[Owasp-Cluj] AppSec Ezine

Lucian Corlan Lucian.Corlan at betfair.com
Tue Mar 31 17:36:25 UTC 2015


 █████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗ ███████╗███████╗██╗███╗ ██╗███████╗██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝ ██╔════╝╚══███╔╝██║████╗ ██║██╔════╝███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗ ███╔╝ ██║██╔██╗ ██║█████╗ ██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝ ███╔╝ ██║██║╚██╗██║██╔══╝ ██║ ██║██║ ██║ ███████║███████╗╚██████╗ ███████╗███████╗██║██║ ╚████║███████╗╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝###º ###' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐' ║║║│ │└─┐ │ ╚═╗├┤ ├┤ ' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘' Something that really worth your time!URL: http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.htmlDescription: The old is new, again. CVE-2011-2461 is back!URL: http://sekurak.pl/kolejny-xss-w-www-google-com-custom-search-engine/Description: Another XSS in www.google.com<http://www.google.com> (Custom Search Engine).URL: http://netwars-project.com/webdocDescription: Web series exploring the impending threat of cyberwarfare.' ╦ ╦┌─┐┌─┐┬┌─' ╠═╣├─┤│ ├┴┐' ╩ ╩┴ ┴└─┘┴ ┴' Some Kung Fu Techniques.URL: https://github.com/botherder/cryptoletterDescription: Simple script for PGP encrypted newsletter.URL: https://github.com/g0tmi1k/os-scripts/blob/master/kali.shDescription: Personal (g0tmilk) post install script for Kali Linux.URL: https://github.com/slimm609/checksec.shDescription: Bash script to check executable properties like (PIE, RELRO, PaX, Canaries, ASLR, Fortify Source).URL: https://x-ryl669.github.io/Frost/Description: I needed a tool I can rely on to backup my work and personal data.URL: https://github.com/SecurityObscurity/cve-2015-0313Description: Adobe Flash vulnerability source code (CVE-2015-0313) from Angler Exploit Kit.URL: https://github.com/stealth/troubleshooterDescription: SELinux vulnerabiliteis (80's style exploit techniques).URL: https://mozillasecurity.github.io/dharma/Description: A generation-based, context-free grammar fuzzer.' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴ ' All about security issues/problems.URL: http://breakingmalware.com/vulnerabilities/vulnerability-patching-learning-from-avg-on-doing-it-right/Description: Vulnerability Patching - Learning from AVG on Doing it Right.URL: http://labs.detectify.com/post/114572572966/stealing-files-from-web-servers-by-exploiting-aDescription: Stealing files from web servers by exploiting a popular PDF generator.URL: http://highon.coffee/blog/ssh-meterpreter-pivoting-techniques/Description: SSH & Meterpreter Pivoting Techniques.URL: http://www.security-explorations.com/en/SE-2014-02-details.htmlDescription: Google App Engine Java security sandbox bypasses (with PoC code).URL: http://carnal0wnage.attackresearch.com/2015/03/devooops-revision-control-git.htmlDescription: DevOoops - Revision Control (git).URL: http://ultimatehackingarticles.blogspot.pt/2013/01/error-based-sql-injection-tutorial.htmlDescription: Error based sql injection tutorial - Double query injection.URL: https://bughardy.me/a-ghost-tale/Description: A Ghost Tale (Ghost Blog Platform Security Assessment).URL: https://www.nccgroup.com/en/blog/2015/02/abusing-blu-ray-players-pt-1-sandbox-escapes/Description: Abusing Blu-ray Players Pt. 1 – Sandbox Escapes.' ╔═╗┬ ┬┌┐┌' ╠╣ │ ││││' ╚ └─┘┘└┘' Spare time ?URL: https://github.com/mozumder/HTML6Description: An HTML6 proposal for single-page apps without Javascript.URL: http://shrigley.com/source_code_archive/Description: SEGA Megadrive/Genesis source codes.URL: https://www.reddit.com/r/networking/comments/2gjzof/its_been_a_rough_week/Description: It's been a rough week 😆. ' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐' ║ ├┬┘├┤ │││ │ └─┐' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘' Content Helpers (0x)52656e61746f20526f64726967756573204073696d7073306e0d0a426c69702e7074202f204f504f

https://madlabs.app.betfair/zb/?4e03586074ed2219#z4AElq/Xwd7CVzqZOyABEyvU6ZwGKzRMKDYNvuriB7U=



________________________________________________________________________
In order to protect our email recipients, Betfair Group use SkyScan from 
MessageLabs to scan all Incoming and Outgoing mail for viruses.

________________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-cluj/attachments/20150331/5e44982e/attachment.html>


More information about the Owasp-Cluj mailing list