[Owasp-Cluj] AppSec Ezine - 1st
Lucian Corlan
Lucian.Corlan at betfair.com
Wed Feb 11 21:23:04 UTC 2015
█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝
██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗
╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝
### Year: 2015 | Release Date: 06/02/2015 | Author: Renato Rodrigues ###
' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐
' ║║║│ │└─┐ │ ╚═╗├┤ ├┤
' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘
' Something that really worth your time!
URL: zzzz://innerht.ml/blog/ie-uxss.html
Original PoC: zzzz://www.deusen.co.uk/items/insider3show.3362009741042107/
Description: Bypass of the Same-Origin Policy (SOP) on Internet Explorer. 😈
URL: zzzz://www.bulbsecurity.com/more-book-exercises-guessable-credentials-apache-tomcat/
Description: Guessable Credentials-Apache Tomcat.
URL: zzzz://wiki.secarmour.com/2013/02/ssi-injection-attack.html
Description: SSI Injection Attack.
' ╦ ╦┌─┐┌─┐┬┌─
' ╠═╣├─┤│ ├┴┐
' ╩ ╩┴ ┴└─┘┴ ┴
' Some Kung Fu Techniques.
URL: zzzzz://github.com/StalkR/dns-reverse-proxy
Blog: zzzz://blog.stalkr.net/2015/01/dns-reverse-proxy.html
Description: DNS Reverse Proxy.
URL: zzzzz://github.com/dotcppfile/DAws
Description: Advanced Web Shell.
URL: zzzzz://github.com/ant4g0nist/lisa.py
Description: An Exploit Dev Swiss Army Knife.
URL: zzzzz://binjitsu.readthedocs.org/en/latest/
Description: Binjitsu is a CTF framework and exploit development library.
URL: zzzzz://github.com/diafygi/webrtc-ips
Description: STUN IP Address requests for WebRTC, get local and external IP.
URL: zzzzz://github.com/rurapenthe/hashfind
Description: Tool to search files for matching password hash types and other data.
URL: zzzzz://github.com/USArmyResearchLab/Dshell
Description: Dshell is a network forensic analysis framework.
' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬
' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘
' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴
' All about security issues/problems.
URL: zzzz://0x00string.com/hacktionary/index.php?title=AllShare_Cast
Description: AllShare Cast Security Research.
URL: zzzz://securitycafe.ro/2015/01/05/understanding-php-object-injection/
Description: Understanding PHP Object Injection.
URL: zzzz://argus-sec.com/blog/remote-attack-aftermarket-telematics-service/
Description: A remote attack on an aftermarket telematics service (Car Hacking).
URL: zzzzz://blog.netspi.com/advisory-xxe-injection-oracle-database-cve-2014-6577/
Description: XXE Injection in Oracle Database (CVE-2014-6577).
URL: zzzz://www.davidlitchfield.com/Privilege_Escalation_via_Oracle_Indexes.pdf
Description: Privilege Escalation via Oracle Indexes.
URL: zzzz://h30499.www3.hp.com/t5/Fortify-Application-Security/Owning-SQLi-vulnerability-with-SQLmap/ba-p/6698577
Description: Owning SQLi vulnerability with SQLmap.
URL: zzzz://drops.wooyun.org/papers/4762
Description: Linux symbolic link attacks.
' ╔═╗┬ ┬┌┐┌
' ╠╣ │ ││││
' ╚ └─┘┘└┘
' Spare time ?
URL: zzzz://keygenmusic.net/
Description: Music from keygens, cracks, trainers, intros.
URL: zzzzz://github.com/madrobby/secure.js
Description: Better and more secure JavaScript!
URL: zzzz://shipyourenemiesglitter.com/
Description: We send glitter to the people you hate. 😸
________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from
MessageLabs to scan all Incoming and Outgoing mail for viruses.
________________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-cluj/attachments/20150211/048cfd70/attachment-0001.html>
More information about the Owasp-Cluj
mailing list