[Owasp-Cluj] AppSec Ezine - 3rd Edition

Lucian Corlan Lucian.Corlan at betfair.com
Wed Feb 25 07:29:48 UTC 2015


 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗    ███████╗███████╗██╗███╗   ██╗███████╗

██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝    ██╔════╝╚══███╔╝██║████╗  ██║██╔════╝

███████║██████╔╝██████╔╝███████╗█████╗  ██║         █████╗    ███╔╝ ██║██╔██╗ ██║█████╗

██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝  ██║         ██╔══╝   ███╔╝  ██║██║╚██╗██║██╔══╝

██║  ██║██║     ██║     ███████║███████╗╚██████╗    ███████╗███████╗██║██║ ╚████║███████╗

╚═╝  ╚═╝╚═╝     ╚═╝     ╚══════╝╚══════╝ ╚═════╝    ╚══════╝╚══════╝╚═╝╚═╝  ╚═══╝╚══════╝

### Year: 2015 | Author: Renato Rodrigues | Edition: 3 ###





'  ╔╦╗┬ ┬┌─┐┌┬┐  ╔═╗┌─┐┌─┐

'  ║║║│ │└─┐ │   ╚═╗├┤ ├┤

'  ╩ ╩└─┘└─┘ ┴   ╚═╝└─┘└─┘

'  Something that really worth your time!





URL: zzzzz://github.com/cryptostorm/leakblock/tree/master/superfish.com

Why Not: zzzzz://blog.filippo.io/make-your-own-superfish-infected-vm/

Blog: zzzz://blog.erratasec.com/2015/02/extracting-superfish-certificate.html

Certificate: zzzzz://gist.github.com/mathiasbynens/7a13a467b22c42505490#file-private-key-pem

Description: Lenovo SuperFish Awesomeness 😂.



URL: zzzz://danlec.com/blog/hacking-stackoverflow-com-s-html-sanitizer

Description: Hacking stackoverflow.com's HTML sanitizer.



URL: zzzz://philippeharewood.com/paging-cursors-leaking-data-in-graph-api/

Description: Paging Cursors leaking data in Graph API (Facebook).





'  ╦ ╦┌─┐┌─┐┬┌─

'  ╠═╣├─┤│  ├┴┐

'  ╩ ╩┴ ┴└─┘┴ ┴

'  Some Kung Fu Techniques.





URL: zzzz://www.shellcheck.net/

Description: Automatically detects problems with sh/bash scripts and commands.



URL: zzzzz://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/

Description: Decrypting TLS Browser Traffic With Wireshark - The Easy Way!



URL: zzzzz://github.com/wapiflapi/exrs

Description: Exercises for learning Reverse Engineering and Exploitation.



URL: zzzzz://github.com/citronneur/rdpy

Description: Remote Desktop Protocol in twisted python. (Handy!)



URL: zzzzz://github.com/clymb3r/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1

Description: Invoke-Mimikatz in Memory Only with PowerShell.



URL: zzzz://seclists.org/fulldisclosure/2015/Feb/56

Description: NetGear Routers Pownage.



URL: zzzz://sourceforge.net/projects/packeth/

Description: packETH is a Linux GUI packet generator tool for ethernet.





'  ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬

'  ╚═╗├┤ │  │ │├┬┘│ │ └┬┘

'  ╚═╝└─┘└─┘└─┘┴└─┴ ┴  ┴

'  All about security issues/problems.





URL: zzzz://shubh.am/exploiting-markdown-syntax-and-telescope-persistent-xss-through-markdown-cve-2014-5144/

Description: Exploiting Markdown Syntax and Telescope Persistent XSS through Markdown (CVE-2014-5144).



URL: zzzz://blog.sucuri.net/2015/02/creative-evasion-technique-against-website-firewalls.html

Description: Creative Evasion Technique Against Website Firewalls.



URL: zzzzz://www.trustedsec.com/january-2015/account-hunting-invoke-tokenmanipulation/

Description: Account Hunting for Invoke-TokenManipulation (Pentesting).



URL: zzzz://www.evilsocket.net/2015/01/29/nike-fuelband-se-ble-protocol-reversed/

Description: Nike+ FuelBand SE BLE Protocol Reversed.



URL: zzzz://www.insinuator.net/2015/01/evasion-of-cisco-acls-by-abusing-ipv6-discussion-of-mitigation-techniques/

Description: Evasion of Cisco ACLs by (Ab)Using IPv6 & Discussion of Mitigation Techniques.



URL: zzzzz://rh0dev.github.io/blog/2015/fun-with-info-leaks/

Description: Fun With Info-Leaks.



URL: zzzz://haxelion.eu/article/LD_NOT_PRELOADED_FOR_REAL/

Description: LD_NOT_PRELOADED_FOR_REAL (LD_PRELOAD the Other Side).





'  ╔═╗┬ ┬┌┐┌

'  ╠╣ │ ││││

'  ╚  └─┘┘└┘

'  Spare time ?





URL: zzzzz://github.com/yaronn/blessed-contrib

Description: Build terminal dashboards using ascii/ansi art and javascript.



URL: zzzz://pixelscommander.com/en/javascript/nasa-coding-standarts-for-javascript-performance/

Description: Applying NASA coding standards to JavaScript.



URL: zzzzz://littleosbook.github.io/

Description: The little book about OS development.

________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from 
MessageLabs to scan all Incoming and Outgoing mail for viruses.

________________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-cluj/attachments/20150225/bf680295/attachment-0001.html>


More information about the Owasp-Cluj mailing list