Scribd
Upload
26 views4 pages

93 - Appsec Ezine: Week: 48 - Month: November - Year: 2015 - Release Date: 27/11/2015 - Edition: 93º

This issue of the AppSec Ezine newsletter contains security news and information including tools for malware analysis, privilege escalation, keylogging, and fuzzing. It also discusses recent vulnerabilities found in Cisco routers, D-Link cameras, and SAP SuccessFactors.

Uploaded by

techconsultantafrica
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
26 views4 pages

93 - Appsec Ezine: Week: 48 - Month: November - Year: 2015 - Release Date: 27/11/2015 - Edition: 93º

This issue of the AppSec Ezine newsletter contains security news and information including tools for malware analysis, privilege escalation, keylogging, and fuzzing. It also discusses recent vulnerabilities found in Cisco routers, D-Link cameras, and SAP SuccessFactors.

Uploaded by

techconsultantafrica
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

93 - AppSec Ezine

█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗


███████╗███████╗██╗███╗ ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝
██╔════╝╚══███╔╝██║████╗ ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗
███╔╝ ██║██╔██╗ ██║█████╗
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝
███╔╝ ██║██║╚██╗██║██╔══╝
██║ ██║██║ ██║ ███████║███████╗╚██████╗
███████╗███████╗██║██║ ╚████║███████╗
╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝
╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝

Week: 48 | Month: November | Year: 2015 | Release Date:


27/11/2015 | Edition: 93º

' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐


' ║║║│ │└─┐ │ ╚═╗├┤ ├┤
' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘
' Something that really worth your time!

URL: http://stegosploit.info/
Talk: http://www.slideshare.net/saumilshah/stegosploit-blackhat-europe-
2015
Description: Exploit Delivery via Steganography and Polyglots.

URL: http://maustin.net/2015/11/12/hipchat_rce.html
Description: XSS to RCE in Atlassian Hipchat.

URL: http://ryhanson.com/angular-expression-injection-walkthrough/
Description: AngularJS Expression Injection Vulnerability Walkthrough.

' ╦ ╦┌─┐┌─┐┬┌─
' ╠═╣├─┤│ ├┴┐
' ╩ ╩┴ ┴└─┘┴ ┴
' Some Kung Fu Techniques.
URL: https://github.com/thechrisharrod/Malfind
Description: Powershell tool to download malware samples.

URL: http://silentbreaksecurity.com/invoke-dcsync-because-we-all-
wanted-it/
Description: Hashdump without the DC using DCSync (because we all
wanted it).

URL: https://gist.github.com/subTee/4843a1d9e7a9fcdb4417
Description: InstallUtil Keylogger/MouseClick Recorder - Stores Logs in
[Documents\Klog-Logs].

URL: https://github.com/elceef/bitlocker
Description: Volatility Framework plugin for extracting BitLocker FVEK (Full
Volume Encryption Key).

URL: https://github.com/tomato42/tlsfuzzer
Slides:
https://github.com/tomato42/tlsfuzzer/blob/master/docs/ruxcon2015-
kario-slides.pdf
Description: TLS test suite and fuzzer.

URL: https://github.com/omriher/CapTipper
Description: CapTipper is a python tool to analyze, explore and revive
HTTP malicious traffic.

URL: https://github.com/NoobieDog/Skype-Maltego-Client
Description: A set of local Skype transforms for Maltego to utilise Skype
and search the directory.

URL: https://github.com/diracdeltas/sniffly
Description: Sniffing browser history using HSTS + CSP.

URL:
https://github.com/ud2/advisories/tree/master/embedded/dlink/nocve-
2015-0002
Description: Remote stack overflow on D-Link cameras.

URL: https://github.com/gdbinit/gopher
Description: MacOS X crypto ransomware PoC.

' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬


' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘
' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴
' All about security issues/problems.

URL: http://meat.pisto.horse/2015/11/rooting-linksys-x2000-router-
system.html
Description: Rooting the Cisco Linksys x2000 router - system() strikes
again (Easy root).

URL: https://chloe.re/2015/11/09/csrf-blocker-block-csrf-attacks-the-
right-way/
Tool: https://github.com/avlidienbrunn/anti-csrf-plugin
Description: CSRF Blocker - block CSRF-attacks the right way.

URL: https://blog.filippo.io/the-sad-state-of-smtp-encryption/
Description: The sad state of SMTP encryption.

URL: https://respectxss.blogspot.de/2015/11/a-tale-of-breaking-saps-
successfactorss.html
Description: A Tale of Breaking SAP's SuccessFactors's XSS Filter.

URL:
http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/nslookup-
flaws.html
Description: nslookup is a badly flawed tool. Don't use it.

URL: https://www.sensepost.com/blog/2015/wadi-fuzzer/
Tool: https://github.com/sensepost/wadi
Description: Wadi Fuzzer.

URL: https://blog.gaborszathmari.me/2015/11/11/tricking-google-
authenticator-totp-with-ntp/
Description: Tricking Google Authenticator TOTP with NTP.

URL: http://yahoo-security.tumblr.com/post/122883273670/apache-
traffic-server-http2-fuzzing
Description: Apache Traffic Server - HTTP2 Fuzzing.

' ╔═╗┬ ┬┌┐┌


' ╠╣ │ ││││
' ╚ └─┘┘└┘
' Spare time ?
URL: https://github.com/NARKOZ/hacker-scripts
Description: Hacker Scripts... Epic Stuff! 😂

URL: https://github.com/docker/dockercraft
Description: Docker + Minecraft = Dockercraft.

URL: http://superlogout.com/
Description: Super Logout.

' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
' ║ ├┬┘├┤ │││ │ └─┐
' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
' Content Helpers (0x)

52656e61746f20526f64726967756573202d204073696d7073306e202d
20687474703a2f2f706174686f6e70726f6a6563742e636f6d

You might also like