URL: https://raesene.github.io/blog/2017/05/01/Kubernetes-Security-etcd/
Related: https://github.com/kayrus/kubelet-exploit
Description: Kubernetes Attack Surface - etcd.

URL: https://medium.com/@5yx/dde-word-exec-3e57cc45b401
Related: https://gist.github.com/xillwillx/171c24c8e23512a891910824f506f563
Description: MSWord script injection using DDE.

URL: https://www.xorrior.com/You-Have-The-Right-to-Remain-Cylance/
Description: Bypass Cylance Memory Exploitation Defense & Script Cntrl.

URL: https://medium.com/@infodox/pwning-red-team-toys-crunchrat-rce-ce83e1d09ae9
Description: Pwning Red Team Toys - CrunchRAT RCE.

URL: http://blog.sec-consult.com/2017/04/what-unites-hp-philips-and-fujitsu-one.html
Description: What unites HP, Philips and Fujitsu? One service and millions of vul. devices.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://tldr.sh/
Description: Simplified and community-driven man pages.

URL: http://www.readylinux.com/
Description: Operating System Version 0.1.

URL: https://www.darkoperator.com/blog/2017/11/20/some-comments-and-thoughts-on-tradecraft
Description: Some Comments and Thoughts on Tradecraft.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 49 | Month: December | Year: 2017 | Release Date: 08/12/2017 | Edition: #199 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/XrGehX (+)
Description: XXE OOB extracting via HTTP+FTP using single opened port.

URL: https://goo.gl/VdAeoT (+)
Description: LFI to Command Execution - Deutche Telekom Bug Bounty.

URL: https://www.mailsploit.com/index
Description: Bugs in email clients that allow spoofing and code injection attacks.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/gellin/TeamViewer_Permissions_Hook_V1
Description: TeamViewer Pwn via sharing a desktop session.

URL: https://goo.gl/oTx3iE (+)
Description: An Introduction to Writing .NET Executables for Pentesters.

URL: https://github.com/eth0izzle/bucket-stream
Related: https://github.com/bbb31/slurp
Description: Find interesting Amazon S3 Buckets by watching CT logs. 

URL: https://github.com/AlessandroZ/LaZagne
Description: Credentials recovery project.

URL: https://github.com/microsoft/procdump-for-linux
Description: A Linux version of the ProcDump Sysinternals tool.

URL: https://github.com/cryptolok/CryKeX
Description: Linux Memory Cryptographic Keys Extractor.

URL: https://bitrot.sh/post/30-11-2017-domain-fronting-with-meterpreter/
Description: Domain Fronting with Meterpreter.

URL: https://github.com/rnehra01/arp-validator
Description: Security Tool to detect arp poisoning attacks.

URL: https://github.com/vysec/morphHTA
Description: morphHTA - Morphing Cobalt Strike's evil.HTA.

URL: https://github.com/rapid7/metasploit-aggregator
Description: The Metasploit Aggregator is a proxy for Meterpreter sessions.

URL: https://github.com/sourceclear/ransomware-poc
Description: Ransomware for Spring MVC Apps.

URL: https://github.com/yandex/burp-molly-scanner/
Description: Use Burp as a headless active WebApp vulnerability scanner.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://decidedlygray.com/2017/08/10/modifying-and-building-burp-extensions/
Description: Modifying and Building Burp Extensions.

URL: https://blog.elcomsoft.com/2017/11/ios-11-horror-story-the-rise-and-fall-of-ios-security/
Description: iOS 11 Horror Story - The Rise and Fall of iOS Security.

URL: https://goo.gl/FZuEMi (+)
Description: FireEye Security Bug - Possible connection to physical host and adjacent network.

URL: https://codinguy.net/2013/06/03/insertion-encoderdecoder-shellcode/
Description: Encoder/Decoder Shellcode (Oldies).

URL: http://blog.bentkowski.info/2017/11/yet-another-google-caja-bypasses-hat.html
Description: Yet Another Google Caja bypasses hat-trick. 

URL: http://az4n6.blogspot.fr/2017/10/finding-and-decoding-malicious.html
Description: Finding and Decoding Malicious PowerShell Scripts.

URL: https://www.chrisdcmoore.co.uk/post/oneplus-analytics/
Description: OnePlus OxygenOS built-in analytics.

URL: http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html
Description: Vulnerability Walkthrough - 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability.

URL: https://blog.xpnsec.com/windows-warbird-privesc/
Description: Kernel Exploit Demo - Windows 10 privesc via WARBIRD.

URL: https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
Description: A Busybox autocompletion vulnerability (CVE-2017-16544).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://karl-voit.at/2016/02/07/accessing-home-ssh-via-tor/
Description: Accessing Your Home Server Via SSH over the Tor Network. 

URL: http://dmitry.gr/?r=05.Projects&proj=07.%20Linux%20on%208bit
Description: Linux on an 8-bit micro?

URL: https://github.com/xtr4nge/FruityWifi
Description: FruityWiFi is a wireless network auditing tool. 


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 50 | Month: December | Year: 2017 | Release Date: 15/12/2017 | Edition: #200 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://robotattack.org/
Description: The ROBOT Attack.

URL: https://medium.com/bugbountywriteup/bug-bounty-fastmail-feeda67905f5
Description: Bug Bounty Fastmail - SSRF, XXE.

URL: https://goo.gl/v2uyi2 (+)
Description: How signing up for an account w/ an corp email can have unexpected results.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/Tencent/tinker
Description: Tinker is a hot-fix solution library for Android.

URL: https://github.com/mehulj94/BrainDamage
Description: A fully featured backdoor that uses Telegram as a C&C server.

URL: https://github.com/giMini/mimiDbg
Description: PowerShell oneliner to retrieve wdigest passwords from the memory.

URL: https://github.com/Siguza/v0rtex
Description: iOS IOSurface exploit root for A7-A9 devices <=10.3.3.

URL: https://github.com/003random/003Recon
Description: Scripts to automate some recon processes.

URL: https://github.com/Spajed/processrefund
More: https://github.com/hasherezade/process_doppelganging
Description: An attempt at Process Doppelgänging.

URL: https://github.com/JiaoXianjun/BTLE
Blog: https://sdr-x.github.io/BTLE-SNIFFER/
Description: A BTLE (Bluetooth Low energy) radio packet sniffer/scanner and sender.

URL: https://github.com/Intrinsec/comission
Description: CoMisSion is a tool to quickly analyze a CMS setup.

URL: https://github.com/453483289/dbghelp.js
Description: Windows dbghelp.dll wrapper for JS.

URL: https://github.com/CalebWhiting/java-asm-obfuscator
Description: Obfuscates compiled Java code to make it harder to reverse engineer.

URL: https://github.com/Cisco-Talos/Decept
Description: Yay, another network proxy.

URL: https://github.com/secrary/Hooking-via-InstrumentationCallback
Description: Hooking via InstrumentationCallback.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://www.pwntester.com/blog/2013/12/23/rce-via-xstream-object-deserialization38/
PoC: https://github.com/pwntester/XStreamServer
Description: RCE via XStream object deserialization.

URL: https://goo.gl/1knbkp (+)
Description: Exploiting an Arbitrary Hard Disk Read/Write Vulnerability Over NTFS.

URL: https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/
Description: Exploiting Word (CVE-2017-11826).

URL: https://lewisardern.github.io/2017/12/10/blind-xss/
Description: Ode To Blind XSS.

URL: https://benkowlab.blogspot.pt/2017/12/an-inside-view-of-password-stealer.html
Description: An inside view of a password stealer campaign.

URL: https://research.kudelskisecurity.com/2017/11/01/zigbee-security-basics-part-1/
Description: ZigBee Security - Basics.

URL: https://medium.com/@palantir/osquery-across-the-enterprise-3c3c9d13ec55
Repo: https://github.com/palantir/osquery-configuration
Description: OSQuery Across the Enterprise.

URL: https://symeonp.github.io/2017/09/17/fuzzing-winafl.html
Description: Fuzzing the MSXML6 library with WinAFL

URL: https://goo.gl/RchdtG (+)
Description: Multiple Joomla! Core XSS Vulnerabilities Are Discovered.

URL: https://goo.gl/GxynDa (+)
Description: Using DNS to Break Out of Isolated Networks in a AWS Cloud Environment.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://dnstrails.com
Description: The World's Largest Repository of historical DNS data.

URL: https://github.com/reinderien/mimic
Description: [ab]using Unicode to create tragedy.

URL: https://github.com/watson/airplanejs
Description: From ADS-B radio signals from airplanes to your browser.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 51 | Month: December | Year: 2017 | Release Date: 22/12/2017 | Edition: #201 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://medium.com/@shinkurt/exploiting-a-tricky-xss-in-zendesk-80bdeaea4dad
Description: Exploiting a tricky XSS in Zendesk.

URL: http://www.sxcurity.pro/2017/12/17/hackertarget/
Description: Hacking the Hackers - Leveraging an SSRF in HackerTarget.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/OsandaMalith/ApiMon
Description: A simple API monitor for Windbg.

URL: https://github.com/secrary/makin
Description: makin - Reveal anti-debug tricks.

URL: https://nyansatan.github.io/dualboot/
Description: iOS Dualboot.

URL: https://github.com/0xdea/tactical-exploitation
Description: Modern tactical exploitation toolkit.

URL: https://packettotal.com/
Description: Engine for analyzing, categorizing, and sharing .pcap files.

URL: https://github.com/elkokc/reflector/
Description: Burp plugin able to find reflected XSS in real-time while browsing.

URL: https://github.com/draios/sysdig-inspect/
Description: Interface for container troubleshooting and security investigation.

URL: https://github.com/peewpw/Invoke-PSImage
Description: Embeds a PS script in the pixels of a PNG and get a oneliner to exec.

URL: https://github.com/Cisco-Talos/mutiny-fuzzer
Description: Network fuzzer that operates by replaying PCAPs via a mutational fuzzer. 

URL: https://github.com/Hand-of-Cthulhu/rust-winapi-keylogger
Description: A rust keylogger for windows that saves encrypted logs on disk.

URL: https://bsdmag.org/freebsd-port-knocking-abdorrahman-homaei/
Description: FreeBSD Port-Knocking.

URL: https://github.com/wrinkl3/MineSweepR
Description: Detect embedded cryptocurrency miners based on CPU usage.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://www.talosintelligence.com/reports/TALOS-2017-0432
Description: Google PDFium TIFF Image Flate Decoder Code Execution Vulnerability.

URL: https://goo.gl/k67GVK (+)
PoC: https://github.com/odensc/janus
Description: Modify Android apps without affecting their signatures (CVE-2017-13156).

URL: http://riscy.business/2017/12/lenovos-unsecured-objects/
Description: Code Execution via Insecure Synaptics Section Objects.

URL: http://blog.blindspotsecurity.com/2017/12/advanced-sql-server-mitm-attacks.html
Description: Advanced SQL Server Man-in-the-Middle Attacks.

URL: https://goo.gl/7i24Kk (+)
Description: Elevation of Privilege vulnerability in QNX Qnet (CVE-2017-3891).

URL: https://msitpros.com/?p=3909
Description: Bypassing Device guard UMCI using CHM (CVE-2017-8625).

URL: http://www.alexlambert.com/2017/12/18/kernel-debugging-for-newbies.html
Description: Kernel debugging for newbies.

URL: https://goo.gl/KUrtkX (+)
Description: How I have exploited reflected self-XSS or CORS is not the end.

URL: https://www.twosixlabs.com/bluesteal-popping-gatt-safes/
Description: Remotely Cracking Bluetooth Enabled Gun Safes.

URL: http://blog.stratumsecurity.com/2016/06/13/websockets-auth/
Description: Journey into WebSockets Authentication/Authorization.

URL: https://goo.gl/EKsvWq (+)
Description: Bypassing OTR Signature Verification to Steal iCloud Keychain Secrets.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://wiki.postgresql.org/wiki/Sudoku_solver
Description: Sudoku solver in PostgreSQL.

URL: https://github.com/moul/sshportal
Description: Simple, fun and transparent SSH bastion.

URL: https://ha.cking.ch/s8_data_line_locator/
Description: Inside a low budget consumer hardware espionage implant.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 52 | Month: December | Year: 2017 | Release Date: 29/12/2017 | Edition: #202 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://blog.zsec.uk/subdomainhijack/
Description: My First CloudFront Domain Takeover/Hijack.

URL: https://hawkinsecurity.com/2017/12/13/rce-via-spring-engine-ssti/
Description: Yahoo! RCE via Spring Engine SSTI.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://www.cyberis.co.uk/burp_macros.html
Description: Creating Macros For Burp Suite.

URL: https://github.com/Ne0nd0g/merlin
Blog: https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a
Description: Post-exploitation HTTP/2 C&C server and agent written in golang.

URL: https://github.com/Hadesy2k/sqliv
Description: Massive SQL injection vulnerability scanner.

URL: https://github.com/Neo23x0/munin
Description: Online hash checker for Virustotal and other services.

URL: https://github.com/ernw/AndroTickler
Description: Penetration testing and auditing toolkit for Android apps.

URL: https://github.com/VerSprite/research/tree/master/exploits/VS-2017-001
Description: Dolphin Browser for Android Backup&Restore Arbitrary File Write.

URL: https://github.com/BrunoMCBraga/PympMyBinary
Description: Python tool to infect Windows binaries with shellcode.

URL: https://github.com/x0rz/phishing_catcher
Description: Phishing catcher using Certstream.

URL: https://github.com/bugbountyforum/XSS-Radar
Description: A Chrome extension for fast and easy XSS fuzzing.

URL: https://github.com/BryanSharp/hibeaver
Description: Android plugin for modifying your library jars byte code.

URL: https://github.com/ChrisMcMStone/spinner
Paper: http://www.cs.bham.ac.uk/~garciaf/publications/spinner.pdf
Description: Semi-Automatic Detection of Pinning without Hostname verification.

URL: https://github.com/gast04/r4ge
Description: radare2 Plugin to perform symbolic execution with a simple macro call.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://secrary.com/ReversingMalware/UnpackingShade/
Description: Unpacking Shade Ransomware.

URL: https://staaldraad.github.io/2017/12/20/netstat-without-netstat/
Description: netstat without netstat.

URL: https://goo.gl/NpBqrf (+)
Exploit: https://github.com/Cryptogenic/PS4-4.05-Kernel-Exploit
Description: PS4 "NamedObj" 4.05 Kernel Exploit Writeup.

URL: https://goo.gl/R5sLzw (+)
Description: ParseDroid - Targeting The Android Development & Research Community.

URL: https://lbarman.ch/blog/stack_smashing/
Description: A journey into stack smashing.

URL: https://lanrat.com/tethr/
Description: Tethr - Android Tethering Provisioning Check Bypass (CVE-2017-0554).

URL: http://blog.gaurangbhatnagar.com/2017/12/02/Hacking-a-dating-app.html
Description: Hacking a Dating App for Fun and Profit.

URL: https://laskowski-tech.com/2017/12/19/setting-up-a-honeypot-using-opencanary/
Description: Setting up a Honeypot using Opencanary.

URL: https://goo.gl/c3uMW2 (+)
Description: Leveraging web application vulnerabilities to steal NTLM hashes.

URL: https://qiita.com/_pochi/items/4e20e38deee16a7615e1
Description: Modify notepad.exe into a body without Java code (DLL Injection and Hooks). 

URL: https://www.fireeye.com/blog/threat-research/2017/05/gaining-root-on-lenovo-vibe.html
Description: Gaining Root on the Lenovo Vibe (CVE-2017-3750/3749/3748).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://sshtron.zachlatta.com/
Description: Multiplayer Tron in your terminal.

URL: https://gist.github.com/keo/00f20ef27eddcdae78ab
Description: Setup encrypted partition for Docker containers.

URL: https://github.com/danielmiessler/SecLists/pull/155
Description: Remove my password from lists so hackers won't be able to hack me #155.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 01 | Month: January | Year: 2018 | Release Date: 05/01/2018 | Edition: #203 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://meltdownattack.com/
More: https://goo.gl/Fn1viX (+)
Description: Meltdown and Spectre Bugs.

URL: http://blog.blackfan.ru/2018/01/polygooglecom-xss.html
Description: Clever XSS Vulnerability in poly.google.com.

URL: https://goo.gl/a3jJxR (+)
Description: The Good, The Bad and The Ugly of Safari in Client-Side Attacks.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://www.blackhillsinfosec.com/?p=5633
Description: Power Posing with PowerOPS (Pentest Tips&Tricks).

URL: https://github.com/google/ssl_logger
Description: Decrypts and logs a process's SSL traffic.

URL: https://github.com/quasar/QuasarRAT
Description: Remote Administration Tool for Windows.

URL: https://github.com/vanhauser-thc/thc-ipv6
Description: IPv6 attack toolkit.

URL: https://github.com/tienex/apfs
Description: Mount, dump and analyze APFS volumes and containers.

URL: https://github.com/nmalcolm/Inventus
Description: Spider designed to find subdomains of a specific domain.

URL: https://github.com/quarkslab/QBDI
Blog: https://qbdi.quarkslab.com/
Description: A Dynamic Binary Instrumentation framework based on LLVM. 

URL: https://github.com/wangyu-/udp2raw-tunnel
Description: A UDP Tunnel via FakeTCP/UDP/ICMP Traffic by using Raw Socket.

URL: https://github.com/nurupo/rootkit
Description: Linux rootkit for Ubuntu x86/x64 16.04/10.04 (Kernels 4.4.0/2.6.32).

URL: https://github.com/WiredPulse/PoSh-R2
Description: Set of WMI scripts that investigators and forensic analysts can use.

URL: https://github.com/bkerler/opencl_brute
Description: PBKDF2 SHA1 and SHA256 Bruteforce using OpenCL (GPU) and Python.

URL: https://github.com/smeso/MTPwn
Description: Arbitrary file R/W in locked Samsung Android via MTP (SVE-2017-10086).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://devco.re/blog/2017/12/11/Exim-RCE-advisory-CVE-2017-16943-en/
PoC: https://github.com/LetUsFsck/PoC-Exploit-Mirror/blob/master/CVE-2017-16944/poc.py
Description: Abusing Unsafe Memory Allocator in the Most Popular MTA (CVE-2017-16944).

URL: http://arnaucode.com/blog/coffeeminer-hacking-wifi-cryptocurrency-miner.html
Description: CoffeeMiner - Hacking WiFi to inject cryptocurrency miner to HTML requests.

URL: https://www.elttam.com.au/blog/goahead/
PoC: https://github.com/elttam/advisories/tree/master/CVE-2017-17562
Description: Remote LD_PRELOAD Exploitation (CVE-2017-17562).

URL: http://saleemrashid.com/2017/08/17/extracting-trezor-secrets-sram/
Description: Extracting TREZOR secrets from SRAM.

URL: https://github.com/xairy/linux-kernel-exploitation
Description: A bunch of links related to Linux kernel fuzzing and exploitation.

URL: https://goo.gl/iyryvz (+)
Description: Windows DMA Attacks - Gaining SYSTEM shells using a generic patch.

URL: https://github.com/CHEF-KOCH/Android-Vulnerabilities-Overview
Description: An small overview of known Android vulnerabilities.

URL: https://goo.gl/MPbfyS (+)
Description: All you need to know about SSRF and how may we write tools to do auto-detect.

URL: https://objective-see.com/blog/blog_0x22.html
Description: Reversing an av engine to compose signatures to detect classified documents.

URL: https://goo.gl/BdbbZg (+)
Description: Escaping from Restricted Shell and Gaining Root in SolarWinds Log&Event M. (SIEM).

URL: https://0x0.li/trackmageddon/
Description: Multiple vulnerabilities in online services of (GPS) location tracking devices.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://damow.net/building-a-thermal-camera/
Description: Building a Thermal Camera.

URL: https://ml-cheatsheet.readthedocs.io/en/latest/index.html
Description: Machine Learning Cheatsheet.

URL: https://github.com/EdOverflow/bug-bounty-responses
Description: A collection of response templates for invalid bug bounty reports.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 02 | Month: January | Year: 2018 | Release Date: 12/01/2018 | Edition: #204 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://cr0n1c.wordpress.com/2018/01/08/exploiting-cheap-labor/
Description: Exploiting cheap labor! For D-Link lovers.

URL: https://rcoh.me/posts/two-factor-auth/
Description: Demystifying Two Factor Auth.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/gchaincl/httplab
Description: HTTPLabs let you inspect HTTP requests and forge responses.

URL: https://github.com/Arno0x/DNSExfiltrator
Description: Data exfiltration over DNS request covert channel.

URL: https://www.xorrior.com/In-Memory-Python-Imports/
Description: In Memory Imports with (Python) Empire (Pentest Tips&Tricks).

URL: https://github.com/ptresearch/unME11
Related: http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
Description: Intel ME 11.x Firmware Images Unpacker.

URL: https://github.com/Dionach/reposcanner
Description: Python script to scan Git repos for interesting strings.

URL: https://github.com/artkond/cisco-snmp-rce
Description: Cisco IOS SNMP Remote Code Execution PoC (CVE-2017-6736).

URL: https://github.com/hlldz/wildPwn
Description: Brute forcer and shell deployer for WildFly.

URL: https://github.com/rxwx/CVE-2017-8570
Description: Proof of Concept exploit for CVE-2017-8570.

URL: https://github.com/austin-taylor/VulnWhisperer
Description: VulnWhisperer is a vulnerability data and report aggregator. 

URL: https://github.com/emptymonkey/shelljack
More: https://github.com/JusticeRage/freedomfighting/blob/master/autojack.py
Description: A tool for man-in-the-middle pseudoterminal injection in Linux.

URL: https://github.com/bkerler/dump_avb_signature
Description: Dump/Verify Android Verified Boot Signature Hash.

URL: https://github.com/almandin/fuxploider
Description: File upload vulnerability scanner and exploitation tool.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://nickbloor.co.uk/2018/01/01/rce-with-bmc-server-automation/
Description: Remote Code Execution with BMC Server Automation.

URL: https://siguza.github.io/IOHIDeous/
Description: IOHIDeous - IOHIDFamily once again (macOS-only vulnerability).

URL: http://www.sxcurity.pro/2017/11/27/tricky-CORS/
Description: Tricky CORS Bypass in Yahoo! View.

URL: https://wpshout.com/complete-guide-sanitizing-escaping/
Description: Preventing XSS Attacks in WordPress - Complete Guide.

URL: https://goo.gl/MGEbmE (+)
PoC: https://github.com/nixawk/labs/tree/master/CVE-2017-17411
Description: Remote Root in DirecTV's Wireless Video Bridge - Linksys WVBR0-25.

URL: https://www.anquanke.com/post/id/94210
Description: Microsoft fixes the first Office 0day vulnerability (CVE-2018-0802).

URL: http://www.shelliscoming.com/2017/05/post-exploitation-mounting-vmdk-files.html
Description: Mounting vmdk files from Meterpreter - Post-exploitation.

URL: http://blog.en.elevenpaths.com/2017/12/breaking-out-hsts-and-hpkp-on-firefox.html
Slides: https://goo.gl/a5eDYy (+)
Description: Breaking Out HSTS (and HPKP) on Firefox, IE/Edge and (possibly) Chrome.

URL: https://www.digitalinterruption.com/single-post/2018/01/04/ToyTalkBugBountyWriteup
Description: "F**k you Thomas" - ToyTalk bug bounty writeup.

URL: https://medium.com/@palantir/alerting-and-detection-strategy-framework-52dc33722df2
Description: Alerting and Detection Strategy (ADS) Framework.

URL: https://goo.gl/Nkrdni (+)
Description: Exploiting MS16-145 - MS Edge TypedArray.sort Use-After-Free (CVE-2016-7288).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://iknowwhatyoudownload.com/
Description: I know what you download.

URL: https://www.zachaysan.com/writing/2017-12-30-zero-width-characters
Description: Zero-Width Characters.

URL: https://blog.kintoandar.com/2018/01/Building-healthier-containers.html
Description: Building healthier containers.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 03 | Month: January | Year: 2018 | Release Date: 19/01/2018 | Edition: #205 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://blog.xpnsec.com/evernote-webclipper-uxss/
Description: Universal XSS via Evernote WebClipper.

URL: http://www.sxcurity.pro/2018/01/11/chaining-yahoo-bugs/
Description: Chaining Bugs to Steal Yahoo Contacts!

URL: https://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf
Description: Hacking Facebook accounts using CSRF in Oculus-Facebook integration.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/sysdream/hershell
Description: Simple TCP reverse shell written in Go.

URL: https://github.com/cyberark/shimit
Description: A tool that implements the Golden SAML attack.

URL: https://github.com/UltimateHackers/Cloak
Description: Cloak can backdoor any python script with some tricks.

URL: https://github.com/DanMcInerney/icebreaker
Description: Gets plaintext AD credentials if you're on the internal network.

URL: https://github.com/GraxCode/ReverseCrypt
Description: Tool to extract jar archives crypted by various java-crypters.

URL: https://gist.github.com/singe/cba85800dd6e701c53d0614d8506b281
Blog: https://medium.com/@notsinge/cheap-scriptable-web-interactions-dbd7c19c664d
Description: Cheap Scriptable Web Interactions.

