[Owasp-Cluj] AppSec Ezine - 1st

Lucian Corlan Lucian.Corlan at betfair.com
Wed Feb 11 21:23:04 UTC 2015


 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗

██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝

███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗

██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝

██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗

╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝

### Year: 2015 | Release Date: 06/02/2015 | Author: Renato Rodrigues ###





'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐

'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤

'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘

'  Something that really worth your time!





URL: zzzz://innerht.ml/blog/ie-uxss.html

Original PoC: zzzz://www.deusen.co.uk/items/insider3show.3362009741042107/

Description: Bypass of the Same-Origin Policy (SOP) on Internet Explorer. 😈



URL: zzzz://www.bulbsecurity.com/more-book-exercises-guessable-credentials-apache-tomcat/

Description: Guessable Credentials-Apache Tomcat.



URL: zzzz://wiki.secarmour.com/2013/02/ssi-injection-attack.html

Description: SSI Injection Attack.





'  ╦ ╦┌─┐┌─┐┬┌─

'  ╠═╣├─┤│  ├┴┐

'  ╩ ╩┴ ┴└─┘┴ ┴

'  Some Kung Fu Techniques.





URL: zzzzz://github.com/StalkR/dns-reverse-proxy

Blog: zzzz://blog.stalkr.net/2015/01/dns-reverse-proxy.html

Description: DNS Reverse Proxy.



URL: zzzzz://github.com/dotcppfile/DAws

Description: Advanced Web Shell.



URL: zzzzz://github.com/ant4g0nist/lisa.py

Description: An Exploit Dev Swiss Army Knife.



URL: zzzzz://binjitsu.readthedocs.org/en/latest/

Description: Binjitsu is a CTF framework and exploit development library.



URL: zzzzz://github.com/diafygi/webrtc-ips

Description: STUN IP Address requests for WebRTC, get local and external IP.



URL: zzzzz://github.com/rurapenthe/hashfind

Description: Tool to search files for matching password hash types and other data.



URL: zzzzz://github.com/USArmyResearchLab/Dshell

Description: Dshell is a network forensic analysis framework.





'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬

'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘

'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴

'  All about security issues/problems.





URL: zzzz://0x00string.com/hacktionary/index.php?title=AllShare_Cast

Description: AllShare Cast Security Research.



URL: zzzz://securitycafe.ro/2015/01/05/understanding-php-object-injection/

Description: Understanding PHP Object Injection.



URL: zzzz://argus-sec.com/blog/remote-attack-aftermarket-telematics-service/

Description: A remote attack on an aftermarket telematics service (Car Hacking).



URL: zzzzz://blog.netspi.com/advisory-xxe-injection-oracle-database-cve-2014-6577/

Description: XXE Injection in Oracle Database (CVE-2014-6577).



URL: zzzz://www.davidlitchfield.com/Privilege_Escalation_via_Oracle_Indexes.pdf

Description: Privilege Escalation via Oracle Indexes.



URL: zzzz://h30499.www3.hp.com/t5/Fortify-Application-Security/Owning-SQLi-vulnerability-with-SQLmap/ba-p/6698577

Description: Owning SQLi vulnerability with SQLmap.



URL: zzzz://drops.wooyun.org/papers/4762

Description: Linux symbolic link attacks.





'  ╔═╗┬ ┬┌┐┌

'  ╠╣ │ ││││

'  ╚  └─┘┘└┘

'  Spare time ?





URL: zzzz://keygenmusic.net/

Description: Music from keygens, cracks, trainers, intros.



URL: zzzzz://github.com/madrobby/secure.js

Description: Better and more secure JavaScript!



URL: zzzz://shipyourenemiesglitter.com/

Description: We send glitter to the people you hate. 😸



________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from 
MessageLabs to scan all Incoming and Outgoing mail for viruses.

________________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-cluj/attachments/20150211/048cfd70/attachment-0001.html>


More information about the Owasp-Cluj mailing list