URL: https://github.com/rxwx/CVE-2018-0802
Related: https://goo.gl/bMWwPR (+)
Description: PoC Exploit for CVE-2018-0802 (and optionally CVE-2017-11882).

URL: https://github.com/giMini/PowerMemory/
Description: Exploit the credentials present in files and memory.

URL: https://github.com/Ekultek/WhatWaf
Description: Detect and bypass web application firewalls and protection systems.

URL: https://github.com/jbremer/httpreplay
Description: Replay HTTP and HTTPS requests from a PCAP based on TLS Master Secrets.

URL: https://github.com/chrisk44/Hijacker
Description: Aircrack, Airodump, Aireplay, MDK3 and Reaver GUI App for Android.

URL: https://github.com/james-proxy/james
Description: Web Debugging Proxy Application (open-source alternative to Charles).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/aXGp9i (+)
Description: Nylas Mail Command Injection on macOS.

URL: https://www.nvteh.com/news/problems-with-public-ebs-snapshots
Description: Introduction to Public AWS EBS Snapshots.

URL: https://goo.gl/kw77MT (+)
Description: Abusing Microsoft Word Features for Phishing - "subDoc".

URL: https://duo.com/blog/understanding-bluetooth-security
Related: https://goo.gl/3EwMsn (+)
Description: Understanding Bluetooth Security.

URL: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/
Description: mitm6 – Compromising IPv4 networks via IPv6.

URL: https://goo.gl/tzHsjA (+)
Description: The journey of exploiting a Sharepoint vulnerability.

URL: https://johanengelen.github.io/ldc/2018/01/14/Fuzzing-with-LDC.html
Description: Fuzzing D code with LDC.

URL: https://klikki.fi/adv/formidable.html
Description: Formidable Forms vulnerabilities (WordPress plugin).

URL: https://dhavalkapil.com/blogs/FILE-Structure-Exploitation/
Description: FILE Structure Exploitation ('vtable' check bypass).

URL: https://goo.gl/qgb6YU (+)
Description: How to extract data and timeline from Master File Table on NTFS FS.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://www.keras4kindergartners.com/
Description: Will Your Child Get Into Harvard?

URL: https://github.com/satnogs/gr-satnogs
Description: SatNOGS GNU Radio Out-Of-Tree Module.

URL: https://blog.benjojo.co.uk/post/dns-filesystem-true-cloud-storage-dnsfs
Description: DNSFS Store your files in others DNS resolver caches.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 04 | Month: January | Year: 2018 | Release Date: 26/01/2018 | Edition: #206 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/
Description: Upgrade from LFI to RCE via PHP Sessions.

URL: http://blog.orange.tw/2018/01/php-cve-2018-5711-hanging-websites-by.html
Description: PHP - Hanging Websites by a Harmful GIF (CVE-2018-5711).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/vusec/vuzzer
Description: Application-aware Evolutionary Fuzzing.

URL: http://az4n6.blogspot.pt/2018/01/mounting-apfs-image-in-linux.html
Description: Mounting an APFS image in Linux.

URL: https://github.com/capsule8/capsule8/
Description: Open-source cloud-native behavioral security monitoring.

URL: https://github.com/cclabsInc/RFCrack
Description: A Software Defined Radio Attack Tool.

URL: https://github.com/D4Vinci/One-Lin3r
Description: Gives you one-liners that aids in penetration testing operations.

URL: https://github.com/mindedsecurity/JStillery
Description: Advanced JavaScript Deobfuscation via Partial Evaluation.

URL: https://github.com/dotnet-security-guard/roslyn-security-guard
Description: Roslyn analyzers that aim to help security audit on .NET applications. 

URL: https://github.com/brouhaha/mac-encheez
Description: Run a program with a modified view of network MAC addresses.

URL: https://diablohorn.com/2017/10/26/port-scanning-without-an-ip-address/
Description: Port scanning without an IP address.

URL: https://github.com/rehh86/BeautifulSky
Description: W32/W64 cross-platform x86/x64 code base for (my) PoC self-replicators. 

URL: https://github.com/ThunderCls/xAnalyzer
Description: Analyzer is a plugin for the x86/x64 x64dbg debugger.

URL: https://pseudolaboratories.github.io/DarkComet-upload-vulnerability/
Description: DarkComet’s C&C upload vulnerability.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://pentesterslife.blog/2017/11/24/x64-egg-hunting-in-linux-systems/
Description: x64 Egg hunting in Linux systems.

URL: https://github.com/yellowbyte/reverse-engineering-reference-manual
Description: Reverse Engineering Reference Manual (beta).

URL: https://franklinta.com/2014/08/31/predicting-the-next-math-random-in-java/
Description: Predicting the next Math.random() in Java (Oldies).

URL: https://blog.zsec.uk/out-of-band-xxe-2/
Description: XXE - Things Are Getting Out of Band.

URL: https://goo.gl/tDcRZs (+)
Description: Load Alternate Data Stream (ADS) DLL/CPL Binaries to Bypass AppLocker.

URL: https://whereisk0shl.top/post/2018-01-17
PoC: https://github.com/k0keoyo/Dark_Composition_case_study_Integer_Overflow
Description: Dark Composition kernel exploitation Case Study - Integer Overflow.

URL: https://klikki.fi/adv/wpgform.html
Description: Google Forms (WordPress plugin) SSRF vulnerability.

URL: https://github.com/sgayou/medfusion-4000-research/blob/master/doc/README.md
Description: Remote Code Execution on the Smiths Medical Medfusion 4000.

URL: https://ownyourbits.com/2017/10/29/sandbox-your-applications-with-firejail/
Description: Sandbox your applications with Firejail.

URL: https://blogs.securiteam.com/index.php/archives/3649
Description: Oracle VirtualBox Multiple Guest to Host Escape Vuln (CVE-2018-2698).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://makecode.com/
Description: Microsoft MakeCode.

URL: https://startyourownisp.com/
Description: Start Your Own ISP.

URL: http://nullprogram.com/blog/2014/12/23/
Description: Interactive Programming in C.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 05 | Month: February | Year: 2018 | Release Date: 02/02/2018 | Edition: #207 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://blog.jr0ch17.com//2018/No-RCE-then-SSH-to-the-box/
Description: No RCE? Then SSH to the box!

URL: https://goo.gl/e4HC7r (+)
Description: Full Account Takeover through CORS with connection Sockets.

URL: http://whitehatstories.blogspot.in/2018/01/how-i-could-have-hacked-facebook.html
Description: How I could have hacked Facebook Analytics to view any FB page's Analytics.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/SigPloiter/GTScan
Description: The Nmap Scanner for Telco.

URL: https://github.com/p3nt4/Invoke-SocksProxy
Description: Socks proxy server using powershell.

URL: https://github.com/integrity-sa/droidstatx
Slides: https://goo.gl/ptcfsa (+)
Description: Droidstat-X, Android Applications Security Analyser Xmind Generator.

URL: https://github.com/dev-sec
Description: Security + DevOps - Automatic Server Hardening.

URL: https://github.com/Screetsec/Vegile
Description: Tool for Post exploitation Techniques in Linux.

URL: https://github.com/m8r0wn/enumdb
Description: MySQL and MSSQL brute force and post exploitation tool.

URL: https://github.com/sevagas/macro_pack
Description: Tool to automatize obfuscation and generation of MS Office documents.

URL: https://homjxi0e.wordpress.com/2018/01/20/whitelisting-bypassing-using-netsh-exec/
Description: Whitelisting/Bypassing Using Netsh-Exec.

URL: http://www.sploitspren.com/2018-01-26-Windows-Privilege-Escalation-Guide/
Description: Windows Privilege Escalation Guide.

URL: https://github.com/pwntester/ysoserial.net
Description: Deserialization payload generator for a variety of .NET formatters.

URL: https://github.com/thehappydinoa/iOSRestrictionBruteForce
Description: Crack iOS Restriction Passcodes with Python (iOS Passcode Brute Force).

URL: https://github.com/cryptax/androidre
Description: This is a docker image for reverse engineering of Android applications.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
Tool: https://github.com/google/honggfuzz/
Description: Fuzzing TCP servers.

URL: https://goo.gl/7QyUuJ (+)
Description: RDP hijacking - How to hijack RDS and RemoteApp sessions transparently.

URL: https://goo.gl/Wtt6CB (+)
Description: Linux Heap Exploitation Intro Series - (BONUS) printf might be leaking!

URL: https://goo.gl/UGB2Ce (+)
Description: Azure CSV Injection Vulnerability.

URL: https://depthsecurity.com/blog/exploiting-custom-template-engines
Description: Exploiting Custom Template Engines.

URL: https://www.codemetrix.net/when-your-dns-leaks-your-infrastructure/
Description: When your DNS leaks your infrastructure.

URL: https://sqlwiki.netspi.com/
Description: NetSPI SQL Injection Wiki.

URL: https://bazad.github.io/2017/09/live-kernel-introspection-ios/
Description: Live kernel introspection on iOS.

URL: http://blog.ptsecurity.com/2018/01/running-unsigned-code-in-intel-me.html
Description: How to Hack a Turned-off Computer, or Running Unsigned Code in Intel ME.

URL: https://goo.gl/K7hbDW (+)
Description: Using WebSockets and IE/Edge for C2 communications.

URL: https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip
Description: 7Zip - Multiple Mem. Corruptions via RAR and ZIP (CVE-2018-5996/CVE-2017-17969).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/relativty/Relativ
Description: Build your own VR headset for $100.

URL: http://ponzicoin.co/home.html
Description: The World's First Legitimate Ponzi Scheme.

URL: https://ponnuki.net/2012/09/kindleberry-pi/
Description: KindleBerry Pi.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 06 | Month: February | Year: 2018 | Release Date: 09/02/2018 | Edition: #208 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://ahussam.me/Amazon-leaking-csrf-token-using-service-worker/
Description: Leaking Amazon.com CSRF Tokens Using Service Worker API.

URL: https://github.com/dxa4481/cssInjection
Description: Stealing CSRF tokens with CSS injection (without iFrames).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/meliht/mr.sip
Description: SIP-Based Audit and Attack Tool.

URL: https://github.com/IOActive/XDiFF
Paper: https://goo.gl/ogrXE2 (+)
Description: Extended Differential Fuzzing Framework.

URL: https://github.com/levyitay/AddSecurityExceptionAndroid
Description: Add Security Exception to APK.

URL: https://inteltechniques.com/buscador/
Description: Buscador Investigative Operating System (OSINT VM).

URL: https://github.com/artkond/ios_mips_gdb
Description: Cisco IOS MIPS GDB remote serial protocol implementation.

URL: https://github.com/gen2brain/url2img
Description: HTTP server with API for capturing screenshots of websites.

URL: https://xorl.wordpress.com/2018/02/04/ssh-hijacking-for-lateral-movement/
Description: SSH Hijacking for lateral movement.

URL: https://github.com/rk700/VirtualHook
Description: Android application hooking tool based on VirtualApp.

URL: https://github.com/WiPi-Hunter/PiDense
Description: Monitor illegal wireless network activities aka Fake Access Points.

URL: https://github.com/mthbernardes/rsg
Description: ReverShellGenerator - Tool to generate various ways to do a reverse shell.

URL: https://github.com/tandasat/DotNetHooking
Description: This project demonstrates how to use the .NET native code hooking technique.

URL: https://github.com/nsmfoo/antivmdetection
Description: Script to create templates to use w/ VirtualBox to make VM detection harder.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://blog.tarq.io/vestacp-root-privilege-escalation/
Description: VestaCP - Root Privilege Escalation.

URL: https://xorl.wordpress.com/2017/11/20/reverse-engineering-isdebuggerpresent/
Description: Reverse Engineering isDebuggerPresent().

URL: https://goo.gl/8pqJek (+)
Description: Exploiting CSRF on JSON endpoints with Flash and redirects.

URL: https://goo.gl/646izH (+)
Description: Studying APK Reverse Eng. by breaking the anonymity of BlindSpot app.

URL: http://trackwatch.com/windows-kernel-pool-spraying/
PoC: https://github.com/cbayet/PoolSprayer
Description: Windows Kernel Pool Spraying.

URL: https://goo.gl/8JYRYz (+)
Description: Paperclip's Server Side Request Forgery (SSRF) vulnerability (CVE-2017–0889).

URL: https://thatoddmailbox.github.io/2017/01/28/iotaseed.html
Description: How a malicious seed generation website stole $4 million.

URL: https://goo.gl/V3dMKJ (+)
Description: I'm harvesting credit card numbers and passwords from your site. Here’s how.

URL: https://www.n00py.io/2017/01/removing-backdoors-powershell-empire-edition/
Description: Removing Backdoors – Powershell Empire Edition.

URL: http://www.paulosyibelo.com/2018/02/hotspot-shield-cve-2018-6460-sensitive.html
Description: Hotspot Shield - Sensitive Info Disclosure w/ XSSI & DNS Rebinding (CVE-2018-6460).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://jsnes.fir.sh/
Description: A JavaScript NES emulator.

URL: https://x8x.net/2017/11/19/home-alarm-vs-bus-pirate/
Description: Home Alarm vs Bus Pirate.

URL: https://diagprov.ch/posts/2017/03/a-polyglot-mbrpdfjarzip-cv.html
Description: A polyglot MBR/PDF/JAR/ZIP CV.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 07 | Month: February | Year: 2018 | Release Date: 16/02/2018 | Edition: #209 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://blog.jensec.co/clickjacking-in-google-root-picker/
Description: ClickJacking In Google Root picker - A Successful Bug-chase.

URL: https://sites.google.com/site/testsitehacking/-7-5k-Google-services-mix-up
Related: https://sites.google.com/site/testsitehacking/-5k-service-dependencies
Description: Google services mix-up (Bug Bounty).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/B4ckP0r7/RogueSploit
Description: Powerfull social engeering Wi-Fi trap! 

URL: https://github.com/tomsteele/blacksheepwall
Description: Blacksheepwall is a hostname reconnaissance tool.

URL: https://github.com/jivoi/awesome-osint
Description: A curated list of amazingly awesome OSINT.

URL: https://github.com/ParsingTeam/TeleShadow2
Description: TeleShadow - Telegram Desktop Session Stealer (Windows).

URL: https://github.com/sevagas/swap_digger
Blog: http://blog.sevagas.com/?Digging-passwords-in-Linux-swap
Description: Digging passwords in Linux swap.

URL: https://github.com/modzero/modjoda
Description: Android Java Deserialization Vulnerability Tester.

URL: https://gist.github.com/PseudoLaboratories/260b6f24844785aacc1e2fb61dd05c01
Blog: https://pseudolaboratories.github.io/DarkComet-upload-vulnerability/
Description: DarkComet upload vulnerability.

URL: https://github.com/christophetd/censys-subdomain-finder
Description: Subdomain enumeration using the certificate transparency logs from Censys.

URL: https://github.com/cyberark/ketshash
Description: Detect suspicious privileged NTLM connections (Pass-The-Hash) on event viewer.

URL: https://github.com/vincentcox/StaCoAn
Description: StaCoAn is a crossplatform tool for static code analysis on mobile apps.

URL: https://github.com/landscapeio/prospector
Description: Analyse Python code and output info. about errors, potential problems and more.

URL: https://goo.gl/si8EhL (+)
Description: Enumerating files using Server Side Request Forgery and the request module.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/21Vtnp (+)
Slides: https://goo.gl/jdss9r (+)
Description: Predicting Random Numbers in Ethereum Smart Contracts.

URL: https://mohemiv.com/all/evil-xml/
Description: Evil XML with two encodings.

URL: http://sploit3r.xyz/blueborne-exploitation-nexus-4/
Description: BlueBorne exploitation on Nexus 4.

URL: http://www.greyhathacker.net/?p=1006
Description: Exploiting System Shield AntiVirus (CVE-2018-5701).

URL: https://x-c3ll.github.io/posts/javascript-antidebugging/
Description: JavaScript AntiDebugging Tricks.

URL: https://osandamalith.com/2018/02/11/mysql-udf-exploitation/
Description: MySQL UDF Exploitation.

URL: http://baraktawily.blogspot.pt/2018/02/how-to-dos-29-of-world-wide-websites.html
PoC: https://github.com/quitten/doser.py
Description: How to DoS 29% of the World Wide Websites (CVE-2018-6389).

URL: https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/
Description: Libc Realpath Buffer Underflow (CVE-2018-1000001).

URL: https://www.cybereason.com/blog/new-lateral-movement-techniques-abuse-dcom-technology
Related: https://attactics.org/2018/02/03/lateral-movement-with-powerpoint-and-dcom/
Description: New lateral movement techniques abuse DCOM technology.

URL: https://www.secforce.com/blog/2014/02/from-cvs-import-to-cmd-exe-via-sql-injection/
Description: From CVS import to cmd.exe – via SQL injection.

URL: https://blog.pnb.io/2018/02/bruteforcing-linux-full-disk-encryption.html
Description: Bruteforcing Linux Full Disk Encryption (LUKS) w/ hashcat - The Forensic way! 

URL: http://sandboxescaper.blogspot.pt/2018/02/how-to-escape-sandboxes-without.html
Description: How to escape sandboxes without technical skills!.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://www.tomanthony.co.uk/blog/googlebot-javascript-random/
Description: Googlebot's Javascript random() function is deterministic.

URL: https://transfer.sh/
Description: Easy file sharing from the command line.

URL: http://0x90909090.blogspot.pt/2015/07/no-one-expect-command-execution.html
Description: No one expect command execution!


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 08 | Month: February | Year: 2018 | Release Date: 23/02/2018 | Edition: #210 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://bughunt1307.herokuapp.com/googlebugs.html
Description: Google bugs stories and the shiny pixelbook.

URL: https://bugs.chromium.org/p/project-zero/issues/detail?id=1524
Description: uTorrent Nightmare via JSON-RPC (RCE, Information Disclosure, etc).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/truekonrads/bigear/
Description: Opening CobaltStrike to a wider world.

URL: https://github.com/viraintel/OWASP-Nettacker
Description: Automated Penetration Testing Framework.

URL: https://github.com/rk700/YAHFA
Description: YAHFA is a hook framework for Android ART.

URL: https://github.com/kvesel/zipbrk
Description: Zip file format fuzzer and multi-tool.

URL: http://woshub.com/port-forwarding-in-windows/
Description: Port Forwarding in Windows.

URL: https://github.com/desowin/usbpcap
Description: USB packet capture for Windows.

URL: https://github.com/Col-E/Recaf/
Description: A modern Java bytecode editor.

URL: https://github.com/vysec/CVE-2018-4878
More: https://github.com/mdsecactivebreach/CVE-2018-4878
Description: Aggressor Script to launch IE driveby for CVE-2018-4878.

URL: https://github.com/Coalfire-Research/sqlinator
Description: Forward HTTP GET & POST requests to SQLMap's API to test for SQLi and XSS.

URL: https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure
Description: LibreOffice remote arbitrary file disclosure vulnerability (CVE-2018-6871).

URL: https://github.com/maxchehab/CSS-Keylogging
Description: Chrome extension and Express server to exploit keylogging ability of CSS.

URL: https://github.com/malfunkt/hyperfox
Description: HTTP/HTTPs MiTM proxy and traffic recorder w/ on-the-fly TLS cert generation. 


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://malpedia.caad.fkie.fraunhofer.de/
Description: Malware resource for rapid identification and actionable context.

URL: https://goo.gl/MEEp3F (+)
Description: Sysinternals Sysmon suspicious activity guide.

URL: https://0x00sec.org/t/malware-reversing-burpsuite-keygen/5167
Description: Malware Reversing - Burpsuite Keygen.

URL: https://medium.com/@petergombos/lm-ntlm-net-ntlmv2-oh-my-a9b235c58ed4
Description: LM, NTLM, Net-NTLMv2, oh my!

URL: http://riscy.business/2018/02/ida-remote-execution/
Description: IDA double click RCE.

URL: http://konukoii.com/blog/2018/02/16/5-min-tutorial-root-via-uart/
Description: Gaining Root via UART.

URL: https://zachgrace.com/2018/02/20/cobalt_strike_redirectors.html
Description: Hybrid Cobalt Strike Redirectors.

URL: https://medium.com/@europa_/recoinnassance-7840824b9ef2
Description: Reconnaissance - a eulogy in three acts.

URL: http://blog.frizn.fr/glibc/glibc-heap-to-rip
Description: Getting code execution from pure glibc heap mechanics.

URL: https://textslashplain.com/2018/02/14/understanding-the-limitations-of-https/
Description: Understanding the Limitations of HTTPS.

URL: https://medium.com/@appmattus/android-security-ssl-pinning-1db8acb6621e
Description: Android Security - SSL Pinning.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://ipx.ac/run
Description: IP info and leak test suite.

URL: https://github.com/octref/polacode
Description: Polaroid for your code.

URL: https://ide.onelang.io/
Description: Write code in 11 languages at the same time!


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 09 | Month: March | Year: 2018 | Release Date: 02/03/2018 | Edition: #211  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/LAUsok (+)
Description: I figured out a way to hack any of Facebook's 2 billion accounts.

URL: https://slashcrypto.org/2018/02/27/TenX_Account_Takeover/
Description: Steal Funds from TenX Users – Just Another Bug Bounty Story.

URL: https://hackerone.com/reports/303061
Description: RCE using bash command injection on /system/images.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/decoder-it/psgetsystem
Blog: https://decoder.cloud/2018/02/02/getting-system/ 
Description: Get SYSTEM with a standalone .ps1 using the "parent process" technique.

URL: https://github.com/SECFORCE/Tunna
Description: Set of tools which will wrap and tunnel any TCP communication over HTTP. 

URL: https://github.com/0xM3R/cgPwn
Description: A lightweight VM for hardware hacking, RE and wargaming tasks.

URL: https://github.com/uber-common/metta
Description: An information security preparedness tool to do adversarial simulation.

URL: https://github.com/Marten4n6/EvilOSX
Description: Python post-exploitation RAT (Remote Administration Tool) for macOS.

URL: https://github.com/DNS-OARC/dnsjit
Description: Engine for capturing, parsing and replaying DNS.

URL: https://github.com/Mister2Tone/metasploit-webapp
Description: Metasploit framework via HTTP services.

URL: https://github.com/hfiref0x/Stryker
Description: Multi-purpose proof-of-concept tool based on CPU-Z (CVE-2017-15303).

URL: https://github.com/hdm/nextnet
Description: Nextnet is a pivot point discovery tool written in Go.

URL: https://github.com/dkhuuthe/MADLIRA
Description: Malware detection using learning and information retrieval for Android.

URL: https://github.com/dotboris/vuejs-serverside-template-xss
Description: Vue.js app that mixes both clientside/serverside templates leading to XSS.

URL: https://goo.gl/NnoZPp (+)
Description: Bypassing CSRF tokens with Python's CGIHTTPServer.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/YjRkGK (+)
Description: Improper ticket activation checks in corethree mTicket applications.

URL: http://jsyang.ca/hacks/gear-vr-rev-eng/
Description: Gear VR Controller Reverse Engineering.

URL: https://nickbloor.co.uk/2018/02/28/popping-wordpress/
PoC: https://github.com/NickstaDB/PoC
Description: POPping WordPress.

URL: http://agrrrdog.blogspot.pt/2018/01/java-deserialization-misusing-ojdbc-for.html
Description: Java Deserialization: Misusing OJDBC for SSRF.

URL: http://www.freebuf.com/articles/terminal/160041.html
Description: Vulnerability Analysis and Utilization - Root Android 7.x (CVE-2017-8890).

URL: https://tunnelshade.in/blog/2018/01/afl-internals-compile-time-instrumentation/
Description: Internals of AFL fuzzer - Compile Time Instrumentation.

URL: https://krbtgt.pw/smbv3-null-pointer-dereference-vulnerability/
PoC: https://github.com/KINGSABRI/CVE-in-Ruby/tree/master/CVE-2018-0833
Description: SMBv3 Null Pointer Dereference vulnerability (CVE-2018-0833).

URL: http://blog.ptsecurity.com/2018/02/new-bypass-and-protection-techniques.html
Description: New bypass and protection techniques for ASLR on Linux.

URL: https://www.mike-gualtieri.com/posts/stealing-data-with-css-attack-and-defense
Description: Stealing Data With CSS - Attack and Defense.

URL: https://disconnect3d.pl/2018/02/24/log-injection-aka-tailing-logs-is-unsafe/
Description: Logs injection or why is logs tailing unsafe.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://waveforms.surge.sh/waveforms-intro
Description: Let's Learn About Waveforms.

URL: https://medium.com/@malcomvetter/responsible-red-teams-1c6209fd43cc
Description: Responsible Red Teams.

URL: https://github.com/khrome/ascii-art
Description: Node.js lib for ansi codes, figlet fonts, ascii art and others.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 10 | Month: March | Year: 2018 | Release Date: 09/03/2018 | Edition: #212  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://goo.gl/eSAL6F (+)
Description: How I hacked Tinder accounts using Facebook's Account Kit.

URL: https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html
Description: Stored XSS, and SSRF in Google using the Dataset Publishing Language.

URL: https://goo.gl/epujHQ (+)
Description: Bypassing Google's authentication to access their Internal Admin panels.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/snooze6/FiOS
Description: FiOS - new iOS pentesting tool based on Frida.

URL: https://github.com/sa7mon/S3Scanner
Description: Scan for open S3 buckets and dump.

URL: https://zeltser.com/analyzing-malicious-documents/
Description: Analyzing Malicious Documents Cheat Sheet.

URL: https://github.com/agustingianni/symrepl
Description: Small REPL tool to investigate symbols inside binaries.

URL: https://github.com/JPCERTCC/impfuzzy
Blog: http://blog.jpcert.or.jp/2016/12/a-new-tool-to-d-d6bc.html
Description: Impfuzzy is Fuzzy Hash calculated from import API of PE files.

URL: https://github.com/Viralmaniar/Passhunt
Description: Passhunt is a simple tool for searching of default credentials.

URL: https://github.com/ajinabraham/Droid-Application-Fuzz-Framework
Description: Android application fuzzing framework with fuzzers and crash monitor.

URL: https://github.com/jacob-baines/longtime-sunshine
Description: Nashorn (JS engine that Oracle introduced in Java 8) Post Exploitation.

URL: https://github.com/UnaPibaGeek/ctfr
Description: Abusing Certificate Transparency logs to get HTTPS websites subdomains.

URL: https://github.com/responsibleD/memcached-PoC
More: https://github.com/649/Memcrashed-DDoS-Exploit/
Description: Memcached PoC for amplification via spoofed UDP packets (CVE-2018-1000115).

URL: https://github.com/mdsecactivebreach/SharpShooter
Blog: https://www.mdsec.co.uk/2018/03/payload-generation-using-sharpshooter/
Description: Framework for the retrieval and execution of arbitrary CSharp source code.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/46qXeQ (+)
Description: Gaining Domain Admin from Outside Active Directory.

URL: https://heap-exploitation.dhavalkapil.com/
Description: Heap Exploitation.

URL: https://github.com/iDaN5x/Switcheroo/wiki/Article
Description: Exploiting CVE-2016-4657 to Jailbreak the Nintendo Switch.

URL: https://goo.gl/S4zdcJ (+)
More: http://bit.ly/2HKMTRV (+)
Description: Exim Off-by-one Remote Code Execution (CVE-2018-6789).

URL: https://erpscan.com/press-center/blog/adapting-hashcat-for-sap-half-hashes/
Description: Adapting hashcat for SAP 'half hashes'.

URL: https://goo.gl/iNxWA1 (+)
PoC: https://github.com/zodiacon/InterceptionDemo
Description: Intercepting COM Objects with CoGetInterceptor.

URL: https://blog.varonis.com/understanding-malware-free-hacking-part/
Description: Adventures in Malware-Free Hacking, Series.

URL: https://bazad.github.io/2018/03/a-fun-xnu-infoleak/
Description: A fun XNU infoleak (CVE-2017-13868).

URL: https://arxiv.org/pdf/1710.08864.pdf
PoC: https://github.com/Hyperparticle/one-pixel-attack-keras
Description: One pixel attack for fooling deep neural networks.

URL: https://osandamalith.com/2018/02/01/exploiting-format-strings-in-windows/
Description: Exploiting Format Strings in Windows.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://hackmd.io/s/rJ-3VKNPG
Description: Awesome DarkWeb Research.

URL: https://github.com/erroneousboat/slack-term
Description: Slack client for your terminal.

URL: http://blog.koehntopp.info/index.php/3075-how-not-to-run-a-ca/
Description: How not to run a CA.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 11 | Month: March | Year: 2018 | Release Date: 16/03/2018 | Edition: #213  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://lightningsecurity.io/blog/bypassing-payments-using-webhooks/
Description: Bypassing Payments Using Webhooks.

URL: https://www.josipfranjkovic.com/blog/facebook-friendlist-paymentcard-leak
Description: Getting any Facebook user's friend list and partial payment card details.

URL: https://labs.detectify.com/2018/03/14/graphql-abuse/
Description: Bypass account level permissions through parameter smuggling (GraphQL).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/rani-i/bluetoothdPoC
Blog: https://goo.gl/4RvH9T (+)
Description: Escaping the sandbox by misleading bluetoothd (CVE-2018-4087).

URL: https://github.com/Proteas/unstripped-ios-kernels
Description: Kernels of iOS 11.0 with all debug symbols!

URL: https://github.com/BigNerd95/Chimay-Red
Description: Working POC of Mikrotik exploit from Vault 7 CIA Leaks.

URL: https://github.com/CoolerVoid/rootstealer
Related: https://github.com/xfee/vbg
Description: Spy all GUI windows interactions and inject commands only in root terms.

URL: https://github.com/merrychap/shellen
Description: Interactive shellcoding environment to easily craft shellcodes.

URL: https://github.com/brompwnie/uitkyk
Description: Android Frida library to hunt Android Malware.

URL: https://github.com/erpscanteam/CVE-2018-2380
Description: RCE via Log injection on SAP NetWeaver AS JAVA CRM (CVE-2018-2380).

URL: https://github.com/0xSobky/Regaxor
Description: Regaxor (RegExp Haxxor) is a regular expression fuzzer, written in ES6.

URL: https://github.com/ZephrFish/DockerAttack
Related: https://blog.zsec.uk/ltr101-dac/
Description: Various Tools and Docker Images.

URL: https://github.com/sola-da/Synode
Blog: https://goo.gl/LqwQvL (+)
Description: Automatically Preventing Code Injection Attacks on Node.js.

URL: https://github.com/Metnew/uxss-db
Description: Universal Cross-site Scripting DB (+ other browser vulnerabilities).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/vNVzN1 (+)
Description: z00mtrack - User Tracking via The Browser Zoom Levels.

URL: https://www.eideon.com/2018-03-02-THL03-WMIBackdoors/
Description: Following the trace of WMI Backdoors & other nastiness.

URL: http://blog.japaric.io/safe-dma/
Description: Memory safe DMA transfers (Rust).

URL: https://goo.gl/iz1hLP (+)
PoC: https://github.com/alex91ar/randomstringutils
Description: A practical application for insecure randomness. 

URL: https://secdevops.ai/ios-static-analysis-and-recon-c611eaa6d108
Description: iOS Static Analysis and Recon.

URL: https://goo.gl/ND8WeR (+)
Description: Getting to the Bottom of CVE-2018-0825 Heap Overflow Buffer.

URL: https://reboare.github.io/lxd/lxd-escape.html
Description: Privilege Escalation via lxd.

URL: https://medium.com/@vysec.private/alibaba-cdn-domain-fronting-1c0754fa0142
Description: Alibaba CDN Domain Fronting.

URL: https://blog.stealthbits.com/dcshadow-attacking-active-directory-with-rogue-dcs/
More: https://blog.stealthbits.com/privilege-escalation-with-dcshadow/
Description: DCShadow - Attacking Active Directory with Rogue DCs.

URL: https://medium.com/secjuice/php-ssrf-techniques-9d422cb28d51
Description: PHP SSRF Techniques - How to bypass filter_var(), preg_match() and more.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://infocon.org/
Description: Hacking Conference Archive.

URL: https://github.com/intel/acat
Blog: https://goo.gl/BsVqjV (+)
Description: Assistive Context-Aware Toolkit (ACAT).

URL: https://github.com/seemoo-lab/mobisys2018_nexmon_software_defined_radio
Description: Nexmon Software Defined Radio (Turns Broadcom Wi-Fi chips into SDRs).


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 12 | Month: March | Year: 2018 | Release Date: 23/03/2018 | Edition: #214  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://opnsec.com/2018/03/stored-xss-on-facebook/
Description: Stored XSS on Facebook.

URL: https://ahussam.me/Leaking-WordPress-CSRF-Tokens/
Description: Leaking WordPress CSRF Tokens for Fun (CVE-2017-5489).

URL: https://hackerone.com/reports/300748
Description: Ethereum account balance manipulation.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/Eplox/TCP-Starvation
Description: TCP-Starvation.

URL: https://github.com/MozillaSecurity/octo
Description: A fuzzing framework in JavaScript.

URL: https://www.unix-ninja.com/p/A_cheat-sheet_for_password_crackers
Description: A cheat-sheet for password crackers.

URL: https://github.com/tihmstar/doubleH3lix
Description: Jailbreak for iOS 10.x 64bit devices without KTRR.

URL: https://github.com/nongiach/arm_now
Description: Multi arch VM working out of the box for everyone.

URL: http://developers-club.com/posts/250999/
Description: We recover local and domain passwords from hiberfil.sys.

URL: https://github.com/Eterna1/puszek-rootkit
Description: Yet another LKM rootkit for Linux. It hooks syscall table.

URL: https://github.com/Viralmaniar/Powershell-RAT
Description: Python backdoor that uses Gmail to exfiltrate data as an e-mail attachment.

URL: https://github.com/PsychoTea/maf_server
Description: Memory Analysis Framework - Port of Ian Beer's extra_recipe server stub.

URL: https://github.com/HA71/WhatCMS
Description: CMS Detection and Exploit Kit based on Whatcms.org API.

URL: https://github.com/riverloopsec/tumblerf
Description: A unified fuzzing framework for low-level RF and HW protocol/PHY/MAC analysis.

URL: https://goo.gl/cAHW3N (+)
Description: Logs in High Sierra (10.13) Show Passwords for APFS Encrypted External Volumes.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://rastamouse.me/2018/03/laps---part-1/
More: http://bit.ly/2KDINYv (+) | http://bit.ly/2OUF9wD (+)
Description: Abuse Local Administrator Password Solution (LAPS).

URL: https://saleemrashid.com/2018/03/20/breaking-ledger-security-model/
Description: Breaking the Ledger Security Model.

URL: https://ryan.govost.es/2018/03/09/deepsound.html
Description: Password recovery on DeepSound steganography.

URL: https://staaldraad.github.io/post/2018-03-16-quick-win-with-graphql/
Description: Quick win with GraphQL.

URL: https://goo.gl/y1y8bn (+)
Description: Top Five Ways I gained access to Your Corporate Wireless Network.

URL: https://blog.jessfraz.com/post/building-container-images-securely-on-kubernetes/
Description: Building Container Images Securely on Kubernetes.

URL: https://oddvar.moe/2018/03/21/persistence-using-runonceex-hidden-from-autoruns-exe/
Description: Persistence using RunOnceEx – Hidden from Autoruns.exe.

URL: https://www.guardicore.com/2018/03/recovering-plaintext-passwords-azure/
Description: Recovering Plaintext Passwords from Azure Virtual Machines.

URL: https://goo.gl/64sxc8 (+)
Description: Visual Studio Code silently fixed a remote code execution vulnerability.

URL: http://misteralfa-hack.blogspot.pt/2018/03/leaking-facebook-internal-ip.html
PoC: https://github.com/ezelf/f5_cookieLeaks
Description: Leaking Facebook Internal IP Infrastructure.

URL: https://codewhitesec.blogspot.pt/2018/03/exploiting-adobe-coldfusion.html
Description: Exploiting Adobe ColdFusion before CVE-2017-3066.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://tech.jonathangardner.net/wiki/Why_Java_Sucks
Description: Why Java Sucks.

URL: https://gethead.info/
Description: A free guide to  elements.

URL: https://github.com/securitywithoutborders/hardentools
Description: Hardentools is a utility that disables a number of risky Windows features.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 13 | Month: March | Year: 2018 | Release Date: 30/03/2018 | Edition: #215  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://medium.com/@Alra3ees/google-adwords-3133-7-stored-xss-27bb083b8d27
Description: Google adwords Stored XSS.

URL: https://hawkinsecurity.com/2018/03/24/gaining-filesystem-access-via-blind-oob-xxe/
Description: Gaining Filesystem Access via Blind OOB XXE.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/lukechilds/reverse-shell
Description: Reverse Shell as a Service.

URL: https://github.com/Moham3dRiahi/Th3inspector
Description: Th3Inspector - best tool for Information Gathering.

URL: https://github.com/Lanchon/haystack
Description: Signature Spoofing Patcher for Android.

URL: https://github.com/nullbind/Other-Projects/tree/master/GDA
Description: Get Domain Admins (GDA).

URL: https://github.com/quentinhardy/msdat
Description: MSDAT - Microsoft SQL Database Attacking Tool.

URL: https://github.com/franccesco/getaltname
Description: Get Subject Alt Name from SSL Certificates.

URL: https://zero-day.io/modifyexploits/
Description: Modifying exploits - hands-on example (101).

URL: https://github.com/guardicore/monkey
Description: Infection Monkey - An automated pentest tool.

URL: https://github.com/0x09AL/DNS-Persist
Description: DNS-Persist is a post-exploitation agent which uses DNS for C&C.

URL: https://github.com/zi0Black/POC-CVE-2018-0114
Description: This repository contains the POC of an exploit for node-jose < 0.11.0.

URL: https://github.com/dsopas/assessment-mindset
Description: Security Mindmap useful for pentest, bug bounty or red-team assessments.

URL: https://github.com/UltimateHackers/Arjun
Description: Arjun is a python script for finding hidden GET & POST parameters.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://blog.jli.host/posts/cf-auto-minify/
Description: Uncovering a Bug in Cloudflare's Minification Service.

URL: https://www.leavesongs.com/PENETRATION/client-session-security.html
Description: Client session caused security issues (Flask).

URL: https://goo.gl/fnxgfx (+)
Description: Remote Code Execution with Drupal core (SA-CORE-2018–002).

URL: https://jellyhive.com/activity/posts/2018/03/26/csp-implementations-are-broken/
Description: CSP implementations are broken.

URL: https://magisterquis.github.io/2018/03/11/process-injection-with-gdb.html
Description: Process Injection with GDB.

URL: https://medium.com/@cloudyforensics/how-to-perform-aws-cloud-forensics-309a03a77aee
Description: How to perform AWS Cloud Forensics.

URL: https://goo.gl/93GuBP (+)
Description: DiskShadow - The Return of VSS Evasion, Persistence, and AD Database Exfil.

URL: https://github.com/trishmapow/rf-jam-replay
Description: Jam and Replay Attack on Vehicular Keyless Entry Systems.

URL: https://goo.gl/5Nu3xo (+)
Description: The phenomenon of smart contract honeypots.

URL: https://goo.gl/Vunae1 (+)
Description: Here's a List of 29 Different Types of USB Attacks.

URL: https://ncona.com/2015/02/consuming-a-google-id-token-from-a-server/
Description: Consuming a Google ID Token from a server.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://jeremyrickard.github.io/post/fun-with-aci/
Description: Fun With ACI.

URL: https://pjreddie.com/darknet/yolo/
Description: YOLO - Real-Time Object Detection.

URL: https://jgthms.com/javascript-in-14-minutes/
Description: JavaScript in 14 minutes.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 14 | Month: April | Year: 2018 | Release Date: 06/04/2018 | Edition: #216  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://ngailong.wordpress.com/2018/02/13/the-mystery-of-postmessage/
Description: The Mystery of postMessage.

URL: http://bit.ly/2IxLqdT (+)
Description: Google bug bounty for security exploit that influences search results.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/endgameinc/RTA
Description: Red Team Automation (RTA).

URL: https://github.com/redhuntlabs/RedHunt-OS
Description: RedHunt Linux Distribution (VM).

URL: https://github.com/0xbadjuju/Tokenvator
Description: A tool to elevate privilege with Windows Tokens.

URL: https://github.com/chrismaddalena/ODIN
Description: Tool for automating penetration testing tasks (in development).

URL: https://github.com/redcanaryco/atomic-red-team
Description: Small and highly portable detection tests.

URL: http://www.getmantra.com/web-app-security-testing-with-browsers/
Description: Web app security testing with browsers.

URL: https://github.com/peewpw/Invoke-BSOD
Description: Invoke a BSOD and get a crash dump after search for passwords in the dump.

URL: https://github.com/UnaPibaGeek/CBM
More: https://hackinparis.com/data/files/talks_2018/the-bicho-v21-sheila-berta.pdf
Description: Car Backdoor Maker (CBM) and hardware-backdoor for CAN bus.

URL: https://github.com/bazad/ida_kernelcache
Description: ida_kernelcache - An IDA Toolkit for analyzing iOS kernelcaches.

URL: https://github.com/nshalabi/SysmonTools
Description: Utilities for Sysmon - Sysmon View and Sysmon Shell.

URL: https://github.com/inurlx/CLOUDKiLL3R
Description: CLOUDKiLL3R bypasses Cloudflare protection service via TOR Browser!

URL: https://github.com/android-hacker/VirtualXposed
Description: A Simple App to use Xposed without root. 


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://syscall.eu/blog/2018/03/12/aigo_part1/
More: https://syscall.eu/blog/2018/03/12/aigo_part2/
Description: Aigo Chinese encrypted HDD.

URL: http://gosecure.net/2018/04/03/beyond-xss-edge-side-include-injection/
Description: Beyond XSS - Edge Side Include (ESI) Injection. 

URL: http://bluec0re.blogspot.pt/2018/03/cve-2018-7160-pwning-nodejs-developers.html
Description: Pwning NodeJS Developers (CVE-2018-7160).

URL: https://blog.ice9.us/2018/04/stealing-credit-cards-from-fuze-bluetooth.html
Description: Stealing Credit Cards from FUZE via Bluetooth (CVE-2018-9119).

URL: https://magisterquis.github.io/2018/03/31/in-memory-only-elf-execution.html
Description: In-Memory-Only ELF Execution (Without tmpfs).

URL: https://medium.com/@cintainfinita/knocking-down-the-big-door-8e2177f76ea5
Description: Knocking Down the Big Door - How We Bypassed the Auth0 Authentication.

URL: http://blog.orange.tw/2018/03/pwn-ctf-platform-with-java-jrmp-gadget.html
Description: Pwn a CTF Platform with Java JRMP Gadget.

URL: https://phoenhex.re/2018-03-25/not-a-vagrant-bug
Description: This is fine - Vagrant guests can access the entire host filesystem.

URL: https://lightbulbone.com/posts/2016/10/dsmos-kext/
Description: Reversing a macOS Kernel Extension.

URL: https://krbtgt.pw/windows-remote-assistance-xxe-vulnerability/
Description: Windows Remote Assistance XXE vulnerability (CVE-2018-0878).

URL: http://bit.ly/2Gz3aJj (+)
Description: How I was able to bypass Open Redirection Protection from LinkedIn.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://holeybeep.ninja/
Related: https://sigint.sh/#/holeybeep
PoC: https://gist.github.com/fkt/5f8f9560ef54e11ff7df8bec09dc8f9a
Description: Holey Beep (CVE-2018-0492).

URL: http://bit.ly/2q81V8U (+)
Description: Making a PS2 Emulator - From Bits to Pixels.

URL: https://www.anishathalye.com/2018/04/03/macbook-touchscreen/
Description: Turning a MacBook into a Touchscreen with $1 of Hardware.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 15 | Month: April | Year: 2018 | Release Date: 13/04/2018 | Edition: #217  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://philippeharewood.com/facebook-graphql-csrf/
Description: Facebook GraphQL CSRF.

URL: http://bit.ly/2v6ODPN (+)
Description: How I broke into Google Issue Tracker.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://secrary.com/Random/BypassUserHooks/
Description: Bypasss User-Mode Hooks.

URL: https://github.com/DedSecInside/TorBoT
Description: OSINT tool for Deep and Dark Web.

URL: https://github.com/blechschmidt/massdns
Related: https://github.com/Den1al/pymassdns
Description: A high-performance DNS stub resolver for bulk lookups and reconnaissance.

URL: https://github.com/RiotGames/cloud-inquisitor
Description: Enforce ownership and data security within AWS.

URL: https://github.com/UltimateHackers/Decodify
Description: It can detect and decode encoded strings, recursively.

URL: http://bit.ly/2HvXjSg (+)
Description: Persistence using GlobalFlags in Image File Execution Options.

URL: https://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodology/
Description: Web Application Penetration Testing Cheat Sheet.

URL: https://github.com/NextronSystems/APTSimulator
Description: A toolset to make a system look as if it was the victim of an APT attack.

URL: https://github.com/k4m4/dcipher
Description: Decipher hashes using online rainbow & lookup table attack services.

URL: https://blog.fabiopires.pt/running-your-instance-of-burp-collaborator-server/
Description: Running Your Instance of Burp Collaborator Server.

URL: https://github.com/noxrnet/researchservers
Description: Simple servers (HTTP and DNS) which allow configurable/scriptable responses.

URL: https://github.com/vysec/DomLink
Blog: https://medium.com/@vysec.private/domlink-automating-domain-discovery-467704375d0a
Description: Link a domain with registered organisation names and emails to other domains.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://bit.ly/2GSKOmB (+)
Description: The story behined the Strong XSS filter bypass!

URL: http://bit.ly/2EGBVGP (+)
Description: Abusing Exported Functions and Exposed DCOM Interfaces.

URL: https://medium.com/@yassergersy/xss-to-session-hijack-6039e11e6a81
Description: Stealing HttpOnly Cookie via XSS.

URL: https://snyk.io/blog/attacking-an-ftp-client/
Description: Attacking an FTP Client - MGETting more than you bargained for.

URL: https://www.mindpointgroup.com/blog/pen-test/cloudfront-hijacking/
Description: CloudFront Hijacking.

URL: https://embedi.com/blog/reflecting-upon-owasp-top-10-iot-vulnerabilities/
Description: Reflecting upon OWASP TOP-10 IoT Vulnerabilities.

URL: https://clo.ng/blog/osquery_reverse_shell/
Description: Using Osquery to Detect Reverse Shells on MacOS.

URL: https://medium.com/@jeremy.trinka/event-log-auditing-demystified-75b55879f069
Description: Event Log Auditing, Demystified.

URL: https://github.com/eladshamir/Internal-Monologue
Description: Internal Monologue Attack - Retrieving NTLM Hashes without Touching LSASS.

URL: http://bit.ly/2EFUPhc (+)
Description: My journey towards Reverse Engineering a Smart Band — Bluetooth-LE RE.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/cryptodashie/ipfs
Related: https://ipfs.io/
Description: IPFS Scanner.

URL: https://osandamalith.com/2018/04/07/haxing-minesweeper/
Description: Haxing Minesweeper.

URL: https://blog.benjojo.co.uk/post/tor-onions-to-v6-with-iptables-proxy
Description: Giving every Tor Hidden Service a IPv6 address.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 16 | Month: April | Year: 2018 | Release Date: 20/04/2018 | Edition: #218  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://bit.ly/2HfV9ZS (+)
Description: Piercing the Veil - Server Side Request Forgery to NIPRNet access.

URL: http://bit.ly/2HylK3L (+)
Description: Bypass CSP by Abusing XSS Filter in Edge.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/m0nad/Diamorphine
Description: Diamorphine is a LKM rootkit for Linux Kernels 2.6.x/3.x/4.x.

URL: https://github.com/kennethreitz/s3monkey
Description: Amazon S3 Buckets as if they are your local filesystem.

URL: https://github.com/fireeye/ReelPhish
Description: A Real-Time Two-Factor Phishing Tool.

URL: https://github.com/preempt/credssp
Blog: https://blog.preempt.com/how-we-exploited-the-authentication-in-ms-rdp
Description: Exploit Authentication in MS-RDP (CVE-2018-0886).

URL: https://github.com/daudmalik06/ReconCat
Description: PHP application to fetch archive url snapshots from archive.org.

URL: https://github.com/dsopas/rfd-checker
Description: RFD Checker - security CLI tool to test Reflected File Download.

URL: http://bit.ly/2HbjccF (+)
Description: Living off the land with Kerberos and netsh interface portproxy.

URL: https://github.com/hannob/snallygaster
Description: Tool to scan for secret files on HTTP servers.

URL: https://github.com/m8r0wn/pymeta
Description: Tool to search the web for files on a domain for extracting metadata. 

URL: https://github.com/extremecoders-re/Virtual-File-System-Editor
Description: A tool to extract embedded files from application virtualizers.

URL: https://github.com/iabem97/securityd-racer2
Description: Securityd PoC overflow vulnerability (iOS 11.3/15E5189f)

URL: https://github.com/pageflt/gdb-box
Description: GDB extension for displaying memory contents in different byte orders.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://www.dasp.co/
Description: Decentralized Application Security Project (or DASP) Top 10.

URL: https://gist.github.com/sirdarckcat/fe8ce94ef25de375d13b7681d851b7b4
Description: /sbin/dhclient Ubuntu AppArmor profile bypass.

URL: https://pythontips.com/2018/04/15/reverse-engineering-soundcloud-api/
Description: Reverse Engineering Soundcloud API.

URL: http://byte-atlas.blogspot.pt/2018/04/apivectors.html
Description: Introducing ApiVectors (ApiScout Update).

URL: http://bit.ly/2qL2dCT (+)
Description: Take full control of online compilers through a common exploit.

URL: http://bit.ly/2HMh9c9 (+)
Description: JTAG on-chip debugging - Extracting passwords from memory.

URL: https://ifc0nf1g.xyz/blog/post/pwning-admin-panel-with-recon/
Description: Pwning admin panel with recon.

URL: http://www.duskborn.com/how-to-read-write-llvm-bitcode/
Description: How to read & write LLVM bitcode.

URL: http://bit.ly/2JbbAU5 (+)
PoC: https://github.com/securifera/CVE-2018-6546-Exploit
Description: AMD Gaming Evolved (Raptr - Plays.tv) Remote File Execution.

URL: https://paper.seebug.org/563/
PoC: http://cyseclabs.com/exploits/upstream44.c
Description: Four sets aside - Ubuntu kernel eBPF 0day analysis (CVE-2017-16995).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/NVlabs/MUNIT
Description: MUNIT - Multimodal UNsupervised Image-to-image Translation.

URL: https://github.com/fransr/bountyplz
Description: Automated security reporting from markdown templates.

URL: https://blog.benjojo.co.uk/post/encoding-data-into-dubstep-drops
Description: Encoding data in dubstep drops.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 17 | Month: April | Year: 2018 | Release Date: 27/04/2018 | Edition: #219  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://lightningsecurity.io/blog/linkedin/
Description: LinkedIn Autofill Vulnerability.

URL: http://bit.ly/2HsCqdK (+)
Description: Breaking bad to make good - Firefox CVE-2017–7843.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://bit.ly/2vOHq71 (+)
Description: Cobalt Strike – Bypassing Windows Defender with Obfuscation.

URL: https://github.com/tehw0lf/airbash
Description: Fully automated WPA PSK handshake capture script.

URL: https://github.com/linkedin/qark
Description: Tool for Android application audit.

URL: https://github.com/51x/WHP
Description: Micro$oft Windows Hacking Pack.

URL: https://github.com/HanseSecure/credgrap_ie_edge
Description: Extract stored credentials from Internet Explorer and Edge.

URL: https://github.com/mitre/caldera
Description: An automated adversary emulation system.

URL: https://github.com/Ice3man543/subfinder
Description: SubFinder is a subdomain discovery tool.

URL: https://github.com/Nhoya/PastebinMarkdownXSS
Description: XSS in pastebin.com via unsanitized markdown output.

URL: http://blog.secu.dk/blog/Tunnels_in_a_hard_filtered_network
Description: Pivoting through HTTP webshells with Tunna - SOCKS proxy webshells.

URL: https://github.com/l0ss/Grouper
Description: PS script for helping to find vulnerable settings in AD Group Policy.

URL: https://security.szurek.pl/exploit-bypass-php-escapeshellarg-escapeshellcmd.html
Description: Exploit/bypass PHP escapeshellarg/escapeshellcmd functions.

URL: https://github.com/FireFart/CVE-2018-7600
More: https://gist.github.com/g0tmi1k/7476eec3f32278adc07039c3e5473708
Description: Drupal <7.58 Unauthenticated RCE For Drupal v8.4.5/v8.5.0 (CVE-2018-7600).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://csl.com.co/rid-hijacking/
Description: RID Hijacking on Windows.

URL: http://bit.ly/2KgT5i9 (+)
Description: Do not underestimate credentials leaks.

URL: https://blog.xpnsec.com/total-meltdown-cve-2018-1038/
PoC: http://bit.ly/2KfSRbi (+) | http://bit.ly/2qZOjOa (+)
Description: Exploiting CVE-2018-1038 - Total Meltdown.

URL: http://touhidshaikh.com/blog/?p=790
Description: Abusing SUDO (Linux Privilege Escalation).

URL: https://arvanaghi.com/blog/reversing-ethereum-smart-contracts/
Description: Reversing Ethereum Smart Contracts.

URL: http://bit.ly/2JqTRIs (+)
Description: SQL injection, Oracle and full-width characters.

URL: https://habrahabr.ru/post/272187/
Description: Not all cookies are equally useful.

URL: http://blogs.360.cn/blog/how-to-kill-a-firefox-en/
Description: How to kill a (Fire)fox (CVE-2018-5146).

URL: http://bit.ly/2HQEpYV (+)
Description: Fuzzing Adobe Reader for exploitable vulns (fun != profit).

URL: https://w00tsec.blogspot.pt/2018/04/abusing-mysql-local-infile-to-read.html
Description: Abusing MySQL LOCAL INFILE to read client files.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/BatchDrake/suscan
Description: Channel scanner based on sigutils library.

URL: https://github.com/tehnokv/picojs
Description: A face detection library in 200 lines of JavaScript.

URL: http://bit.ly/2vRctiE (+)
Description: Reverse Engineering Facebook API - Private Video Downloader.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 18 | Month: May | Year: 2018 | Release Date: 04/05/2018 | Edition: #220  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://eligrey.com/blog/google-inbox-spoofing-vulnerability/
Description: Google Inbox spoofing vulnerability.

URL: http://bit.ly/2Ib7xua (+)
Description: Abusing internal API to achieve IDOR in New Relic.

URL: http://bit.ly/2rjGMcf (+)
Description: Bypass firewall to get RCE and then from server shell to get root!


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/fopina/syncme_exposed
Description: Sync.me sucks.

URL: https://github.com/ezelf/CVE-2018-9995_dvr_credentials
Description: Get DVR Credentials (CVE-2018-9995).

URL: https://github.com/PreOS-Security/awesome-firmware-security/
Description: Awesome Firmware Security & Other Helpful Documents.

URL: http://bit.ly/2rjC1zr (+)
Description: Reversing and Patching .NET Binaries with Embedded References.

URL: https://github.com/integrity-sa/burpcollaborator-docker
Description: Burp Collaborator Server docker container with LetsEncrypt certificate.

URL: https://erpscan.com/press-center/blog/oracle-ebs-penetration-testing-tool/
Description: Oracle EBS Penetration testing tool.

URL: https://www.exploit-db.com/exploits/44553/
Description: Oracle Weblogic Server Deserialization RCE Vulnerability (CVE-2018-2628).

URL: https://github.com/cldrn/rainmap-lite
Description: Rainmap Lite - Responsive web based interface for Nmap.

URL: https://github.com/Neo23x0/sigma
Description: Generic Signature Format for SIEM Systems.

URL: https://github.com/jobertabma/virtual-host-discovery
Description: A script to enumerate virtual hosts on a server.

URL: https://telekomsecurity.github.io/2018/04/trovebox-vulnerabilities.html
Description: Trovebox - Authentication Bypass, SQLi, SSRF.

URL: https://github.com/saaramar/execve_exploit
Description: Hardcore corruption of my execve() vulnerability in WSL (CVE-2018-0743).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://keenlab.tencent.com/en/2018/04/23/A-bunch-of-Red-Pills-VMware-Escapes/
Description: A bunch of Red Pills - VMware Escapes.

URL: https://www.computest.nl/wp-content/uploads/2018/04/connected-car-rapport.pdf
Description: The Connected Car - Ways to get unauthorized access and potential implications.

URL: http://bit.ly/2jqx9oP (+)
Description: How I exploited a bug in the Avios Travel rewards programme.

URL: http://www.danielbohannon.com/blog-1/2018/3/19/test-your-dfir-tools-sysmon-edition
Description: Test Your DFIR Tools - Sysmon Edition.Cisco Smart Install Remote Code Execution.

URL: http://bit.ly/2HNPhHA (+)
Description: Cooking Up Shells with Chef.

URL: https://insert-script.blogspot.pt/2018/05/adobe-reader-pdf-client-side-request.html
Description: Adobe Reader PDF - Client Side Request Injection.

URL: http://blog.nsfocus.net/cve-2018-6574/
Description: Go language arbitrary code execution vulnerability analysis (CVE-2018-6574).

URL: https://0x00rick.com/research/2018/04/20/afl_intro.html
Description: Fuzzing open source projects with american fuzzy lop (AFL).

URL: http://bit.ly/2jt5eVl (+)
Description: Android Bluetooth Vulnerabilities in the March 2018 Security Bulletin.

URL: https://www.atredis.com/blog/cylance-privilege-escalation-vulnerability
Description: Escalating Privileges with CylancePROTECT.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://hanno-rein.de/archives/349
Description: LaTeX Coffee Stains.

URL: https://blog.benjojo.co.uk/post/tls-https-server-from-a-yubikey
Description: Yubikey/Smartcard backed TLS servers.

URL: https://github.com/mindedsecurity/shhlack
Description: Slack message encryptor/decryptor for desktop app and browser.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 19 | Month: May | Year: 2018 | Release Date: 11/05/2018 | Edition: #221  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://charles.dardaman.com/js_coinhive_in_excel
Description: JavaScript Coinhive in Excel.

URL: http://blog.mindedsecurity.com/2018/04/dom-based-cross-site-scripting-in.html
Description: DOM XSS in Google VRView library.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/caffix/amass
Description: Subdomain Enumeration in Go.

URL: https://github.com/deepzec/Bad-Pdf
Description: Steal NTLM Hashes with Bad-PDF.

URL: https://github.com/nccgroup/tracy
Description: Find all sinks and sources of a web application.

URL: http://bit.ly/2rzhJCi (+)
Description: Invoke-Adversary – Simulating Adversary Operations.

URL: https://github.com/Mind0xP/Frida-Python-Binding
Description: Easy to use Frida python binding script.

URL: https://michael-eder.net/post/2018/native_rdp_pass_the_hash/
Description: Passing the hash with native RDP client (mstsc.exe).

URL: https://github.com/danigargu/heap-viewer
Description: IDA Pro plugin to examine the glibc heap, focused on exploit dev.

URL: https://github.com/trimstray/sandmap
Description: Network and system reconnaissance using the massive Nmap engine.

URL: https://github.com/samhaxr/hackbox
Description: HackBox is the combination of awesome techniques.

URL: https://github.com/flipkart-incubator/astra
Description: Automated Security Testing For REST API's.

URL: https://github.com/yuvadm/viewstate
Description: Python library for ASP.NET view state decoding.

URL: https://github.com/rootm0s/WinPwnage
Description: Dump of tools for Windows Pwnage (UAC bypass, persistence, PE...).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://goo.gl/JyAG1p (+)
Description: Command and control server in social media (Twitter, Instagram, ...).

URL: https://xiaodaozhi.com/exploit/117.html
Description: UAF vulnerability in Menu Management Component (CVE-2017-0263).

URL: http://blog.redactedsec.net/exploits/2018/04/26/nagios.html
Description: NagiosXI Vulnerability Chaining; Death By a Thousand Cuts (CVE-2018-873X).

URL: http://bit.ly/2rwqr5c (+)
Description: Detecting Password Spraying with Security Event Auditing.

URL: https://diablohorn.com/2018/02/04/identify-a-whitelisted-ip-address/
Description: Identify a whitelisted IP address.

URL: https://medium.com/101-writeups/hacking-json-web-token-jwt-233fe6c862e6
More: http://bit.ly/2IvRJCd (+)
Description: Hacking JSON Web Token (JWT).

URL: http://bit.ly/2wuN0Mn (+)
Description: Rooting a Logitech Harmony Hub - Improving Security in Today's IoT World.

URL: http://sploit3r.xyz/cve-2017-13284-injection-in-configuration-file/
Description: Injection in configuration file (CVE-2017-13284).

URL: https://medium.com/@vysec.private/domain-fronting-who-am-i-3c982ccd52e6
Description: Domain Fronting - Who Am I?

URL: http://everdox.net/popss.pdf
PoC: https://github.com/nmulasmajic/syscall_exploit_CVE-2018-8897
Description: Spurious #DB exceptions with the "POP SS" instruction (CVE-2018-8897).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://gdprchecklist.io/
Description: The GDPR Checklist.

URL: http://bit.ly/2KdA5k3 (+)
Description: Offline Object Detection and Tracking on a Raspberry Pi.

URL: https://momo5502.com/blog/?p=34
PoC: https://github.com/momo5502/cod-exploit
Description: CoD Modern Warfare 2 RCE via CoD's custom network protocol.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###   Week: 20 | Month: May | Year: 2018 | Release Date: 18/05/2018 | Edition: #222   ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://bit.ly/2rNr5LC (+)
Description: Microsoft Word Document Upload to Stored XSS - A Case Study.

URL: http://bit.ly/2rKklhB (+)
Description: "Client-Side" CSRF.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/andresriancho/websocket-fuzzer
Description: Simple HTML5 WebSocket fuzzer.

URL: https://github.com/sp1d3r/swf_json_csrf/
Description: SWF-based JSON CSRF exploitation.

URL: https://github.com/jcesarstef/dotdotslash
Description: Tool to help you search for Directory Traversal Vulnerabilities.

URL: https://github.com/ciscocsirt/netsarlacc
Description: High performance enterprise HTTP (and SMTP) sinkhole.

URL: https://ivrodriguez.com/reverse-engineer-ios-apps-ios-11-edition-part1/
More: https://ivrodriguez.com/reverse-engineer-ios-apps-ios-11-edition-part2/
Description: Reverse Engineering iOS Apps - iOS 11 Edition.

URL: https://github.com/EmpireProject/Empire-GUI
Description: Graphical interface to the Empire post-exploitation Framework.

URL: https://github.com/Jamalc0m/wphunter
Description: WPHunter A Wordpress Vulnerability Scanner.

URL: https://github.com/PaulSec/metasearch-public
Description: Stop searching for sample hashes on 10 different sites.

URL: https://github.com/mattzeunert/fromjs
Description: Find the source of every HTML character in a JavaScript app.

URL: https://github.com/vaguileradiaz/tinfoleak
Description: The most complete open-source tool for Twitter intelligence analysis.

URL: https://github.com/ConsciousHacker/GreatSCT
Description: Generate msf payloads that bypass common AV solutions and whitelists.

URL: https://github.com/NetSPI/goddi
Blog: https://blog.netspi.com/dumping-active-directory-domain-info-in-go/
Description: Goddi (go dump domain info) dumps Active Directory domain information.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://blog.ensilo.com/ctrl-inject
Description: Ctrl-Inject Research.

URL: http://bit.ly/2KuMPCX (+)
Description: Tearing New Holes into Intel/iPhone Cellular Modems.

URL: http://bit.ly/2Iofw7L (+)
Repo: https://github.com/vysec/CloudFrontHijacks
Description: Hijackable CloudFront Domain Names - Protect yourself.

URL: https://gdelugre.github.io/2018/05/10/3gpp-ota-security-evolution/
Description: Evolution of 3GPP over-the-air security.

URL: https://systemoverlord.com/2018/04/16/the-iot-hackers-toolkit.html
Description: The IoT Hacker's Toolkit.

URL: https://musings.konundrum.org/2018/05/03/debugging-windows-services.html
Description: Debugging Windows Services.

URL: https://0xpatrik.com/asset-discovery/
Description: Asset Discovery - Doing Reconnaissance the Hard Way.

URL: http://bit.ly/2Kyi5AT (+)
Related: http://bit.ly/2xM4uo8 (+)
Description: 7-Zip - From Uninitialized Memory to RCE (CVE-2018-10115).

URL: http://www.insomniacsecurity.com/2018/05/09/boblobblob.html
Description: Experiments with GitHub and binary blobs.

URL: https://neonsea.uk/blog/2018/04/15/pwn910nd.html
Description: Abusing OpenWRT's printer server to become root (CVE-2018-10123).

URL: https://efail.de/
Description: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://ryan.govost.es/2018/03/27/sakuracam.html
Description: Sakura Time-Lapse Camera.

URL: https://try.mydatarequest.com/
Description: Request your personal data from 100+ companies.

URL: https://github.com/jparise/chrome-utm-stripper
Description: Browser extension that strips Google Analytics (UTM) tokens from the URL.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 21 | Month: May | Year: 2018 | Release Date: 25/05/2018 | Edition: #223  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://hackerone.com/reports/341876
Description: Shopify SSRF in Exchange leads to ROOT access in all instances.

URL: https://sites.google.com/site/testsitehacking/-36k-google-app-engine-rce
PoC: https://github.com/ezequielpereira/GAE-RCE
Description: $36k Google App Engine Remote Code Execution.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/OJ/gobuster
Description: Directory/file & DNS busting tool written in Go.

URL: https://github.com/david942j/honest
Description: Honest - Are your installed packages honest?

URL: https://github.com/HoLyVieR/dnsbin
Description: The request.bin of DNS request.

URL: https://github.com/jymcheong/AutoTTP
Description: Automated Tactics Techniques & Procedures.

URL: https://github.com/felipedaragon/sandcat
Description: Pentest and developer-oriented web browser using Lua.

URL: https://github.com/ropnop/windows_sshagent_extract
Blog: https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent/
Description: Extract private keys from Windows 10's built in ssh-agent service.

URL: https://github.com/anordal/shellharden
Description: A bash syntax highlighter that encourages proper quoting of variables.

URL: https://github.com/stephenfewer/grinder
Description: Automate the fuzzing of web browsers and the management of crashes.

URL: https://github.com/Ice3man543/SubOver
Description: A Powerful Subdomain Takeover Tool.

URL: https://github.com/0x00-0x00/ShellPop
Description: Pop shells like a master.

URL: https://github.com/pathetiq/BurpSmartBuster
Description: Burp Suite content discovery plugin that add the smart into the Buster!

URL: http://newosxbook.com/tools/jtool.html
Description: JTool (Mach-O Analyzer).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://x1m.nl/posts/laravel-xss-vuln/
Description: Laravel Stored XSS Vulnerability.

URL: https://jaiverma.github.io/blog/ios-game-hacking
Description: iOS Game Hacking - Minesweeper.

URL: http://bit.ly/2KT59WD (+)
Description: JavaScript prototype pollution attack in NodeJS.

URL: http://deniable.org/reversing/symbolic-execution
Description: Practical Symbolic Execution and SATisfiability Module Theories (SMT).

URL: http://bit.ly/2GMLZ1V (+)
Description: How your ethereum can be stolen through DNS rebinding.

URL: https://blog.jli.host/posts/cloudflare-scrape-shield/
Description: An Analysis of Cloudflare's Email Address Obfuscation.

URL: https://security.szurek.pl/gitbucket-unauthenticated-rce.html
Description: GitBucket 4.23.1 Unauthenticated Remote Code Execution.

URL: https://medium.com/@canavaroxum/xxe-on-windows-system-then-what-76d571d66745
Description: XXE on Windows system... then what??

URL: http://bit.ly/2s4NrHM (+)
Description: .NET Deserialization To NTLM Hashes.

URL: http://www.harmj0y.net/blog/powershell/command-and-control-using-active-directory/
Related: http://bit.ly/2s5guMd (+)
Description: Command and Control Using Active Directory.

URL: https://github.com/nccgroup/TPMGenie
Description: TPM Genie is an I2C bus interposer for discrete Trusted Platform Modules.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://blog.benjojo.co.uk/post/bgp-battleships
Description: Playing battleships over BGP.

URL: http://www.computerhistory.org/atchm/adobe-photoshop-source-code/
Description: Adobe Photoshop Source Code.

URL: https://github.com/evilsocket/eve
Description: Tool that isolates human faces from a webcam stream in realtime.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 22 | Month: June | Year: 2018 | Release Date: 01/06/2018 | Edition: #224  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://www.robertxiao.ca/hacking/locationsmart/
Description: LocationSmart API Vulnerability.

URL: https://hackerone.com/reports/85624
Description: Highly wormable clickjacking in Twitter player card.

URL: https://poc-server.com/blog/2018/05/22/rce-by-uploading-a-web-config/
Description: Remote code execution by uploading a web.config.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/CoolerVoid/ninja_shell/
Description: Port Knocking technique with AES256-GCM.

URL: https://github.com/securing/DumpsterDiver
Description: Tool to search secrets in various filetypes.

URL: http://www.orionforensics.com/w_en_page/USB_forensic_tracker.php
Description: USB Forensic Tracker (USBFT).

URL: https://github.com/api0cradle/LOLBAS
Related: https://gtfobins.github.io/
Description: Living Off The Land Binaries, Libraries and Scripts.

URL: https://github.com/google/docker-explorer/
Description: This project helps a forensics analyst explore offline Docker FS.

URL: http://bit.ly/2J4uc8r (+)
Description: Common format strings obfuscation technics.

URL: https://github.com/m4ll0k/AutoNSE
Description: Massive NSE (Nmap Scripting Engine) AutoSploit and AutoScanner.

URL: https://github.com/zodiacon/AllTools
Description: Windows audit tools (Dump).

URL: https://github.com/iGio90/uDdbg
Description: A gdb like debugger that provide a runtime env to unicorn emulator.

URL: https://github.com/kd8bny/LiMEaide
Description:  Remotely dump RAM of a Linux client and create a volatility profile.

URL: https://github.com/CodeCracker-Tools/MegaDumper
Description: Dump native and .NET assemblies.

URL: https://github.com/D4Vinci/Cuteit
More: http://agarri.fr/docs/ipobf.py
Description: Make a malicious IP a bit cuter (HEX, OCT, Mixed encodings and more).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://andresriancho.com/recaptcha-bypass-via-http-parameter-pollution/
Description: reCAPTCHA bypass via HTTP Parameter Pollution.

URL: https://justi.cz/security/2018/05/23/cdn-tar-oops.html
Description: Compromising Thousands of Websites Through a CDN.

URL: http://bit.ly/2kGAXmA (+)
Description: Automatically Stealing Password Hashes with Microsoft Outlook and OLE.

URL: http://blogs.360.cn/blog/eos-node-remote-code-execution-vulnerability/
Description: EOS Node RCE — EOS WASM Contract Function Table Array Out of Bounds.

URL: https://rhinosecuritylabs.com/aws/amazon-aws-misconfiguration-amazon-go/
Description: Amazon's AWS Misconfiguration - Arbitrary Files Upload in Amazon Go.

URL: https://embedi.com/blog/dji-spark-hijacking/
Related: https://github.com/CunningLogic/DUMLRacer (Root Exploit)
Description: DJI Spark hijacking.

URL: https://silviavali.github.io/Electron/only_an_electron_away_from_code_execution
Description: Only an Electron Away from Code Execution.

URL: https://blog.doyensec.com/2018/05/17/graphql-security-overview.html
Description: GraphQL - Security Overview and Testing Tips.

URL: http://bit.ly/2xwjIgR (+)
Description: Ethereum, Solidity and integer overflows - programming blockchains like 1970.

URL: http://devalias.net/devalias/2018/05/13/usb-reverse-engineering-down-the-rabbit-hole/
Description: USB Reverse Engineering - Down the rabbit hole.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://gdprhallofshame.com/
Description: GDPR Hall of Shame.

URL: https://resinos.io/
Description: Run Docker containers on embedded devices.

URL: http://www.maizure.org/projects/printf/index.html
Description: Tearing apart printf().


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 23 | Month: June | Year: 2018 | Release Date: 08/06/2018 | Edition: #225  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://bit.ly/2Lv2eUp (+)
Description: Reading Your Emails With A Read&Write Chrome Extension SOP Bypass.

URL: https://blog.innerht.ml/internet-explorer-has-a-url-problem/#rpoingooglefusiontable
Description: RPO in Google Fusion Table.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/omergunal/PoT
Description: Phishing on Twitter.

URL: https://hackertarget.com/tcpdump-examples/
Description: Practical tcpdump examples.

URL: https://github.com/skelsec/pypykatz
Description: Mimikatz implementation in pure Python.

URL: https://github.com/tlkh/prowler
Description: Distributed Network Vulnerability Scanner.

URL: https://github.com/hegusung/AVSignSeek
Description: Tool to determine where the AV signature is located in a binary/payload.

URL: https://github.com/vay3t/pattern
Description: Reimplementation of pattern_create/pattern_offset in Python.

URL: https://github.com/skelsec/minidump
Description: Python library to parse and read Microsoft minidump file format.

URL: https://github.com/avast-tl/retdec
Description: RetDec is a retargetable machine-code decompiler based on LLVM.

URL: https://github.com/islamTaha12/Python-Rootkit
Description: Python Remote Administration Tool (RAT) to gain meterpreter session.

URL: https://github.com/vanhauser-thc/THC-Archive
Description: The Hacker's Choice security research group (a.k.a. hackers) Tools Dump.

URL: https://github.com/archerysec/archerysec
Description: Tool to help developers and pentesters to perform scans and manage vulns.

URL: https://github.com/attify/firmware-analysis-toolkit
Description: Toolkit to emulate firmware and analyse it for security vulnerabilities.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://bit.ly/2HrpwYT (+)
Description: Dell SupportAssist Driver - Local Privilege Escalation.

URL: https://staaldraad.github.io/post/2018-06-03-cve-2018-11235-git-rce/
PoC: https://github.com/Rogdham/CVE-2018-11235 | http://bit.ly/2xUIKqj (+)
Description: git Remote Code Execution (CVE-2018-11235).

URL: https://blahcat.github.io/2018/03/11/fuzzing-arbitrary-functions-in-elf-binaries/
Description: Fuzzing arbitrary functions in ELF binaries.

URL: https://www.serializing.me/2018/06/03/rooting-the-technicolor-7210/
Description: Rooting the Technicolor 7210.

URL: http://bit.ly/2JzKqtY (+)
Description: PowerShell - In-Memory Injection Using CertUtil.exe.

URL: http://gosecure.net/2018/05/15/beware-of-the-magic-spell-part-1-cve-2018-1273/
More: http://gosecure.net/2018/05/17/beware-of-the-magic-spell-part-2-cve-2018-1260/
Description: Beware of the Magic SpEL(L) (CVE-2018-1273 and CVE-2018-1260).

URL: https://github.com/yellowbyte/analysis-of-anti-analysis
Description: Analysis of Anti-Analysis.

URL: https://ownyourbits.com/2018/05/23/the-real-power-of-linux-executables/
Description: The real power of Linux executables.

URL: https://blogs.securiteam.com/index.php/archives/3689
Description: QRadar Remote Command Execution (CVE-2018-1418).

URL: https://nytrosecurity.com/2018/05/30/understanding-java-deserialization/
Description: Understanding Java deserialization.

URL: https://nbulischeck.io/posts/misusing-debugfs-for-in-memory-rce
Description: Misusing debugfs for In-Memory RCE.

URL: http://bigric3.blogspot.pt/2018/05/cve-2018-8120-analysis-and-exploit.html
PoC: https://github.com/bigric3/cve-2018-8120/ | http://bit.ly/2kW0ybi (+)
Description: Windows local privilege escalation - Analysis and Exploit (CVE-2018-8120).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://eklitzke.org/lobotomizing-gnome
Description: Lobotomizing GNOME.

URL: https://wtfutil.com
Description: A personal information dashboard for your terminal.

URL: https://github.com/s-matyukevich/raspberry-pi-os
Description: Learning operating system development using Linux kernel and Raspberry Pi.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 24 | Month: June | Year: 2018 | Release Date: 15/06/2018 | Edition: #226  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://bit.ly/2JFjwl2 (+)
Description: Bypassing Host Header to SQL injection to dumping Database.

URL: https://www.bishopfox.com/blog/2018/06/server-side-spreadsheet-injections/
Description: Server-Side Spreadsheet Injection – Formula Injection to RCE.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/InQuest/omnibus
Description: The OSINT Omnibus.

URL: https://github.com/mbechler/serjs
Blog: https://mbechler.github.io/2018/05/21/Java-CVE-2018-2800/
Description: A Java serializer in JavaScript (CVE-2018-2800).

URL: https://github.com/deroko/SPPLUAObjectUacBypass
Description: UAC Bypass via SPPLUAObject Class.

URL: http://rift.stacktitan.com/debug-survival-the-compiled-dll/
Description: Debug a Compiled DLL.

URL: https://gist.github.com/ricardojba/ecdfe30dadbdab6c514a530bc5d51ef6
Description: A Windows hardening script.

URL: https://github.com/JiounDai/Bluedroid
Description: PoCs of Vulnerabilities on Bluedroid.

URL: https://github.com/RhinoSecurityLabs/SleuthQL
Description: Burp History parsing tool to discover potential SQL injection points.

URL: https://github.com/trimstray/multitor
Descripion: A tool that lets you create multiple TOR instances with a load-balancing.

URL: https://github.com/snyk/zip-slip-vulnerability
Description: Zip Slip Vulnerability (Arbitrary file write through archive extraction).

URL: https://github.com/evilmog/ntlmv1-multi
Description: Tool to modify NTLMv1/NTLMv1-ESS/MSCHAPv2 hashes to be cracked by hashcat.

URL: http://bit.ly/2JT6dNe (+)
Description: Executing Meterpreter in Memory on Windows 10 and Bypassing AntiVirus.

URL: https://github.com/EdOverflow/can-i-take-over-xyz
Description: List of services and how to claim (sub)domains w/ dangling DNS records.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://blog.umangis.me/persistent-r-w-on-ios-11-2-6/
PoC: https://github.com/pwn20wndstuff/iOS-Apfs-Persistence-Exploit
Description: Persistent R/W on iOS 11.2.6+.

URL: https://wojciechregula.blog/your-encrypted-photos-in-macos-cache/
Description: Your encrypted photos revealed in macOS cache.

URL: https://blog.ret2.io/2018/06/05/pwn2own-2018-exploit-development/
Description: A Methodical Approach to Browser Exploitation.

URL: https://blog.ripstech.com/2018/moodle-remote-code-execution/
Description: Evil Teacher - Code Injection in Moodle.

URL: https://intoli.com/blog/not-possible-to-block-chrome-headless/
Description: It is *not* possible to detect and block Chrome headless.

URL: http://bit.ly/2JOjXp8 (+)
Description: Bypassing Content-Security-Policy with DNS prefetching.

URL: https://neopg.io/blog/enigmail-signature-spoof/
Description: SigSpoof 2 - More ways to spoof signatures in GnuPG (CVE-2018-12019).

URL: https://github.com/Nhoya/MycroftAI-RCE
Description: "Zero Click" Remote Code Execution in Mycroft AI vocal assistant.

URL: https://blog.spaceduck.io/siaberry-1/
Description: Siaberry's Command Injection Vulnerability.

URL: https://github.com/gdedrouas/Exchange-AD-Privesc
Description: Exchange privilege escalations to Active Directory.

URL: http://bit.ly/2JQFTTP (+)
Description: A Public Disclosure of Issues Around Third Party Code Signing Checks.

URL: http://bit.ly/2JAq4l3 (+)
Description: Electron Windows Protocol Handler MITM/RCE (bypass for CVE-2018-1000006).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://undercurrents.io/
Description: Undercurrents BBS.

URL: https://bernsteinbear.com/blog/how-to-mess-with-your-roommate/
Description: How to mess with your roommate.

URL: https://jamchamb.github.io/2018/06/09/animal-crossing-developer-mode.html
Description: Reverse engineering Animal Crossing's developer mode.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 25 | Month: June | Year: 2018 | Release Date: 22/06/2018 | Edition: #227  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://sekurak.pl/xss-w-google-colaboratory-obejscie-content-security-policy/
Description: XSS in Google Colaboratory + workaround Content-Security-Policy.

URL: http://bit.ly/2yFRocH (+)
Description: Using a GitHub app to escalate to an organization owner for $10k bounty.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/allfro/BurpKit
Description: Next-gen BurpSuite penetration testing tool.

URL: https://github.com/ssl/ezXSS
Description: ezXSS is an easy way to test (blind) XSS.

URL: https://github.com/jordanpotti/CloudScraper
Description: Tool to enumerate targets in search of cloud resources.

URL: https://github.com/bontchev/pcodedmp
Description: A VBA p-code disassembler.

URL: https://github.com/Busindre/dumpzilla
Description: Extract all interesting information of Firefox/Iceweasel/Seamonkey.

URL: https://github.com/brightiup/research/tree/master/macOS/CVE-2018-4242
Related: http://bit.ly/2KbbnUV (+)
Description: Look at The XNU Through A Tube CVE-2018-4242 Write-up.

URL: https://github.com/skelsec/minikerberos
Description: Kerberos manipulation library in pure Python.

URL: https://github.com/sxcurity/theftfuzzer
Description: Tool that fuzzes CORS implementations for common misconfigurations.

URL: https://github.com/v1s1t0r1sh3r3/airgeddon
Description: Multi-use bash script for Linux systems to audit wireless networks.

URL: https://github.com/HexHive/T-Fuzz
Description: Fuzzing tool based on program transformation.

URL: https://github.com/Cybereason/Invoke-WMILM
Description: Script for various methods to acheive authenticated RCE via WMI.

URL: https://github.com/toniblyx/prowler
Description: AWS Security Best Practices Assessment.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://10degres.net/testing-flash-swf/
Description: Find vulnerabilities in Flash SWF.

URL: https://codewhitesec.blogspot.com/2018/06/cve-2018-0624.html
PoC: https://github.com/realsanjay/UnmarshalPwn
Description: Marshalling to SYSTEM - An analysis of CVE-2018-0824.

URL: https://www.sxcurity.pro/advanced-cors-techniques/
Description: Advanced CORS Exploitation Techniques.

URL: https://medium.com/secjuice/waf-evasion-techniques-718026d693d8
More: http://bit.ly/2MX1hJm (+)
Description: Web Application Firewall (WAF) Evasion Techniques.

URL: https://payatu.com/guide-linux-privilege-escalation/
Description: A guide to Linux Privilege Escalation.

URL: https://blog.sigmaprime.io/solidity-security.html
Description: Solidity Security - Comprehensive list of known attack vectors.

URL: https://blog.vulnspy.com/2018/06/21/phpMyAdmin-4-8-x-Authorited-CLI-to-RCE/
More: http://bit.ly/2MEYccl (+)
Description: phpMyAdmin 4.8.x LFI to RCE (Authorization Required).

URL: http://bit.ly/2MJqvHL (+)
Description: Creating signed and customized backdoored macOS applications.

URL: http://bit.ly/2tgPERM (+)
Description: A Story of UXSS via DOM-XSS & Clickjacking in Steam Inventory Helper.

URL: https://www.tarlogic.com/en/blog/red-team-tales-0x01/
Description: Red Team Tales 0x01 - From MSSQL to RCE.

URL: https://www.sec-1.com/blog/2017/office365-activesync-username-enumeration
PoC: https://bitbucket.org/grimhacker/office365userenum
Description: Office365 ActiveSync Username Enumeration.

URL: http://bit.ly/2KacLqQ (+)
Description: Lateral Movement Using internetexplorer.Application Object (COM).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/google/gif-for-cli
Description: GIF for CLI.

URL: https://github.com/rby90/Project-Based-Tutorials-in-C
Description: A curated list of project-based tutorials in C.

URL: https://github.com/008karan/Face-recognition/tree/master
Description: Face recognition and its application as attendance system.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 26 | Month: June | Year: 2018 | Release Date: 29/06/2018 | Edition: #228  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://bit.ly/2MxC5V9 (+)
Description: Unrestricted File Upload at Apple.com.

URL: https://finnwea.com/blog/stealing-passwords-from-mcdonalds-users/
Description: Stealing passwords from McDonald's users.

URL: https://blog.bentkowski.info/2018/06/setting-arbitrary-request-headers-in.html
Description: Setting arbitrary request headers in Chromium via CRLF injection.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/orangetw/tsh
Description: Tiny SHell is an open-source UNIX backdoor.

URL: https://0xpatrik.com/subdomain-takeover-starbucks/
Description: Subdomain Takeover - Starbucks points to Azure.

URL: https://github.com/xfernando/go2seccomp
Description: Generate seccomp profiles from go binaries.

URL: https://github.com/nccgroup/Scout2
Description: Security auditing tool for AWS environments.

URL: http://mattwarren.org/2018/06/15/Tools-for-Exploring-.NET-Internals/
Description: Tools for Exploring .NET Internals (Dump).

URL: https://github.com/peterjaric/archaeologit
Description: Archaeologit scans the history of a user's GitHub repositories.

URL: https://github.com/johnnyxmas/ScanCannon
Description: Combines the speed of masscan with the reliability of nmap.

URL: https://blog.netspi.com/databases-and-clouds-sql-server-as-a-c2/
Description: Databases and Clouds - SQL Server as a C2.

URL: https://github.com/rrrfff/AndHook
Description: AndHook is a lightweight hook framework for android.

URL: http://agarri.fr/docs/ipobf.py
Related: https://github.com/vysec/IPFuscator
Description: Tool to automatically generate alternative IP representations.

URL: https://github.com/milo2012/CVE-2018-0296
Description: Tool to extract usernames from vulnerable Cisco ASA (CVE-2018-0296).

URL: https://github.com/0x4D31/salt-scanner
Description: Linux vulnerability scanner based on Salt Open and Vulners audit API.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://bit.ly/2KgbW0I (+)
PoC: https://github.com/brannondorsey/dns-rebind-toolkit
Description: Attacking Private Networks from the Internet with DNS Rebinding.

URL: http://bit.ly/2yyota8 (+)
Description: Practical DMA attack on Windows 10.

URL: http://bit.ly/2N7QCrJ (+)
Description: Reverse Shell from an OpenVPN Configuration File.

URL: https://latacora.singles/2018/06/21/loud-subshells.html
Description: Loud subshells.

URL: https://www.codewatch.org/blog/?p=453
Description: PRTG < 18.2.39 Command Injection Vulnerability (CVE-2018-9276).

URL: http://bit.ly/2tCi7BH (+)
Description: Attacking Deserialization in JS.

URL: https://alephsecurity.com/2018/06/26/spectre-browser-query-cache/
Description: Overcoming (some) Spectre browser mitigations.

URL: http://bit.ly/2KhAN4f (+)
Description: Using filepickers to escape sandboxes.

URL: https://stek29.rocks/2018/06/26/nvram.html
Description: iOS nvram primer.

URL: https://modexp.wordpress.com/2018/06/08/stop-event-logger/
Description: Stopping the Event Logger via Service Control Handler.

URL: https://medium.com/0xcc/bypass-macos-rootless-by-sandboxing-5e24cca744be
PoC: https://github.com/ChiChou/10.13.5-sip-bypass
Description: Bypass macOS rootless by sandboxing.

URL: https://srcincite.io/blog/2018/05/21/adobe-me-and-a-double-free.html
Description: Adobe, Me and a Double Free :: Analyzing the CVE-2018-4990 Exploit.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/galaxyhaxz/devilution
Description: Diablo devolved - magic behind the 1996 computer game.

URL: https://github.com/crmulliner/usbnetstore
Blog: https://www.mulliner.org/blog/blosxom.cgi/hardware/usbnetstore.html
Description: USB Mass Storage with Network Access.

URL: http://bit.ly/2Kup8ec (+)
Description: Windows Command-Line - The Evolution of the Windows Command-Line.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 27 | Month: July | Year: 2018 | Release Date: 06/07/2018 | Edition: #229  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://bit.ly/2KQdVoE (+)
Description: Bypassing Web-Application Firewalls by abusing SSL/TLS.

URL: http://bit.ly/2tXqWX4 (+)
Description: The 12$k Intersection between Clickjacking, XSS, and Denial of Service.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/mwrlabs/dref
Description: DNS Rebinding Exploitation Framework.

URL: https://github.com/gpoguy/GetVulnerableGPO
Blog: http://bit.ly/2NpMBz8 (+)
Description: PowerShell script to find 'vulnerable' security-related GPOs.

URL: https://github.com/flipkart-incubator/watchdog
Description: A Comprehensive Security Scanning and a Vulnerability Management Tool.

URL: https://github.com/smiegles/mass3
Description: Quickly enumerate through a pre-compiled list of AWS S3 buckets via DNS.

URL: https://github.com/DominicBreuker/pspy
Description: Monitor linux processes without root permissions.

URL: https://github.com/V-E-O/PoC/tree/master/CVE-2018-9341
Description: Heap Buffer OOB Write - Android libmpeg2 (CVE-2018-9341).

URL: https://gitlab.com/0x4ndr3/blog/tree/master/JSgen
Blog: https://pentesterslife.blog/2018/06/28/jsgen/
Description: Bind and reverse shell JS code generator for SSJI in Node.js.

URL: https://github.com/phoenhex/files/tree/master/exploits/ios-11.3.1
Description: Safari exploit for iPhone 8, iOS 11.3.1 (CVE-2018-4233/CVE-2018-4243).

URL: https://github.com/p3nt4/Invoke-TmpDavFS
Description: In Memory Powershell WebDav Server.

URL: https://github.com/glennzw/koekiemonster
Description: Load cookies from FireFox, to be used by Requests etc.

URL: https://github.com/vmware/burp-rest-api/
Description: REST/JSON API to the Burp Suite security tool.

URL: https://hansesecure.de/backdooring-pe-file-with-aslr/
Description: Backdooring PE-File (with ASLR).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://alter-attack.net/
Description: Breaking LTE on Layer Two.

URL: https://lucasg.github.io/2017/06/07/listing-known-dlls/
Description: Listing KnownDlls.

URL: http://bit.ly/2tXrs7s (+)
Description: Abusing SeLoadDriverPrivilege for privilege escalation.

URL: http://bit.ly/2tYVsjf (+)
Description: Attacking Machine Learning Detectors - the state of the art review.

URL: https://www.wst.space/ssl-part1-ciphersuite-hashing-encryption/
More: http://bit.ly/2MS2oWy (+) | http://bit.ly/2KPEsFG (+)
Description: SSL/TLS for dummies.

URL: https://www.jeremydaly.com/event-injection-a-new-serverless-attack-vector/
Description: Event Injection - A New Serverless Attack Vector.

URL: http://nullprogram.com/blog/2018/06/23/
Description: Intercepting and Emulating Linux System Calls with Ptrace.

URL: https://www.shelliscoming.com/2018/06/windows-reuse-shellcode-based-on.html
Description: Windows reuse shellcode based on socket's lifetime.

URL: http://bit.ly/2zd0Ap7 (+)
Description: This popular Facebook app publicly exposed your data for years.

URL: https://rampageattack.com/
Description: Vulns in modern phones enable unauthorized access (CVE-2018-9442).

URL: https://landlock.io/
Description: Stackable Linux Security Module (LSM) to create security sandboxes. 

URL: http://bit.ly/2tKjNs3 (+)
More: http://bit.ly/2Nnrv7A (+)
Description: Abusing the COM Registry Structure (CLSID,LocalServer32&InprocServer32).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/LoranKloeze/WhatsAllApp
Description: Collecting huge amounts of data with WhatsApp.

URL: http://natashenka.ca/reversing-my-tamagotchi-forever-evolution/
Description: Reversing My Tamagotchi Forever Evolution.

URL: http://bit.ly/2zd35I1 (+)
Description: Getting the router shell using UART interface and bus pirate.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 28 | Month: July | Year: 2018 | Release Date: 13/07/2018 | Edition: #230  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://bit.ly/2L1rTYd (+)
Description: Latex to RCE, Private Bug Bounty Program.

URL: http://bit.ly/2JgS3RR (+)
Description: How to trick CSP in letting you run whatever you want.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/wzw19890321/Exploits/tree/master/CVE-2018-4192
Related: https://blog.ret2.io/2018/07/11/pwn2own-2018-jsc-exploit/
Description: Apple Safari WebKit code execution (CVE-2018-4192).

URL: https://github.com/iGio90/frick
Description: Frida cli for RE inspired by the epic GDB init gef.

URL: https://github.com/reblaze/sshpki
Description: SSH PKI management tool with yubikey support.

URL: https://github.com/francisck/DanderSpritz_lab
Description: A fully functional DanderSpritz lab in 2 commands.

URL: https://github.com/necst/crave
Description: Test and explore the capabilities of generic AV engines.

URL: https://x-c3ll.github.io/posts/Frida-Pwn-Adventure-3/
Description: Hacking a game to learn FRIDA basics.

URL: https://github.com/Nekmo/dirhunt
Description: Find web directories without bruteforce.

URL: https://github.com/Raz0r/aemscan
Description: Adobe Experience Manager Vulnerability Scanner.

URL: https://github.com/yahoo/yfuzz
Description: A project to run fuzzing jobs at scale with Kubernetes.

URL: https://github.com/FiloSottile/mkcert
Blog: https://blog.filippo.io/mkcert-valid-https-certificates-for-localhost/
Description: Zero-config tool to make locally-trusted development certificates.

URL: https://github.com/sense-of-security/ADRecon
Description: ADRecon is a tool which gathers information about the Active Directory.

URL: http://bit.ly/2N7w8P8 (+)
Description: How to Secure Nginx with NAXSI Firewall on Ubuntu 16.04.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://bit.ly/2mfSKBI (+)
Description: Dissecting modern browser exploit - case study of CVE-2018–8174.

URL: https://www.forcepoint.com/blog/security-labs/analyzing-webassembly-binaries
Description: Analyzing WebAssembly binaries.

URL: https://dyn.com/blog/shutting-down-the-bgp-hijack-factory/
Description: Shutting down the BGP Hijack Factory.

URL: http://bit.ly/2mfL1mZ (+)
Description: A Tale of Two Mallocs - On Android libc Allocators.

URL: https://rootkits.xyz/blog/2017/06/kernel-setting-up/
Description: Windows Kernel Exploitation Tutorial Series.

URL: https://blog.netspi.com/bypass-sql-logon-triggers/
Description: Bypassing SQL Server Logon Trigger Restrictions.

URL: https://0xpatrik.com/phishing-domains/
Description: Finding Phishing - Tools and Techniques.

URL: https://objective-see.com/blog/blog_0x34.html
Description: A Remote iOS Bug (CVE-2018-4290).

URL: http://bazad.github.io/2018/07/xpc-string-leak/
PoC: https://github.com/bazad/xpc-string-leak
Description: Reading process memory using XPC strings (CVE-2018-4248).

URL: https://www.fastly.com/blog/hijacking-control-flow-webassembly-program
Description: Hijacking the control flow of a WebAssembly program.

URL: http://bit.ly/2KQK83a (+)
Description: Easy Hosting Control Panel - SQLi & Multiple XSS Vulnerabilities.

URL: https://nahamsec.com/chaining-multiple-vulnerabilities-to-gain-admin-access/
Description: Chaining Multiple Vulnerabilities to Gain Admin Access.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/rhysd/vim.wasm
Description: Vim editor ported to WebAssembly.

URL: http://craftinginterpreters.com/
Description: A handbook for making programming languages.

URL: http://bit.ly/2NLEwF3 (+)
Description: Reading hotel key cards with a credit card magstripe reader.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 29 | Month: July | Year: 2018 | Release Date: 20/07/2018 | Edition: #231  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://bit.ly/2uC7Yp4 (+)
Description: Gsuite Hangouts Chat 5k IDOR.

URL: https://haiderm.com/how-i-was-able-to-delete-13k-microsoft-translator-projects/
Description: How I was able to delete 13k+ Microsoft Translator projects.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/CERTCC/keyfinder
Description: A tool for analyzing private (and public) key files.

URL: https://github.com/thelinuxchoice/instashell
Description: Instagram Brute Forcer without password limit.

URL: https://github.com/strukt93/exploits/blob/master/CVE-2018-1000094.py
More: http://dev.cmsmadesimple.org/bug/view/11741
Description: CMS Made Simple 2.2.5 Authenticated RCE (CVE-2018-1000094).

URL: https://github.com/airbus-seclab/cpu_rec
Description: Recognize CPU instructions in an arbitrary binary file.

URL: https://github.com/zricethezav/gitleaks
Description: Searches full repo history for secrets and keys.

URL: https://scund00r.com/all/rfid/tutorial/2018/07/12/rfid-theif-v2.html
Description: RFID Thief v2.0.

URL: https://github.com/initiate6/ZOHO-Vault-d3crypt3r
Blog: https://init6.me/zoho-story-of-where-not-to-store-keys/
Description: Tool to Decrypt passwords that were encrypted by ZOHO Vault.

URL: https://github.com/ThoughtfulDev/EagleEye
Description: Find your friends using Image Recognition and Reverse Image Search.

URL: https://github.com/SySS-Research/Seth
Description: Tool to MitM and extract clear text credentials from RDP connections.

URL: https://github.com/si9int/cc.py
Description: Extracting URLs of a specific target using results of "commoncrawl.org".

URL: https://github.com/davehardy20/PoSHBypass
Description: PoSHBypass is a PoC to bypass PS Constrianed Language Mode, AMSI and more.

URL: https://github.com/qqwaszx/blackowl
Description: Blackowl's a simple tool to gather information, based on Operative-Framework.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://www.anitian.com/blog/owning-saml/
Description: Exploiting a SAML Implementation.

URL: http://bit.ly/2LtgXPX (+)
Description: Blind XSS Stored on Telegram app (iOS) via html file.

URL: https://www.endgame.com/blog/technical-blog/hunting-memory-net-attacks
Description: Hunting For In-Memory .NET Attacks.

URL: https://posts.specterops.io/shelling-apache-felix-with-java-bundles-2450d3a099a
Description: Shelling Apache Felix With Java Bundles

URL: http://bit.ly/2O21CYc (+)
Description: Local root jailbreak via network file sharing in all ADB Broadband Gateways.

URL: http://www.mohamedharon.com/2018/01/practical-jsonp-injection.html
Description: Practical JSONP Injection.

URL: https://nytrosecurity.com/2018/02/26/hooking-chromes-ssl-functions/
Description: Hooking Chrome’s SSL functions.

URL: http://bit.ly/2LxaXFU (+)
Description: Passing-the-Hash to NTLM Authenticated Web Applications

URL: https://www.peckshield.com/2018/07/12/tradeRifle/
Description: The tradeRifle Vuln Identified in LBank Mobile Service (CVE-2018-13363).

URL: http://bit.ly/2O5x7k2 (+)
Description: Google Chrome pdfium shading drawing integer overflow to RCE (CVE-2018-6120).

URL: https://www.ambionics.io/blog/prestashop-privilege-escalation
Description: PrestaShop 1.6.x Privilege Escalation (CVE-2018-13784).

URL: https://j00ru.vexillium.org/2018/07/exploiting-a-windows-10-pagedpool-off-by-one/
PoC: https://gist.github.com/j00ru/2347cf937366e61598d1140c31262b18
Description: Exploiting a Windows 10 PagedPool off-by-one overflow (WCTF 2018).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://jamie.build/how-to-build-an-npm-worm
Related: http://bit.ly/2O4kFkz (+) | http://bit.ly/2L5fgw1 (+)
Description: How to build an npm worm.

URL: https://github.com/reactos/reactos
Description: A free Windows-compatible Operating System.

URL: https://iandouglasscott.com/2018/07/04/canon-dslr-bluetooth-remote-protocol/
Description: Canon DSLR Bluetooth Remote Protocol.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
###  Week: 30 | Month: July | Year: 2018 | Release Date: 27/07/2018 | Edition: #232  ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://medium.com/@d0nut/exfiltration-via-css-injection-4e999f63097d
Description: Exfiltration via CSS Injection.

URL: http://bit.ly/2mL4nAZ (+)
Description: Forging OAuth tokens using discovered client id and client secret.

URL: https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/
Description: Into the Borg – SSRF inside Google production network.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/potmdehex/multipath_kfree
Description: Low effort jb for iOS 11.3.1.

URL: http://bit.ly/2OgSvmB (+)
Description: Running system commands through Nvidia signed binaries.

URL: https://github.com/externalist/exploit_playground
Description: Analysis of public exploits or my 1day exploits (Dump).

URL: https://github.com/ElevenPaths/ibombshell
Description: ibombshell - Dynamic Remote Shell (PowerShell).

URL: https://github.com/kevingosse/windbg-extensions
Description: Extensions for the new WinDbg.

URL: https://hackerone.com/reports/334488
Description: Blind XXE via Powerpoint files.

URL: https://github.com/trimstray/htrace.sh
Description: Simple shell script to debugging http/https traffic tracing.

URL: https://github.com/quentinhardy/scriptsAndExploits
Description: Oracle WebLogic Java Deserialization RCE (CVE-2017-3248).

URL: https://github.com/GhostPack/
Blog: http://www.harmj0y.net/blog/redteaming/ghostpack/
Description: A collection of security related toolsets.

URL: http://bit.ly/2LDtSSN (+)
Description: Reverse Engineering the XignCode Anti-Cheat Library.

URL: https://github.com/saucelabs/isign
Description: Code sign iOS applications, without proprietary Apple software or hardware.

URL: https://github.com/s0md3v/Photon
Description: Fast crawler which extracts urls, emails, files, website accounts and more.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://blog.sevagas.com/?Advanced-USB-key-phishing
Description: Advanced USB key phishing.

URL: http://deniable.org/reversing/binary-instrumentation
Description: Dynamic Binary Instrumentation Primer.

URL: https://blog.jse.li/posts/marveloptics-malware/
Description: Reversing JS Malware From marveloptics.com.

URL: https://medium.com/@jonathanbouman/persistent-xss-at-ah-nl-198fe7b4c781
Description: Persistent XSS at AH.nl

URL: https://codecat.nl/2018/05/reverse-engineering-and-exploiting-a-game-trainer/
Description: Reverse engineering and "exploiting" a game trainer.

URL: http://bit.ly/2LqhndN (+)
Description: Hidden caches in macOS - Where your private data gets stored.

URL: https://blog.doyensec.com/2018/07/19/instrumenting-electron-app.html
Description: Instrumenting Electron Apps for Security Testing.

URL: https://arp242.net/weblog/yaml_probably_not_so_great_after_all.html
Description: YAML - Probably not so great after all.

URL: http://obtruse.syfrtext.com/2018/07/oracle-privilege-escalation-via.html
Description: Oracle Privilege Escalation via Deserialization (CVE-2018-3004).

URL: https://modexp.wordpress.com/2018/07/12/process-injection-writing-payload/
Description: Process Injection - Writing the payload.

URL: https://neonsea.uk/blog/2018/07/21/tmp-to-rce.html
Description: From writing to /tmp to a root shell on Inteno IOPSYS (CVE-2018-14533).

URL: http://asintsov.blogspot.com/2018/07/cisco-webex-teams-remote-code-execution.html
Description: Cisco Webex Teams Remote Code Execution Vulnerability (CVE-2018-0387).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://manpages.bsd.lv/history.html
Description: History of UNIX Manpages.

URL: https://github.com/coreos/fero
Description: YubiHSM2-backed signing server.

URL: http://wouter.coekaerts.be/2018/java-type-system-broken
Description: The Java type system is broken.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 31 | Month: August | Year: 2018 | Release Date: 03/08/2018 | Edition: #233 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://blog.bentkowski.info/2018/07/vulnerability-in-hangouts-chat-aka-how.html
Description: Issue in Hangouts Chat - How Electron makes open redirect great again.

URL: https://medium.com/@tomnomnom/crlf-injection-into-phps-curl-options-e2e0d7cfe545
Description: CRLF Injection Into PHP’s cURL Options.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/dienuet/crossdomain
Description: Checking for CORS misconfiguration.

URL: https://github.com/Netflix-Skunkworks/diffy
Blog: http://bit.ly/2O2Iw3C (+)
Description: Diffy is a triage tool used during cloud-centric security incidents.

URL: https://github.com/colental/byob
Description: BYOB (Build Your Own Botnet).

URL: https://github.com/secana/PeNet
Description: Portable Executable (PE) library written in .Net.

URL: http://bit.ly/2AGDeZs (+)
Description: Notes on Windows Privilege Escalation.

URL: https://github.com/e3prom/bst
Description: Binary String Toolkit (BST) - Exploit development helper. 

URL: https://github.com/1N3/Findsploit
Description: Find exploits in local and online databases instantly.

URL: https://gitlab.com/expliot_framework/expliot
Description: Expliot - Internet of Things Exploitation framework.

URL: https://github.com/elevenpaths/neto
Description: A Toolkit for Analysing Browser Plugins.

URL: https://github.com/Kevin-Robertson/Powermad
Description: PowerShell MachineAccountQuota and DNS exploit tools.

URL: https://github.com/evyatarmeged/Raccoon
Description: Tool for reconnaissance and vulnerability scanning.

URL: https://github.com/malcomvetter/ManagedInjection
PoC: https://medium.com/@malcomvetter/net-process-injection-1a1af00359bc
Description: Dynamically loading .NET assemblies at runtime (.NET Process Injection).


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://bit.ly/2JUBHU1 (+)
Description: Reverse Engineering APIs - Coffee Meets Bagel.

URL: https://asaf.me/2018/07/23/attacking-the-attackers/
Description: Attacking the attackers.

URL: http://bit.ly/2KmNOV4 (+)
Related: http://www.cs.technion.ac.il/~biham/BT/
Description: Bluetooth Hacking - Cheating in Elliptic Curve Billiards.

URL: http://bit.ly/2MdGmxp (+)
Description: Exploitation of SSTI with Craft CMS plugin SEOmatic (CVE-2018-14716).

URL: https://medium.com/@Wflki/exploiting-electron-rce-in-exodus-wallet-d9e6db13c374
Related: http://kazu1130-h.hatenablog.jp/entry/2018/01/26/223022 (CVE-2018-1000006)
Description: Exploiting Electron RCE in Exodus wallet. 

URL: http://liberty-shell.com/sec/2018/07/28/netshlep/
Description: Netsh DLL Helpers - Hack the Helpers.

URL: http://bit.ly/2AAIPAE (+)
Description: Making a Blind SQL Injection a Little Less Blind.

URL: http://bit.ly/2OEFCmE (+)
Description: From e-mail to NTLM hashes with Microsoft Outlook.

URL: https://movaxbx.ru/2018/07/16/bypass-data-execution-protection-dep/
Description: Bypass Data Execution Protection (DEP).

URL: https://blog.xpnsec.com/hevd-null-pointer/
Description: Exploiting Windows 10 Kernel Drivers - NULL Pointer Dereference.

URL: http://bit.ly/2v9IbFk (+)
Description: Detecting CMSTP-Enabled Code Execution and UAC Bypass With Sysmon.

URL: https://github.com/shieldfy/API-Security-Checklist
Description: Security countermeasures when designing, testing, and releasing your API.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://ntcore.com/?p=488
Description: The decay of the IT industry.

URL: https://brewpress.beer/
Description: A WordPress plugin that brews beer.

URL: https://github.com/m4tx/uefi-jitfuck
Description: A JIT compiler for Brainfuck running on x86_64 UEFI.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 32 | Month: August | Year: 2018 | Release Date: 10/08/2018 | Edition: #234 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://hackerone.com/reports/260697
Description: Web Cache Deception bug in Discourse.

URL: http://bit.ly/2vvsgBc (+)
Description: How I gained commit access to Homebrew in 30 minutes.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/its-a-feature/Apfell
Description: A macOS, post-exploit, red teaming framework.

URL: https://github.com/owtf/owtf
Description: Offensive Web Testing Framework (OWTF).

URL: https://github.com/nfc-tools/mfcuk
Description: MiFare Classic Universal toolKit (MFCUK).

URL: https://github.com/tihmstar/jelbrekTime
Description: An almost complete developer jailbreak for Apple watch S3 watchOS 4.1.

URL: https://github.com/sensepost/apostille
Description: Tool to clone one or more X509 certificate (chain)s.

URL: http://10degres.net/colorize-your-hunt/
Description: Colorize your hunt - Bug Bounties Tips&Tricks.

URL: https://github.com/samyk/frisky
Description: Tool to assist in binary application reversing and augmentation.

URL: https://github.com/JusticeRage/FFM
Description: Freedom Fighting Mode - Open source hacking harness.

URL: https://medium.com/@adam.toscher/new-attack-on-wpa-wpa2-using-pmkid-96c3119f7f99
More: http://bit.ly/2B71EvN (+) | http://bit.ly/2nog1Ss (+)
Description: New attack on WPA/WPA2 using PMKID.

URL: https://github.com/UKHomeOffice/repo-security-scanner
Description: CLI tool that finds secrets accidentally committed to a git repo.

URL: https://github.com/ionescu007/r0ak
Description: A CLI Utility To Read/Write/Execute Ring Zero on for Windows 10 Systems.

URL: https://labs.mwrinfosecurity.com/blog/repacking-and-resigning-ios-applications/
Description: A Guide to Repacking iOS Applications.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://bit.ly/2vyB2NU (+)
Description: CVE-2017-2446 or JSC::JSGlobalObject::isHavingABadTime.

URL: http://bit.ly/2OWNkbW (+)
Description: Sending out phishing e-mails from @microsoft.com.

URL: https://tpx.mx/blog/2018/google-pay-replay-attack.html
Description: Google Pay-Replay attack.

URL: http://bit.ly/2AYffFu (+)
Description: "Evil Maid" Firmware Attacks Using USB Debug.

URL: https://noncombatant.org/application-principals/
Description: Isolating Application-Defined Principals.

URL: https://edoverflow.com/2018/logic-flaws-in-wot-services
Description: An analysis of logic flaws in web-of-trust services.

URL: https://grimhacker.com/2018/03/09/just-a-printer/
Description: It's just a printer... What's the worst that could happen?

URL: https://neonsea.uk/blog/2018/08/01/hikvision-keygen.html
Description: Creating a key generator to reset a Hikvision IP camera's admin password.

URL: http://bit.ly/2OWtGwK (+)
Related: http://bit.ly/2vVOVpC (+)
Description: Save Your Cloud - Gain Root Access to VMs in OpenNebula 4.6.1.

URL: https://vztekoverflow.com/2018/07/31/tbal-dpapi-backdoor/
Description: TBAL - an (accidental?) DPAPI Backdoor for local users.

URL: https://manishearth.github.io/blog/2018/02/15/picking-apart-the-crashing-ios-string/
Related: https://openradar.appspot.com/radar?id=4987859723354112
Description: Picking Apart the Crashing iOS String.

URL: http://blogs.360.cn/blog/eos-asset-multiplication-integer-overflow-vulnerability/
Description: EOS Asset Multiplication Integer Overflow Vulnerability.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://regexcrossword.com/
Description: Regex Cross­word.

URL: https://www.masswerk.at/nowgobang/2018/anatomy-of-an-rng
Description: Anatomy of a Random Number Generator.

URL: http://matthewearl.github.io/2018/06/28/smb-level-extractor/
Related: https://gist.github.com/1wErt3r/4048722
Description: Extracting Super Mario Bros levels with Python.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 33 | Month: August | Year: 2018 | Release Date: 17/08/2018 | Edition: #235 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://portswigger.net/blog/practical-web-cache-poisoning
Description: Practical Web Cache Poisoning.

URL: http://blog.orange.tw/2018/08/how-i-chained-4-bugs-features-into-rce-on-amazon.html
Description: How I Chained 4 Bugs(Features?) into RCE on Amazon Collaboration System.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://bit.ly/2MkBTgE (+)
Description: Disabling OkHttp’s SSL Pinning on Android Apps.

URL: https://ohpe.github.io/juicy-potato/
Description: Juicy Potato (abusing the golden privileges).

URL: https://github.com/trimstray/sslmerge
Description: Tool to help you build a valid SSL certificate chain.

URL: https://github.com/Pepelux/sippts
Description: Set of tools to audit SIP based VoIP Systems.

URL: https://github.com/didi/kemon
Description: Callback-Based (Pre/Post) Framework for macOS Kernel Monitoring.

URL: https://github.com/3gstudent/Eventlogedit-evtx--Evolution
Description: Remove individual lines from Windows XML Event Log (EVTX) files.

URL: https://github.com/gyoisamurai/GyoiThon
Description: GyoiThon is a growing penetration test tool using Machine Learning.

URL: http://www.pwncode.club/2018/08/macro-used-to-spoof-parent-process.html
Description: Macro used to spoof the Parent Process.

URL: https://github.com/avatartwo/avatar2
Description: Framework with focus on dynamic analysis of embedded devices' firmware!

URL: https://github.com/Souhardya/UBoat
Description: HTTP Botnet designed to replicate a full weaponised commercial botnet.

URL: https://github.com/nccgroup/BLESuite
Description: Tool that provides an easier way to test Bluetooth Low Energy (BLE) device.

URL: https://cofense.com/abusing-microsoft-windows-utilities-deliver-malware-fun-profit/
Description: Abusing Microsoft Windows Utilities to Deliver Malware for Fun and Profit.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://blog.fox-it.com/2018/08/14/phishing-ask-and-ye-shall-receive/
Description: Phishing – Ask and ye shall receive.

URL: http://bit.ly/2MpV8of (+)
Description: Rooting your Router ZTE F670E by abusing an old Samba.

URL: https://hackerone.com/reports/386807
Description: Account takeover due to blind MongoDB injection in password reset.

URL: https://blog.trailofbits.com/2018/08/14/fault-analysis-on-rsa-signing/
Description: Fault Analysis on RSA Signing.

URL: http://bit.ly/2Mhs0QG (+)
Description: Kotlin and Java - How Hackers See Your Code.

URL: http://bit.ly/2Mx7cnB (+)
Description: Voicemail Vandalism - Getting RCE on Microsoft Exchange Server.

URL: https://rayanfam.com/topics/inside-windows-page-frame-number-part1/
More: https://rayanfam.com/topics/inside-windows-page-frame-number-part2/
Description: Inside Windows Page Frame Number (PFN).

URL: https://pequalsnp-team.github.io/writeups/analisys_telegram_passport
Description: Padding Oracle attack against Telegram Passport.

URL: https://foreshadowattack.eu
Description: Breaking the Vir. Memory Abstraction with Transient Out-of-Order Execution.

URL: https://bohops.com/2018/08/04/capturing-netntlm-hashes-with-office-dot-xml-documents/
Description: Capturing NetNTLM Hashes with Office [DOT] XML Documents.

URL: http://bit.ly/2KYQngG (+)
Description: Bypass in Microsoft ADFS Multi-Factor Authentication protocol (CVE-2018-8340).

URL: http://bit.ly/2Mg11oJ (+)
PoC: https://github.com/IOActive/AOSP-ExploitUserDictionary
Description: Discovering/Exploiting a Vuln. in Android’s Personal Dictionary (CVE-2018-9375).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://shkspr.mobi/blog/2018/08/twitters-secret-guest-mode/
Description: Twitter's Secret "Guest Mode".

URL: https://github.com/asingh33/CNNGestureRecognizer
Description: Gesture recognition via CNN. Implemented in Keras + Theano + OpenCV.

URL: https://jumpespjump.blogspot.com/2018/08/how-to-build-burner-device-for-def-con.html
Description: How to build a "burner device" for DEFCON in one easy step.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 34 | Month: August | Year: 2018 | Release Date: 24/08/2018 | Edition: #236 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://ninja.style/post/bcard/
Description: How I Hacked BlackHat 2018.

URL: https://hackerone.com/reports/395296
Description: Phone Call to XXE via Interactive Voice Response.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/nccgroup/singularity
Description: A DNS rebinding attack framework.

URL: https://github.com/quentinhardy/odat
Description: ODAT - Oracle Database Attacking Tool.

URL: https://github.com/stufus/reconerator
Description: C# Targeted Attack Reconnissance Tools.

URL: https://github.com/RhinoSecurityLabs/pacu
More: http://bit.ly/2MweecW (+)
Description: Rhino Security Labs' AWS penetration testing toolkit.

URL: https://github.com/gen0cide/gscript
Slides: http://bit.ly/2BzDYjL (+)
Description: Framework to implement custom droppers for all three major OSs.

URL: https://github.com/HigorLoren/stalker
Description: Py Script that searches and downloads informations about a person.

URL: https://github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint
Description: WhatsApp Protocol Decryption Burp Tool.

URL: https://www.blackhillsinfosec.com/how-to-hack-websockets-and-socket-io/
Description: How to Hack WebSockets and Socket.io.

URL: https://github.com/violentlydave/mkhtaccess_red
Description: Auto-generate an HTaccess for payload delivery.

URL: https://ntdiff.github.io/
Description: Diff any structure or list of functions from NTDLL/NTOSKRNL/HAL.

URL: https://github.com/RUB-NDS/BurpSSOExtension
More: http://bit.ly/2PxIHWc (+)
Description: BurpSuite extension that highlights SSO messages in proxy window.

URL: https://github.com/trailofbits/rattle
Description: Rattle is an EVM binary static analysis framework for smart contracts. 


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://www.kvakil.me/posts/ropchain/
Description: Ropchain - Primer and Attack.

URL: https://hackerone.com/reports/126522
Description: Incorrect param parsing in Digits web authentication.

URL: http://bit.ly/2NeGNs1 (+)
Related: https://blog.path.network/fuzzing-cs-go-bsp-files/
Description: Lock and Load - Exploiting Counter Strike via BSP Map Files.

URL: http://bit.ly/2wgLB8Q (+)
Description: Breaking Full Disk Encryption from a Memory Dump.

URL: https://codewhitesec.blogspot.pt/2018/01/handcrafted-gadgets.html
Description: Handcrafted Gadgets.

URL: https://blogs.securiteam.com/index.php/archives/3736
Description: VirtualBox VRDP Guest-to-Host Escape (unresolved 😏).

URL: https://github.com/zhengmin1989/GreatiOSJailbreakMaterial
Description: Great iOS Jailbreak Material!

URL: http://bit.ly/2w67bOb (+)
PoC: https://github.com/ChiChou/GlobalWebInspect
Description: Prison Break - iOS Global Enable WebView Remote Debug.

URL: https://shkspr.mobi/blog/2018/01/mailchimp-leaks-your-email-address/
Description: MailChimp leaks your email address.

URL: https://lgtm.com/blog/apache_struts_CVE-2018-11776
PoC: https://github.com/jas502n/St2-057/ | http://bit.ly/2obNtMq (+)
More: https://lgtm.com/blog/apache_struts_CVE-2018-11776-part2
Description: How to find 5 RCEs in Apache Struts with Semmle QL (CVE-2018-11776).

URL: http://bit.ly/2PtttS5 (+)
PoC: https://github.com/Rhynorater/CVE-2018-15473-Exploit
Description: OpenSSH User Enumeration Vulnerability - A Close Look (CVE-2018-15473).

URL: http://bit.ly/2BzZKDO (+)
PoC: https://github.com/atredispartners/CVE-2018-0952-SystemCollector
Description: PE Vulnerability in Windows Standard Collector Service (CVE-2018-0952).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://uselesscsp.com/
Description: Useless CSP.

URL: https://github.com/jesseduffield/lazygit
Description: simple terminal UI for git commands.

URL: http://www.deaddialect.com/articles/2018/8/17/badge-story
Description: Breaking Badge - The DEFCON Crazy 8s.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 35 | Month: August | Year: 2018 | Release Date: 31/08/2018 | Edition: #237 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://hawkinsecurity.com/2018/08/27/traversing-the-path-to-rce/
Description: Traversing the Path to RCE.

URL: https://blog.scrt.ch/2018/08/24/remote-code-execution-on-a-facebook-server/
Description: Remote Code Execution on a Facebook server.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://www.powershellgallery.com/packages/InjectionHunter/1.0.0
More: http://bit.ly/2Nxd5yu (+)
Description: PS Injection Hunter - Security Auditing for PowerShell Scripts.

URL: https://hackerone.com/reports/401136
Description: Remote Code Execution on Proxy Service (as root) in AWS EC2.

URL: https://github.com/awslabs/git-secrets
Description: Prevents you from committing secrets and credentials into git repos.

URL: https://laconicwolf.com/2018/04/13/burp-extension-python-tutorial/
Description: Burp Extension Python Tutorial.

URL: https://hunter2.gitbook.io/darthsidious/privilege-escalation/alpc-bug-0day
Poc: http://bit.ly/2QzpWSw | https://github.com/OneLogicalMyth/zeroday-powershell
Description: Windows Local Priv. Escalation - ALPC-TaskSched-LPE (CVE-2018-8440).

URL: https://gist.github.com/PaulSec/26251d56134c7fedb2176f2290202546
Description: Default passwords from CIRT website (https://cirt.net/passwords).

URL: https://github.com/panda-re/lava
Description: LAVA - Large-scale Automated Vulnerability Addition.

URL: https://gist.github.com/williballenthin/1c2bc539041ee3bea7a4c7129072a9ac
Description: IDA Pro script to identify functions that are referenced as data.

URL: https://github.com/nccgroup/house
Description: Runtime mobile app analysis toolkit with a Web GUI (W/Frida and Python).

URL: https://github.com/Viralmaniar/Remote-Desktop-Caching-/
Description: Tool to recover old RDP (mstsc) session information in "PNG" files.

URL: https://github.com/theevilbit/injection
Description: Injection techniques by Example (Dump).

URL: https://github.com/BornToBeRoot/NETworkManager
Description: Tool for managing networks and troubleshoot network problems!


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://bit.ly/2MCbMBL (+)
Description: DNS Rebinding Headless Browsers.

URL: https://mike-n1.github.io/Unusual_XSS
Description: Unusual cases of Reflected XSS.

URL: https://objective-see.com/blog/blog_0x36.html
Description: Synthetic Reality - Breaking macOS one click at a time.

URL: http://bit.ly/2o0Mm27 (+)
Description: TerraMaster NAS Vulns Discovered and Exploited (CVE-2018–13354).

URL: https://www.voidsecurity.in/2018/08/from-compiler-optimization-to-code.html
PoC: https://github.com/renorobert/virtualbox-cve-2018-2844
Description: VirtualBox VM Escape (CVE-2018-2844).

URL: http://bit.ly/2o9oTvT (+)
Description: Bug or Backdoor - Exploiting a Remote Code Execution in ISPConfig.

URL: https://landgrey.me/struts2-045-debugging/
Description: Struts2-045 (CVE-2017-5638) vulnerability debugging and POC analysis.

URL: https://payatu.com/redteaming-from-zero-to-one-part-1/
More: https://payatu.com/redteaming-zero-one-part-2/
Description: RedTeaming from Zero to One.

URL: https://b2dfir.blogspot.com/2016/10/touch-screen-lexicon-forensics.html
PoC: https://github.com/B2dfir/wlrip
Description: Touch Screen Lexicon Forensics (TextHarvester/WaitList.dat).

URL: https://lowleveldesign.org/2018/08/15/randomness-in-net/
Description: Randomness in .NET.

URL: https://mattwarren.org/2018/08/28/Fuzzing-the-.NET-JIT-Compiler/
Description: Fuzzing the .NET JIT Compiler.

URL: https://www.contrastsecurity.com/security-influencers/cve-2018-15685
PoC: https://github.com/matt-/CVE-2018-15685
Description: Electron WebPreferences Remote Code Execution (CVE-2018-15685).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://bitmidi.com/
Description: Popular MIDIs.

URL: https://github.com/sylvainhalle/textidote
Description: Spelling, grammar and style checking on LaTeX documents.

URL: https://github.com/felixrieseberg/windows95
Description: Windows 95 in Electron. Runs on macOS, Linux, and Windows.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 36 | Month: September | Year: 2018 | Release Date: 07/09/2018 | Edition: #238 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://bit.ly/2MQEqzs (+)
Description: XSS using quirky implementations of ACME http-01.

URL: https://philippeharewood.com/view-private-instagram-photos/
Description: View Private Instagram Photos.

URL: https://blog.reigningshells.com/2018/09/hacking-rpi-cam-web-interface.html
Description: Hacking The RPi Cam Web Interface.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/r3vn/badKarma
Description: Advanced network reconnaissance toolkit.

URL: https://github.com/jobertabma/relative-url-extractor
Description: A small tool that extracts relative URLs from a file.

URL: https://bneg.io/2018/01/15/iterm2-customizations-for-hackers/
Description: iTerm2 Customizations.

URL: https://github.com/CyberSaxosTiGER/androidDump
Description: A tool pulls loaded binaries ordered by memory regions.

URL: https://github.com/phage-nz/ph0neutria
Description: Malware zoo builder that sources samples straight from the wild.

URL: https://github.com/maddiestone/IDAPythonEmbeddedToolkit/tree/master/Android
More: https://ubm.io/2PDBbIu (+)
Description: IDAPython scripts for automating analysis of firmware - Android Segment.

URL: https://github.com/NetsOSS/headless-burp
Description: Burp extensions and a maven plugin to automate security tests.

URL: https://github.com/1lastBr3ath/2ndOrder
Description: Chrome extension to find domains that don't resolve or have expired.

URL: https://github.com/jakeajames/dylibify
Description: Transform any ARM Mach-O executable to a dynamic library.

URL: https://github.com/Darm64/XNU/wiki/Debuging-XNU-with-CLion
Description: Debuging XNU with CLion.

URL: https://medium.com/@hakluke/haklukes-guide-to-hacking-without-metasploit-1bbbe3d14f90
Description: Hakluke’s Guide to Hacking Without Metasploit.

URL: https://hackerone.com/reports/363971
Description: Insecure Infra. Integrations YML Loading leads to Wins. Privilege Escalation.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://openwall.com/lists/oss-security/2018/05/17/1
Description: Procps-ng Audit Report by Qualys.

URL: https://engineering.riotgames.com/news/riots-approach-anti-cheat
Description: Riot Games Approach to Anti-Cheat.

URL: https://dangokyo.me/2018/08/26/analysis-on-cve-2017-3000/
PoC: https://github.com/dangokyo/CVE-2017-3000
Description: Weak Flash Constant Blinding PRNG Analysis (CVE-2017-3000).

URL: https://phoenhex.re/2018-08-26/csgo-fuzzing-bsp
PoC: https://github.com/niklasb/bspfuzz
Description: Fuzzing Counter-Strike - Global Offensive maps files with AFL.

URL: https://justi.cz/security/2018/08/28/packagist-org-rce.html
Description: Remote Code Execution on packagist.org.

URL: https://insecure.design/
Description: Demoing SSL certificates outliving their domain ownership.

URL: http://bit.ly/2oKrYTd (+)
Description: Netflix Cloud Security - Detecting Credential Compromise in AWS.

URL: http://hatriot.github.io/blog/2018/08/22/dell-digital-delivery-eop/
Description: Dell Digital Delivery - Local Privilege Escalation (CVE-2018-11072).

URL: http://bit.ly/2MQSeK5 (+)
Description: Click me if you can, Office social engineering with embedded objects.

URL: http://williamshowalter.com/a-universal-windows-bootkit/
Description: A Universal Windows Bootkit - An analysis of the MBR bootkit aka "HDRoot".

URL: http://bit.ly/2MTheQP (+)
Description: Analyzing and Exploiting an PE Vuln. in Docker for Windows (CVE-2018-15514).

URL: http://bit.ly/2M2eX0C (+)
Description: MS Office 2016 for Mac Priv. Escalation via a Legacy Package (CVE-2018–8412).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://rya.nc/bitfi-wallet.html
Description: Bitfi's hardware wallet is terrible.

URL: https://github.com/darlinghq/darling
Description: Darwin/macOS emulation layer for Linux.

URL: https://medium.com/@elkentaro/nothing-to-see-here-the-not-so-charger-62a51e3aab22
Description: Nothing to see here. The not-so-charger.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 37 | Month: September | Year: 2018 | Release Date: 14/09/2018 | Edition: #239 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://hackerone.com/reports/317476
Description: Account Takeover in Periscope TV.

URL: https://ash-king.co.uk/facebook-bug-bounty-09-18.html
Description: Making the Facebook App more secure - $8500 Bounty.

URL: http://bit.ly/2CS01CN (+)
Description: Love story, from closed as info. to $3,5k. XSS Stored in Yahoo! iOS Mail App.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/quickbreach/smbetray
Description: SMB MiTM tool with several attacks.

URL: https://github.com/omerporze/brokentooth
Description: Brokentooth - PoC for CVE-2018-4327.

URL: https://github.com/wargio/r2dec-js
Description: radare2 plugin - converts asm to pseudo-C code.

URL: https://github.com/RetireNet/dotnet-retire
Description: CLI extension to check your project for known vulnerabilities.

URL: https://gitlab.com/technotame/cookie-decrypter
Description: A Burp extension for decrypting/decoding various types of cookies.

URL: https://github.com/api0cradle/UltimateAppLockerByPassList
Description: Repository to document the most common techniques to bypass AppLocker.

URL: https://github.com/s1kr10s/Apache-Struts-v3
Description: Apache Struts RCE  Exploiter (CVE-2013-2251/CVE-2017-5638/CVE-2018-11776).

URL: http://exceptionlevelone.blogspot.pt/2018/02/creating-your-own-ios-1112-jailbreak.html
Description: Creating Your Own iOS 11.1.2 Jailbreak With The QiLin Toolkit.

URL: https://github.com/mxmssh/drltrace
Description: Drltrace is a library calls tracer for Windows and Linux applications.

URL: https://github.com/two06/Inception
Description: In-memory compilation and reflective loading of C# apps for AV evasion.

URL: https://github.com/TryCatchHCF/PacketWhisper
Description: Stealthily exfil data and defeat attribution w/ DNS queries and steganography.

URL: https://gist.github.com/maldevel/1d46329e00ab0c076150ddbce90d94cd
Description: PassCat Decrypt WinSCP passwords snippet.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://quentinkaiser.be/pentesting/2018/09/07/node-red-rce/
Description: Gaining RCE by abusing Node-RED.

URL: https://www.rfk.id.au/blog/entry/security-bugs-ssrf-via-request-splitting/
Description: Security Bugs in Practice - SSRF via Request Splitting.

URL: http://reversing.io/posts/introducing-finch/
Tool: https://github.com/falconre/finch
Description: Finch is a Symbolic Executor built on top of Falcon.

URL: https://blogs.projectmoon.pw/2018/08/17/Edge-InlineArrayPush-Remote-Code-Execution/
Description: Edge InlineArrayPush Remote Code Execution (CVE-2018-8372).

URL: http://bit.ly/2xaQu4q (+)
Description: Using the macOS/iOS knowledgeC.db DB to Determine Precise User and App Usage.

URL: https://adapt-and-attack.com/2017/11/15/keying-payloads-for-scripting-languages/
Description: Keying Payloads for Scripting Languages.

URL: https://gracefulbits.com/2018/07/26/system-call-dispatching-for-windows-on-arm64/
Description: System call dispatching on Windows ARM64.

URL: https://versprite.com/blog/json-deserialization-memory-corruption-vulnerabilities/
Description: Analyzing JSON Deserialization Memory Corruption Vulnerabilities on Android.

URL: http://bit.ly/2NcA6dG (+)
Description: Arbitrary, Unsigned Code Execution Vector in Microsoft.Workflow.Compiler.exe.

URL: https://siguza.github.io/KTRR/
Description: Allegedly "Kernel Text Readonly Region" (Apple’s A10 chips research). 

URL: http://bit.ly/2p3wcpa (+)
Description: Injecting .Net Assemblies Into Unmanaged Processes.

URL: https://int0xcc.svbtle.com/using-concolic-execution-for-static-analysis-of-malware
Description: Using concolic execution for static analysis of malware.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://www.michaelfogleman.com/rush/
Description: Solving Rush Hour, the Puzzle.

URL: http://nandgame.com/
Description: The Nand Game - You are going to build a simple computer.

URL: https://github.com/1tayH/noisy
Description: Simple random DNS, HTTP/S internet traffic noise generator.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 38 | Month: September | Year: 2018 | Release Date: 21/09/2018 | Edition: #240 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://justi.cz/security/2018/09/13/alpine-apk-rce.html
Description: Remote Code Execution in Alpine Linux.

URL: https://hackerone.com/reports/408583
Description: PII of all Dutch public transport cards "OV-Chipkaart" accessible.

URL: https://medium.com/@jonathanbouman/local-file-inclusion-at-ikea-com-e695ed64d82f
Description: Local file inclusion (LFI) at IKEA.com.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://cornerpirate.com/2018/07/24/grep-extractor-a-burp-extender/
Description: Grep Extractor a Burp Extender.

URL: https://gamozolabs.github.io/fuzzing/2018/09/16/scaling_afl.html
Description: Scaling AFL to a 256 thread machine.

URL: https://github.com/TKCERT/mail-security-tester
Description: A testing framework for mail security and filtering solutions.

URL: http://bit.ly/2NWlZcd (+)
Description: Windows oneliners to download remote payload and execute arbitrary code.

URL: https://blog.thomasorlita.cz/vulns/google-csp-evaluator/
Description: How to use Google’s CSP Evaluator to bypass CSP.

URL: https://github.com/Lz1y/CVE-2018-8420
Description: MS XML Remote Code Execution Vulnerability (CVE-2018-8420).

URL: https://github.com/anantshri/svn-extractor
Description: Extract all web resources by exposed .SVN folder.

URL: https://rastamouse.me/2017/08/jumping-network-segregation-with-rdp/
Description: Jumping Network Segregation with RDP.

URL: https://github.com/cys3c/roxysploit
Description: roxysploit - Penetration Testing Suite.

URL: https://github.com/danleh/wasabi
Description: A dynamic analysis framework for WebAssembly programs. 

URL: https://uncoder.io/
Description: Uncoder - One common language for cyber security (SOC Analysts Helper).

URL: https://github.com/cornerpirate/java-stager
Description: Java Stager which can download, compile, and execute code in memory.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://medium.com/@vishwaraj101/ocr-to-xss-42720d85f7fa
Description: OCR to XSS.

URL: http://bit.ly/2OHA7mD (+)
Description: Bypassing Hotstar Premium with DOM manipulation and some JavaScript.

URL: http://blog.nsfocus.net/cve-2018-804-analysis/
Description: Analysis of Joomla Kernel SQL Injection Vulnerability (CVE-2018-8045).

URL: https://www.contextis.com/blog/wap-just-happened-my-samsung-galaxy
Related: https://bugs.chromium.org/p/project-zero/issues/detail?id=1532
Description: WAP just happened to my Samsung Galaxy?.

URL: http://bit.ly/2NZYf78 (+)
Description: EE 4GEE Mini Local Privilege Escalation Vulnerability (CVE-2018-14327).

URL: http://bit.ly/2poFVXa (+)
Description: A Technical Survey Of Common And Trending Process Injection Techniques.

URL: https://blog.cylance.com/cracking-ransomware
Description: Cracking Ransomware.

URL: https://rastating.github.io/creating-a-custom-shellcode-encoder/
Description: Creating a Custom Shellcode Encoder.

URL: https://rhinosecuritylabs.com/aws/aws-privilege-escalation-methods-mitigation/
Description: AWS Privilege Escalation – Methods and Mitigation.

URL: http://bit.ly/2wiFctW (+)
Description: The call is coming from inside the house - DNS rebinding in EOSIO keosd wallet.

URL: https://oddvar.moe/2018/09/06/persistence-using-universal-windows-platform-apps-appx/
Description: Persistence using Universal Windows Platform apps (APPX).

URL: http://rinseandrepeatanalysis.blogspot.com/2018/09/dde-downloaders-excel-abuse-and.html
Description: DDE Downloaders, Excel Abuse, and a PowerShell Backdoor.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://tonsky.me/blog/disenchantment/
Description: Software disenchantment.

URL: https://lcq2.github.io/x86_iphone/
Description: x86 finds its way into your iPhone.

URL: https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
Description: APT & CyberCriminal Campaign Collection.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 39 | Month: September | Year: 2018 | Release Date: 28/09/2018 | Edition: #241 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://bit.ly/2NMLnC0 (+)
Description: Subdomain Takeover via Unsecured S3 Bucket Connected to the Website.

URL: https://medium.com/@jonathanbouman/reflected-xss-at-philips-com-e48bf8f9cd3c
Description: Reflected XSS at Philips.com.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: http://bit.ly/2Qf34Ha (+)
Description: From RDS app to Empire shell.

URL: https://github.com/jthuraisamy/DIRT
Description: Driver Initial Reconnaissance Tool.

URL: https://github.com/trailofbits/winchecksec
Blog: http://bit.ly/2Iklu6B (+)
Description: Tool that detects security features in Windows binaries.

URL: https://github.com/DownWithUp/CVE-2018-16712/
Description: PoC Code for CVE-2018-16712 (exploit MmMapIoSpace).

URL: https://github.com/itm4n/VBA-RunPE
Description: A VBA implementation of the RunPE technique (bypass app whitelisting).

URL: https://www.n00py.io/2018/08/bypassing-duo-two-factor-authentication-fail-open/
Description: Bypassing Duo Two-Factor Authentication (Fail Open).

URL: https://github.com/capt-meelo/Telewreck
Related: https://capt-meelo.github.io/pentest/2018/08/03/pwning-with-telerik.html
Description: Burp extension - Pwning Web Applications via Telerik Web UI (CVE-2017-9248).

URL: https://astr0baby.wordpress.com/2018/09/08/understanding-how-dll-hijacking-works/
Description: Understanding how DLL Hijacking works.

URL: https://github.com/ohpe/juicy-potato
Description: Juicy Potato (abusing the golden privileges) - Another LPE tool.

URL: https://blog.secarma.co.uk/labs/hacking-with-git-git-enum-metasploit-module-release
Description: Hacking with Git - Git-Enum metasploit module release.

URL: https://github.com/bazad/blanket
Description: Mach port replacement vulnerability in launchd on iOS 11.2.6 (CVE-2018-4280).

URL: https://github.com/byt3bl33d3r/SprayingToolkit
Description: Scripts to make password spraying attacks against Lync/S4B & OWA more efficient.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://blog.benjojo.co.uk/post/qemu-monitor-socket-rce-vnc
Description: From VNC to reverse shell.

URL: https://www.hackerone.com/blog/Guide-Subdomain-Takeovers
Description: A Guide To Subdomain Takeovers.

URL: http://krystalgamer.me/spidey-breaking/
Description: Reversing Spiderman 2000 - Breaking CD-ROM protection.

URL: https://cyseclabs.com/blog/linux-kernel-heap-spray
Description: Linux Kernel universal heap spray.

URL: http://bit.ly/2N6yWM5 (+)
Description: Discovering GraphQL endpoints and SQLi vulnerabilities.

URL: http://www.s3.eurecom.fr/projects/modern-android-phishing/
Description: Phishing Attacks on Modern Android.

URL: http://bit.ly/2R3ohVC (+)
Description: AFL-based Java fuzzers and the Java Security Manager.

URL: http://bit.ly/2xGnLEO (+)
Description: Reverse engineering an LCD wall's communications protocol.

URL: https://github.com/trailofbits/not-so-smart-contracts
Description: Examples of Solidity security issues (Dump).

URL: https://medium.com/tenable-techblog/advantech-webaccess-unpatched-rce-ffe9f37f8b83
Description: Advantech WebAccess Unpatched RCE (CVE-2017–16720).

URL: http://bit.ly/2xUAdQT (+)
Description: Hunting mobile devices endpoints - the RF and the Hard way (IOT Audit).

URL: https://tunnelshade.in/blog/2018/09/hongfuzz-intel-pt-instrumentation/
Description: Internals of Hongfuzz - Intel Processor Trace (coverage guided blackbox fuzzing).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://truepolyglot.hackade.org/
Description: Truepolyglot is polyglot file generator project.

URL: https://safekeepcybersecurity.github.io/posts/2018/09/carhack_urh/
Description: Unlock a Mustang GT - HackRF/Universal Hacker Radio.

URL: https://medium.com/@the4rchangel/email-spoofing-with-netcat-telnet-e558e4a10c1
Description: Email Spoofing With Netcat/Telnet.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 40 | Month: October | Year: 2018 | Release Date: 05/10/2018 | Edition: #242 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://medium.com/@brs.sgdc/google-stored-xss-in-payments-350cd7ba0d1b
Description: Google Stored XSS in Payments.

URL: http://bit.ly/2OzZOsx (+)
Description: Applying a small bypass to steal Facebook Session tokens in Uber.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://www.n00py.io/2018/10/popping-shells-on-splunk/
Related: https://github.com/TBGSecurity/weaponize_splunk
Description: Popping shells on Splunk.

URL: https://github.com/n0dec/MalwLess
Description: Test Blue Team detections without running any attack.

URL: https://github.com/Ebryx/AES-Killer
Description: Burpsuite Plugin to decrypt AES Encrypted mobile app traffic.

URL: https://gitlab.com/gitlab-org/gitlab-ce/issues/49133
Description: Vulnerability in project import leads to arbitrary command execution.

URL: https://github.com/GhostPack/Rubeus
Blog: http://www.harmj0y.net/blog/redteaming/from-kekeo-to-rubeus/
Description: Rubeus is a C# toolset for raw Kerberos interaction and abuses.

URL: https://jacksonvd.com/pwned-passwords-and-ntlm-hashes/
Description: Pwned Passwords and NTLM Hashes!

URL: https://github.com/esmog/nodexp
Description: Server Side JS Injection tool for detecting/exploit Node.js vulns.

URL: https://github.com/skelsec/windows_ad_dos_poc
Description: PoC code for crashing windows active directory.

URL: https://github.com/evilsocket/shellz/
Description: Utility to track and control your ssh, telnet, web and custom shells.

URL: https://github.com/malwaredllc/byob
Description: BYOB (Build Your Own Botnet).

URL: https://github.com/jeremybuis/jsscanner
Description: Docker image to perform static scans against JavaScript code bases.

URL: https://github.com/sinfocol/vboxdie-cracker
Description: VirtualBox Disk Image Encryption password cracker.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://www.x41-dsec.de/lab/blog/fax/
Description: Researching The FAX Machine Attack Surface.

URL: https://medium.com/@efkan162/how-i-xssed-uber-and-bypassed-csp-9ae52404f4c5
Description: How I XSS’ed Uber and Bypassed CSP.

URL: https://jordanpotti.com/2018/10/03/violating-your-personal-space-with-webex/
Description: Violating Your Personal Space with Webex.

URL: http://bit.ly/2OUsLMP (+)
Description: Malicious Command Execution via bash-completion (CVE-2018-7738).

URL: http://bit.ly/2DWsXtT (+)
Description: A static analysis approach relying on symbolic execution.

URL: https://letsencrypt.org/docs/certificates-for-localhost/
Description: Certificates for localhost.

URL: https://blog.lexfo.fr/cve-2017-11176-linux-kernel-exploitation-part1.html
Description: A step-by-step Linux Kernel exploitation (CVE-2017-11176).

URL: https://eli.thegreenplace.net/2011/01/23/how-debuggers-work-part-1/
More: http://bit.ly/2OAonFQ (+) | http://bit.ly/2QsA5zO (+)
Description: How debuggers work (Basics/Breakpoints/Debugging information).

URL: https://www.gironsec.com/blog/2018/01/expiring-payloads-in-the-metasploit-framework/
Description: Expiring Payloads in the Metasploit Framework.

URL: http://ly0n.me/2015/08/01/writing-exploits-with-an-egghunter-part-1/
Description: Writing exploits with an egghunter.

URL: https://blog.smartdec.net/smartdec-smart-contract-audit-beginners-guide-d04cc7f1c571
Description: SmartDec smart contract audit beginner’s guide.

URL: http://blog.ptsecurity.com/2018/10/intel-me-manufacturing-mode-macbook.html
Description: Intel ME Manufacturing Mode - Obscured dangers and Apple MacBook CVE-2018-4251.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://www.linuxboot.org/
Description: Linux as Firmware.

URL: http://www.lambdashell.com/
Description: Is serverless insecure? Let's find out..

URL: https://github.com/Microsoft/MS-DOS
Description: The original sources of MS-DOS 1.25 and 2.0, for reference purposes.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 41 | Month: October | Year: 2018 | Release Date: 12/10/2018 | Edition: #243 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://blog.sheddow.xyz/css-timing-attack/
Description: A timing attack with CSS selectors and Javascript.

URL: http://www.sec-down.com/wordpress/?p=809
Description: An interesting Google vulnerability that got me 3133.7 reward.

URL: http://bit.ly/2OQkWuJ (+)
Description: Get as image() pulls Insights/NRQL data from New Relic accounts (IDOR).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/hdm/mac-ages
Description: MAC address age tracking.

URL: https://github.com/nulpwn/WiPray
Description: Wifi Password Spray in EAP-MSCHAPv2 networks.

URL: https://github.com/hausec/ADAPE-Script
Description: Active Directory Assessment and Privilege Escalation Script.

URL: https://github.com/LewisArdern/eslint-plugin-angularjs-security-rules
Description: Rules for detecting security issues in Angular 1.x.

URL: https://github.com/samhaxr/TakeOver-v1
Description: Takeover script extracts CNAME record of all subdomains at once.

URL: https://github.com/blueudp/DorkMe
Description: Making easier the searching of vulnerabilities with Google Dorks.

URL: https://github.com/sdnewhop/sdwan-harvester
Description: SD-WAN Harvester - Automatically enumerate/fingerprint SD-WAN nodes.

URL: https://github.com/JackOfMostTrades/bluebox
Description: Automated Exploit Toolkit for CVE-2015-6095 and CVE-2016-0049.

URL: https://github.com/cobbr/SharpSploit
More: https://github.com/anthemtotheego/SharpSploitConsole
Description: SharpSploit is a .NET post-exploitation library written in C#.

URL: https://github.com/Cr4sh/fwexpl
Description: PC firmware exploitation tool and library.

URL: https://github.com/P1CKLES/SharpBox
Description: Tool for compressing, encrypt and exfil data to DropBox via API.

URL: https://github.com/chudel/openfender
Description: Quest One Identity Defender Soft Token to Google Auth QR Code Converter.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://flatkill.org/
Description: Flatpak - a security nightmare.

URL: http://bit.ly/2C601gF (+)
Description: Bitcoin Core Bug CVE-2018–17144 - An Analysis.

URL: https://geosn0w.github.io/Jailbreaks-Demystified/
Description: Jailbreaks Demystified.

URL: https://www.nc-lp.com/blog/disguise-phar-packages-as-images
Description: Disguise PHAR packages as images.

URL: http://bit.ly/2yxlRWY (+)
Description: Collecting Shells by the Sea of NAS Vulnerabilities.

URL: http://bit.ly/2NC71nl (+)
Description: PRTG Network Monitor Privilege Escalation (CVE-2018-17887).

URL: https://prdeving.wordpress.com/2018/09/21/hiding-malware-in-windows-code-injection/
Description: Hiding malware in Windows – The basics of code injection.

URL: https://ewilded.blogspot.pt/2018/01/vulnserver-my-kstet-exploit-delivering.html
Related: http://www.thegreycorner.com/2010/12/introducing-vulnserver.html
Description: My KSTET exploit - Delivering the final shellcode via active server socket.

URL: http://bit.ly/2C9esjR (+)
Description: Authentication bypass vulnerability (W/PE) in WD My Cloud (CVE-2018-17153).

URL: https://alephsecurity.com/2018/01/22/qualcomm-edl-1/
Code: https://github.com/alephsecurity/edlrooter
Description: Exploiting Qualcomm EDL Programmers (CVE-2017-13174/CVE-2017-5947).

URL: http://0xeb.net/2018/03/using-z3-with-ida-to-simplify-arithmetic-operations-in-functions/
Description: Using Z3 with IDA to simplify arithmetic operations in functions.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://telegra.ph/
Description: Write and Share!

URL: https://blog.bejarano.io/hardening-macos.html
Description: Hardening macOS.

URL: https://github.com/opsxcq/docker-tor-hiddenservice-nginx
Description: Easily setup a hidden service inside the Tor network.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 42 | Month: October | Year: 2018 | Release Date: 19/10/2018 | Edition: #244 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://bit.ly/2EuxUKF (+)
Description: Add description to Instagram Posts on behalf of other users.

URL: http://bit.ly/2EttVhF (+)
Description: Persistent XSS (unvalidated Open Graph embed) at LinkedIn.com.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/JoelGMSec/AutoRDPwn
Description: The Shadow Attack Framework.

URL: https://github.com/AlexAltea/libelf.js
Description: LibELF port for JavaScript.

URL: https://hackerone.com/reports/405100
Description: Stealing Users OAUTH Tokens via redirect_uri.

URL: https://digi.ninja/blog/hiding_bash_history.php
Description: Hiding from Bash history.

URL: https://github.com/pxb1988/dex2jar
Description: Tools to work with android .dex and java .class files.

URL: https://hackernoon.com/how-i-hacked-modern-vending-machines-43f4ae8decec
Description: How I hacked modern Vending Machines.

URL: https://github.com/SoledaD208/CVE-2018-10933/
More: http://bit.ly/2EwN0PS (+) | http://bit.ly/2pYISxW (+) | http://bit.ly/2q0fFml (+)
Description: PoC for libssh 0.6++ Auth bypass in server code (CVE-2018-10933). 

URL: https://github.com/r4wd3r/RID-Hijacking/
Description: Windows RID Hijacking persistence technique.

URL: https://github.com/leechristensen/SpoolSample
More: https://gist.github.com/3xocyte/cfaf8a34f76569a8251bde65fe69dccc
Description: Force Windows hosts authenticate in other machines via MS-RPRN RPC.

URL: https://github.com/securifera/serviceFu
Blog: https://www.securifera.com/blog/2018/10/07/servicefu/
Description: Automates credential skimming from service accounts in Windows Registry.

URL: https://github.com/mxmssh/drAFL
Description: AFL + DynamoRIO = fuzzing binaries with no source code on Linux.

URL: https://github.com/jonatan1024/clrinject
Description: Injects C# EXE or DLL Assembly into CLR and AppDomain of another process.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: http://bit.ly/2AhbatG (+)
Description: Report Spam. Get Owned.

URL: https://oddcoder.com/BROP-102/
Description: Blind Return Oriented Programming 102.

URL: http://bit.ly/2J3ItTT (+)
Description: Uncovering a massive Binance phishing campaign.

URL: https://leucosite.com/Microsoft-Edge-RCE/
Description: Microsoft Edge Remote Code Execution (CVE-2018-8495).

URL: https://www.xorrior.com/persistent-credential-theft/
Description: Persistent Credential Theft with Authorization Plugins.

URL: http://bit.ly/2NNfkgs (+)
Description: In-Depth Analysis of Yahoo! Authentication Schemes (Oldies).

URL: http://bit.ly/2yLKjDY (+)
Description: Protecting internal applications with a SAML-aware reverse-proxy.

URL: https://paper.seebug.org/716/
More: https://gist.github.com/joernchen/38dd6400199a542bc9660ea563dcf2b6
Description: Analysis of Git Submodule Vulnerability (CVE-2018-17456).

URL: https://medium.com/bugbountywriteup/bug-bounty-mail-ru-234fa6f5a5a
Description: Admin panel pwn and data disclosure of 2 million users from mail.ru.

URL: https://outflank.nl/blog/2018/10/12/sylk-xlm-code-execution-on-office-2011-for-mac/
Description: Sylk + XLM = Code execution on Office 2011 for Mac.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://tls.ulfheim.net/
Description: The Illustrated TLS Connection.

URL: http://serveo.net/
Description: Expose local servers to the internet.

URL: https://github.com/webdigi/AWS-VPN-Server-Setup
Description: Setup your own private, secure, free* VPN on the Amazon AWS Cloud.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 43 | Month: October | Year: 2018 | Release Date: 26/10/2018 | Edition: #245 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://www.martinvigo.com/googlemeetroulette/
Description: GoogleMeetRoulette - Joining random meetings.

URL: https://rpadovani.com/facebook-responsible-disclosure
Description: Responsible disclosure - Retrieving a user's private Facebook friends.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/sensepost/goDoH
Description: A DNS-over-HTTPS C2.

URL: https://github.com/joanbono/Gurp
Description: Burp Commander written in Go.

URL: https://github.com/dutchcoders/vncscan
Description: OCR open VNC framebuffers to console.

URL: https://github.com/McGill-DMaS/Kam1n0-Community
Description: The Kam1n0 Assembly Analysis Platform.

URL: https://fosterelli.co/privilege-escalation-via-docker.html
Description: Privilege escalation via Docker.

URL: https://github.com/samratashok/Deploy-Deception
Description: A PowerShell module to deploy active directory decoy objects.

URL: http://bit.ly/2Jig0ti (+)
Description: Remote NTLM relaying through meterpreter on Windows port 445.

URL: https://github.com/xoreaxeaxeax/sandsifter
Description: The x86 processor fuzzer.

URL: https://github.com/LeonardoNve/edm
Description: HTTP proxy for infecting files on-the-fly and SSLstrip2.

URL: https://github.com/RUB-NDS/Metadata-Attacker
Description: A tool to generate media files with malicious metadata.

URL: https://github.com/tevora-threat/SharpView
Description: C# implementation of harmj0y's PowerView.

URL: https://github.com/WinHeapExplorer/WinHeap-Explorer
Description: Tool for heap-based bugs detection in x86 machine code for Windows apps.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://bugid.skylined.nl/20181017001.html
Description: Fuzz in sixty seconds.

URL: https://alephsecurity.com/2018/10/22/StackOverflowException/
Description: StackOverflowException (SOE) - CVE-2018-8269 Analysis.

URL: https://mp.weixin.qq.com/s/ebKHjpbQcszAy_vPocW0Sg
PoC: https://github.com/voidfyoo/CVE-2018-3191/
Description: WebLogic Remote Code Execution Vulnerability (CVE-2018-3191).

URL: https://blog.skullsecurity.org/2018/technical-rundown-of-webexec
More: http://bit.ly/2PULNmT (+) | http://bit.ly/2ELhpdz (+)
Description: Technical Rundown of WebExec (CVE-2018-15442).

URL: http://bit.ly/2PlwTsN (+)
Description: Password and Credential Management in 2018.

URL: https://liberty-shell.com/sec/2018/10/20/living-off-the-land/
Description: Living Off the Land (With Windows Binaries).

URL: https://hackerone.com/reports/348076
Description: New Relic Stored XSS in Brower `name` field reflected in two pages.

URL: https://gamozolabs.github.io/fuzzing/2018/10/18/terrible_android_fuzzer.html
Description: Writing the worlds worst Android fuzzer, and then improving it.

URL: https://blog.stratumsecurity.com/2018/10/17/route-53-as-a-pentest-infrastructure/
Description: Route 53 as Pentest Infrastructure.

URL: https://shadowfile.inode.link/blog/2018/10/source-level-debugging-the-xnu-kernel/
Description: Source Level Debugging the XNU Kernel.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/derricw/asciisciit
Description: ASCII Art, Video, and Plotting Toolbox.

URL: https://ops.tips/blog/how-linux-tcp-introspection/
Description: The inner workings of bind and listen on Linux.

URL: https://research.kudelskisecurity.com/2018/10/23/build-your-own-hardware-implant/
Description: Build Your Own Hardware Implant.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 44 | Month: November | Year: 2018 | Release Date: 02/11/2018 | Edition: #246 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://bit.ly/2qnqbnO (+)
Description: Journey through Google referer leakage bugs (KISS).

URL: http://bit.ly/2QcNf46 (+)
Description: How I hacked Anda, the public transportation app of Porto (CVE-2018-13342).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/CalebFenton/simplify
Description: Generic Android Deobfuscator.

URL: https://github.com/OsandaMalith/PESecInfo
More: http://bit.ly/2yLa2x7 (+)
Description: A Simple Tool to Manipulate ASLR and DEP Flags.

URL: https://bitrot.sh/post/01-16-2018-password_spraying_adfs_with_burp/
Related: http://bit.ly/2AGiI9r (+)
Description: Password Spraying ADFS with Burp.

URL: https://github.com/Rev3rseSecurity/WebMap
Description: Nmap Web Dashboard and Reporting.

URL: https://github.com/AMOSSYS/MemITM/
Description: Tool to make in memory man in the middle.

URL: https://github.com/ninoseki/mitaka
Description: OSINT friendly IOC (Indicator of Compromise) search tool.

URL: https://github.com/anthemtotheego/SharpCradle
Description: Tool designed to help execute .NET binaries into memory.

URL: https://github.com/singe/hashcat-brain
Description: A docker container for running the hashcat brain server.

URL: https://github.com/ecx86/tcpbin
Description: Very crude and poorly written HTTP(s) and SMTP bin.

URL: http://bit.ly/2DjQT9m (+)
Description: How to bypass AMSI and execute ANY malicious Powershell code.

URL: https://github.com/salesforce/hassh
Description: Network fingerprinting standard to identify SHH Clients and Servers.

URL: https://github.com/TunisianEagles/winspy
Description: Windows reverse shell Backdoor creator with an Automatic IP Poisener.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://acru3l.github.io/2018/10/20/ropping-through-shady-corners/
Description: ROPping through shady corners.

URL: https://jerrygamblin.com/2018/10/29/google-home-insecurity/
Description: Google Home (in)Security.

URL: https://www.unix-ninja.com/p/attacking_google_authenticator
Description: Attacking Google Authenticator.

URL: https://www.securepatterns.com/2018/10/cve-2018-14665-xorg-x-server.html
More: http://bit.ly/2PBYrKk (+) | http://bit.ly/2qvmn4h (+)
Description: Xorg X Server Vulnerabilities (CVE-2018-14665).

URL: https://blog.quarkslab.com/playing-with-the-windows-notification-facility-wnf.html
More: https://github.com/ustayready/CasperStager
Description: Playing with the Windows Notification Facility (WNF).

URL: https://sandboxescaper.blogspot.com/2018/10/reversing-alpc-where-are-your-windows.html
Description: Reversing ALPC - Where are your windows bugs and sandbox escapes?

URL: https://rhaidiz.net/2018/10/25/dribble-stealing-wifi-password-via-browsers-cache-poisoning
Description: Project Dribble - Hacking Wi-Fi with cached JavaScript.

URL: https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407
Description: Kernel RCE - Buffer overflow in Apple's ICMP packet-handling code (CVE-2018-4407).

URL: http://bit.ly/2zkcxpG (+)
Description: Unauthenticated Out-of-Band XML External Entity (OOB-XXE) in a Help Desk Software.

URL: http://bit.ly/2Jx7RBw (+)
PoC: https://github.com/tamirzb/CVE-2018-9411
Description: Critical vulnerability in multiple high-privileged Android services (CVE-2018-9411).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/ChrisKnott/Algojammer
Description: An experimental code editor for writing algorithms.

URL: https://github.com/yandexdataschool/nlp_course
Description: Yandex Data School - Course in Natural Language Processing.

URL: http://bit.ly/2ETzzKg (+)
Description: How Mitnick hacked Tsutomu Shimomura with an IP sequence attack.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 45 | Month: November | Year: 2018 | Release Date: 09/11/2018 | Edition: #247 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://mango.pdf.zone/stealing-chrome-cookies-without-a-password
Description: Stealing Chrome cookies without a password.

URL: https://hackerone.com/reports/303730
Description: Defacement of catalog.data.gov via web cache poisoning to stored DOMXSS.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/joxeankoret/pigaios
Description: A tool for diffing source codes directly against binaries.

URL: https://github.com/TheSecondSun/Shellab
Description: Linux and Windows shellcode development/enrichment utility.

URL: https://github.com/lcashdol/Exploits/tree/master/CVE-2018-9206
More: https://github.com/gunnerstahl/JQShell
Description: Unauth file upload issue in Blueimp jQuery-File-Upload (CVE-2018-9206).

URL: https://github.com/MrSqar-ye/Door404
Description: PHP Backdoor For Web Servers.

URL: https://github.com/OALabs/frida-wshook
Description: Script analysis tool based on Frida.re.

URL: https://github.com/ReneLergner/WPinternals
Description: Source-code of Windows Phone Internals.

URL: https://github.com/dcsync/pycobalt
Description: PyCobalt is a Python API for Cobalt Strike.

URL: https://github.com/Hypnoze57/FShell
Description: Tool designed to get an interactive tty using RCE via a stageless protocol.

URL: https://github.com/bbbrumley/portsmash
More: https://seclists.org/oss-sec/2018/q4/123
Description: Side-channel vuln on SMT/Hyper-Threading architectures (CVE-2018-5407).

URL: https://serializethoughts.com/2018/10/07/bypassing-android-flag_secure-using-frida/
Description: Bypassing Android FLAG_SECURE using FRIDA.

URL: https://github.com/deepzec/Win-PortFwd
Description: Powershell script to setup windows port forwarding using native netsh client.

URL: https://github.com/quentinhardy/jndiat
Description: Test the security of Weblogic servers through T3 protocol - JNDI Attacking Tool.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://danshumway.com/blog/gamasutra-vulnerabilities/
Description: Disclosing Multiple Gamasutra Vulnerabilities.

URL: https://habr.com/post/429004/
PoC: https://github.com/MorteNoir1/virtualbox_e1000_0day
Description: VirtualBox 0day Escape Vulnerability.

URL: https://wbenny.github.io/2018/11/04/wow64-internals.html
Description: WoW64 internals ...re-discovering Heaven's Gate on ARM.

URL: https://blog.xpnsec.com/rundll32-your-dotnet/
Description: RunDLL32 your .NET (AKA DLL exports from .NET).

URL: http://bit.ly/2QoKsol (+)
Description: An anti-sandbox/anti-reversing trick using the GetClipboardOwner API.

URL: http://bit.ly/2ROJSRt (+)
PoC: https://github.com/pyn3rd/CVE-2018-3252
Description: Oracle WebLogic RCE Deserialization Vulns (CVE-2018-3252/CVE-2018-3245).

URL: https://www.tarlogic.com/en/blog/red-team-tales-0x02-from-sqli-to-domain-admin/
Description: Red Team Tales 0x02 - From SQLi to Domain Admin.

URL: https://paper.seebug.org/737/
Description: Evernote For Windows Read Local File and Command Execute Vulnerabilities.

URL: https://lgtm.com/blog/icecast_snprintf_CVE-2018-18820
Description: The problem with snprintf - A vulnerability in Icecast (CVE-2018-18820).

URL: https://poppopret.blogspot.com/2011/09/playing-with-mof-files-on-windows-for.html
Description: Playing with MOF files on Windows, for fun & profit (MS10-061).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/jenssegers/imagehash/
Description: Perceptual image hashing for PHP.

URL: https://marcan.st/2017/12/debugging-an-evil-go-runtime-bug/
Description: Debugging an evil Go runtime bug.

URL: https://github.com/vergeml/vergeml
Description: Environment for exploring, training and running Machine Learning models. 


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 46 | Month: November | Year: 2018 | Release Date: 16/11/2018 | Edition: #248 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://apapedulimu.click/clickjacking-on-google-myaccount-worth-7500/
Description: Clickjacking on Google MyAccount Worth 7,500$.

URL: https://xlab.tencent.com/en/2018/11/13/cve-2018-4277/
Description: Spoof All Domains Containing 'd' in Apple Products (CVE-2018-4277).

URL: https://medium.com/@mrnikhilsri/oob-xxe-in-prizmdoc-cve-2018-15805-dfb1e474345c
Description: OOB XXE in PrizmDoc (CVE-2018–15805).


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/honorarybot/PulseDbg
Description: Hypervisor-based debugger.

URL: https://github.com/genuinetools/amicontained
Description: Container introspection tool.

URL: https://github.com/s0md3v/Arjun
Description: Arjun is a HTTP parameter discovery suite.

URL: https://github.com/tamirzb/CVE-2018-9539/
Description: Android Media framework UaF PoC (CVE-2018-9539).

URL: https://github.com/sdnewhop/sdwan-infiltrator
Description: NSE script to automatically discover SD-WAN nodes.

URL: https://github.com/aatlasis/Chiron
Description: Chiron - An IPv6 Security Assessment framework.

URL: https://strm.sh/post/abusing-insecure-docker-deployments/
Description: Abusing insecure docker deployments.

URL: https://github.com/droberson/ssh-honeypot
Description: Fake sshd that logs ip addresses, usernames, and passwords.

URL: https://github.com/RhinoSecurityLabs/Swagger-EZ
Blog: http://bit.ly/2B8XAJl (+)
Description: A tool geared towards pentesting APIs using OpenAPI definitions.

URL: https://github.com/hacksysteam/WpadEscape
Description: Sandbox escape using WinHTTP Web Proxy Auto-Discovery Service.

URL: https://shkspr.mobi/blog/2018/11/domain-hacks-with-unusual-unicode-characters/
Description: Domain hacks with unusual Unicode characters.

URL: https://github.com/SpiderLabs/Firework/
Description: Tool to interact w/ MS Workplaces and create files for the provisioning proc.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://blog.xyz.is/2018/enso.html
Description: Ensō - A PS Vita bootloader exploit.

URL: https://ibm.co/2FqIXoO (+)
Description: How to Use Passive DNS to Inform Your Incident Response.

URL: http://blogs.360.cn/post/VBScript_vul_EN.html
Description: A Missed 0day? - Reveal another Cyber Arsenal of APT-C-06.

URL: https://security-bits.de/posts/2018/11/11/exposed_sonos_interface.html
Description: Exposed Sonos Webinterface (1400/TCP).

URL: https://wwws.nightwatchcybersecurity.com/2018/11/11/cve-2018-15835/
Description: Android Sensitive Data Exposure via Battery Info. Broadcasts (CVE-2018-15835).

URL: https://www.ixiacom.com/company/blog/trinity-p2p-malware-over-adb
Description: Trinity - P2P Malware Over ADB.

URL: https://maxkersten.nl/binary-analysis-course/malware-analysis/dot-net-rat/
Description: Dot Net RAT.

URL: https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directories-24a96675f6e
PoC: https://github.com/tenable/poc/tree/master/UACBypass
Description: UAC Bypass by Mocking Trusted Directories.

URL: http://bit.ly/2RWjjtj (+)
Description: Executing Commands and Bypassing AppLocker with PS Diagnostic Scripts.

URL: https://medium.com/@mattharr0ey/lateral-movement-using-url-protocol-e6f7d2d6cf2e
Description: Lateral movement using URL Protocol.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://github.com/hannob/tls-what-can-go-wrong
Description: TLS - What can go wrong?

URL: https://github.com/maxmcd/webtty
Description: Share a terminal session over WebRTC.

URL: https://twobithistory.org/2018/11/12/cat.html
Description: The Source History of Cat.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 47 | Month: November | Year: 2018 | Release Date: 23/11/2018 | Edition: #249 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: http://bit.ly/2DSeKgK (+)
Description: XS-Searching Google's bug tracker to find out vulnerable source code.

URL: http://bit.ly/2R6zbcG (+)
Description: "How I hacked Google's bug tracking system itself for $15,600 in bounties." 


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/iddoeldor/frida-snippets
Description: Hand-crafted Frida examples.

URL: https://github.com/ptresearch/IntelTXE-PoC
Description: Intel Management Engine JTAG Proof of Concept.

URL: https://out-of-tree.io/
Slides: http://bit.ly/2qZ3kiP (+)
Description: Out-of-tree kernel {module, exploit} development tool.

URL: https://diary.shift-js.info/js-comment-block/
Description: Bypassing JavaScript Deobfuscator by Using *Comments*.

URL: https://github.com/pwn20wndstuff/Osiris
Description: Osiris developer jailbreak for iOS 11.0 - 11.4b3.

URL: https://github.com/cornelinux/yubikey-luks
Related: https://github.com/agherzan/yubikey-full-disk-encryption
Description: Yubikey for LUKS.

URL: https://github.com/j3ssie/Osmedeus
Description: Automatic Reconnaisance and Scanning in Penetration Testing.

URL: https://github.com/Bo0oM/PHP_imap_open_exploit
Related: https://antichat.com/threads/463395/#post-4254681
Description: Bypassing disabled exec functions in PHP via imap_open.

URL: https://ionize.com.au/multiple-transports-in-a-meterpreter-payload/
Description: Multiple Transports in a Meterpreter Payload.

URL: https://www.hahwul.com/2018/11/waf-bypass-xss-payload-only-hangul.html
Description: WAF Bypass XSS Payload Only Hangul.

URL: https://github.com/airbus-seclab/android_emuroot
Description: Script to grant root privileges to Google API Playstore emulator shells.

URL: https://github.com/TarlogicSecurity/SaSSHimi
Blog: https://www.tarlogic.com/en/blog/sasshimi-evading-allowtcpforwarding/
Description: SSH Tunneling in "RAW mode" via STDIN/OUT - evading AllowTcpForwarding.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://justi.cz/security/2018/11/14/gvisor-lpe.html
Description: Privilege Escalation in gVisor, Google's Container Sandbox.

URL: https://tinyhack.com/2018/11/21/reverse-engineering-pokemon-go-plus/
Description: Reverse Engineering Pokémon GO Plus.

URL: https://fireshellsecurity.team/restricted-linux-shell-escaping-techniques/
Description: Restricted Linux Shell Escaping Techniques.

URL: http://bit.ly/2zn0f0F (+)
PoC: https://github.com/ttffdd/XBadManners
Description: Yet another memory leak in ImageMagick or how to exploit CVE-2018–16323.

URL: http://bit.ly/2DCUGy1 (+)
Description: Symmetric Encryption with AES in Java and Android.

URL: https://www.elttam.com.au/blog/ruby-deserialization/
Description: Ruby 2.x Universal RCE Deserialization Gadget Chain.

URL: http://bit.ly/2DTokQm (+)
Description: Escaping from Mozilla Firefox in Restricted Environments.

URL: https://blog.cotten.io/hacking-gmail-with-weird-from-fields-d6494254722f
Description: Hacking Gmail's UX With From Fields.

URL: https://menschers.com/2018/10/30/what-is-cve-2018-8493/
Description: Exploiting Windows' IP ID Randomization to Leak Kernel Data (CVE-2018-8493).

URL: https://wojciechregula.blog/your-signal-messages-can-leak-via-locked-screen-on-macos/
Description: Your Signal messages can leak via locked screen on macOS.


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: http://signedmalware.org/
Description: Signed Malware.

URL: https://nginxconfig.io/
Description: NGiИX configuration generator.

URL: https://medium.com/@copyconstruct/socat-29453e9fc8a6
Description: Socat primer.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d

 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗  
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝  
██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗
╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝
### Week: 48 | Month: November | Year: 2018 | Release Date: 30/11/2018 | Edition: #250 ###

'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐
'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤ 
'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘
'  Something that's really worth your time!


URL: https://slashcrypto.org/2018/11/28/eBay-source-code-leak/
Description: Pwning eBay - How I Dumped eBay Japan's Website Source Code.

URL: https://www.ory.sh/sign-in-with-user-impersonation-oauth2-openid-connect
Description: Impersonating users by abusing broken “Sign in with” implementations.


'  ╦ ╦┌─┐┌─┐┬┌─
'  ╠═╣├─┤│  ├┴┐
'  ╩ ╩┴ ┴└─┘┴ ┴
'  Some Kung Fu Techniques.


URL: https://github.com/0xR0/shellver
Description: Reverse Shell Cheat Sheet Tool.

URL: https://github.com/wagoodman/dive
Description: A tool for exploring each layer in a docker image.

URL: https://github.com/ViDA-NYU/ache
Description: ACHE is a web crawler for domain-specific search. 

URL: https://github.com/cisco-config-analysis-tool/ccat
Description: Cisco Config Analysis Tool.

URL: https://github.com/xillwillx/skiptracer
Description: OSINT python webscaping framework.

URL: https://github.com/Chainfire/librootjava
Description: Run Java (and Kotlin) code as root!

URL: https://github.com/regit/pshitt
Description: Passwords of SSH Intruders Transferred to Text.

URL: https://github.com/woanware/bgp-watcher
Description: Prototype system to monitor BGP routes and alert anomalies.

URL: https://github.com/fox-it/dissect.cstruct
Description: A no-nonsense c-like structure parsing library for Python.

URL: https://medium.com/@Bank_Security/undetectable-c-c-reverse-shells-fab4c0ec4f15
Description: Undetectable C# & C++ Reverse Shells.

URL: https://github.com/TunisianEagles/Androspy
Description: Framework to Backdoor Crypter & Creator with Automatic IP Poisener.

URL: https://medium.com/@petergombos/smb-named-pipe-pivoting-in-meterpreter-462580fd41c5
Description: SMB Named Pipe Pivoting in Meterpreter.


'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘
'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴ 
'  All about security issues.


URL: https://l.avala.mp/?p=285
PoC: https://github.com/lavalamp-/ipv666
Description: IPv666 - Address of the Beast.

URL: https://saleemrashid.com/2018/11/26/breaking-into-bitbox/
Description: Breaking into the (Digital) BitBox.

URL: http://bit.ly/2RnTVNd (+)
Description: Xipology (⅓) — Exploiting DNS caching as a carrier.

URL: http://bit.ly/2zzlQmu (+)
Description: My name is Johann Wolfgang von Goethe – I can prove it.

URL: https://medium.com/@SweetRollBandit/aws-slurp-github-takeover-f8c80b13e7b5
Description: AWS Slurp Github Takeover.

URL: https://blog.timac.org/2018/1126-deobfuscated-libmobilegestalt-keys-ios-12/
Description: Deobfuscated libMobileGestalt keys (iOS 12).

URL: http://bit.ly/2rbKlBV (+)
Description: Local File Inclusion via phpinfo() Exploit (Race Condition) to RCE.

URL: https://github.com/sgayou/subaru_starlink_research/blob/master/doc/README.md
Description: Jailbreaking Subaru StarLink.

URL: http://bit.ly/2P8u5v1 (+)
Description: Bypassing Microsoft XOML Workflows Protection Mechanisms w/ Deserialisation.

URL: http://bit.ly/2TPBLWx (+)
Description: Microsoft Windows win32k.sys - Invalid Pointer Vulnerability (MSRC Case 48212).


'  ╔═╗┬ ┬┌┐┌
'  ╠╣ │ ││││
'  ╚  └─┘┘└┘
'  Spare time?


URL: https://gcemetery.co/
Description: List of dead Google products.

URL: https://github.com/emvivre/limesdr_toolbox
Description: Toolbox for the LimeSDR / LimeSDR-Mini.

URL: http://bit.ly/2FXmMGS (+)
Description: What Happened When I Peeked Into My Node_Modules Directory.


'  ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
'  ║  ├┬┘├┤  │││ │ └─┐
'  ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
'  Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d20687474703a2f2f706174686f6e70726f6a6563742e636f6d