Scribd
Upload
19 views4 pages

92 - Appsec Ezine: Week: 47 - Month: November - Year: 2015 - Release Date: 20/11/2015 - Edition: 92º

This issue of an appsec newsletter contains summaries and links to various security-related resources, including mobile security techniques, smartwatch hacking guides, Unix rootkits, Windows forensics scripts, phishing tools, pentesting frameworks, and information on vulnerabilities and exploits.

Uploaded by

techconsultantafrica
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
Download as pdf or txt
19 views4 pages

92 - Appsec Ezine: Week: 47 - Month: November - Year: 2015 - Release Date: 20/11/2015 - Edition: 92º

This issue of an appsec newsletter contains summaries and links to various security-related resources, including mobile security techniques, smartwatch hacking guides, Unix rootkits, Windows forensics scripts, phishing tools, pentesting frameworks, and information on vulnerabilities and exploits.

Uploaded by

techconsultantafrica
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
Download as pdf or txt
Download as pdf or txt
You are on page 1/ 4

92 - AppSec Ezine

█████╗ ██████╗ ██████╗ ███████╗███████╗ ██████╗


███████╗███████╗██╗███╗ ██╗███████╗
██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔════╝██╔════╝
██╔════╝╚══███╔╝██║████╗ ██║██╔════╝
███████║██████╔╝██████╔╝███████╗█████╗ ██║ █████╗
███╔╝ ██║██╔██╗ ██║█████╗
██╔══██║██╔═══╝ ██╔═══╝ ╚════██║██╔══╝ ██║ ██╔══╝
███╔╝ ██║██║╚██╗██║██╔══╝
██║ ██║██║ ██║ ███████║███████╗╚██████╗
███████╗███████╗██║██║ ╚████║███████╗
╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝╚══════╝ ╚═════╝
╚══════╝╚══════╝╚═╝╚═╝ ╚═══╝╚══════╝

Week: 47 | Month: November | Year: 2015 | Release Date:


20/11/2015 | Edition: 92º

' ╔╦╗┬ ┬┌─┐┌┬┐ ╔═╗┌─┐┌─┐


' ║║║│ │└─┐ │ ╚═╗├┤ ├┤
' ╩ ╩└─┘└─┘ ┴ ╚═╝└─┘└─┘
' Something that really worth your time!

URL: http://blog.dewhurstsecurity.com/2015/11/10/mobile-security-
certificate-pining.html
Description: Mobile Security Certificate Pinning (Hacks).

URL: http://grangeia.io/2015/11/09/hacking-tomtom-runner-pt1/
More: http://grangeia.io/2015/11/16/hacking-tomtom-runner-pt2/
Description: Hacking Smartwatches - the TomTom Runner.

' ╦ ╦┌─┐┌─┐┬┌─
' ╠═╣├─┤│ ├┴┐
' ╩ ╩┴ ┴└─┘┴ ┴
' Some Kung Fu Techniques.

URL: https://github.com/unix-thrust/beurk
Description: BEURK Experimental Unix RootKit.
URL: https://github.com/ITLivLab/Win7_powershell_forensics
Description: Windows 7 forensics scripts (Powershell).

URL: https://github.com/Hypsurus/weeman
Description: HTTP Server for phishing in Python.

URL: https://github.com/byt3bl33d3r/CrackMapExec
Description: A swiss army knife for pentesting Windows/AD environments.

URL: http://www.debuginfo.com/tools/chkmatch.html
Description: Check executable and debug information file is a match.

URL: https://gef.readthedocs.org/en/latest/
Description: GEF - GDB Enhanced Features.

URL: https://github.com/chipsec/chipsec
Description: Platform Security Assessment Framework.

URL: https://github.com/scanmem/scanmem
Description: Memory scanner for Linux w/ GUI.

URL: https://gitlab.com/rav7teif/linux.wifatch
Description: Linux.Wifatch Ransom Malware (Research).

URL: https://github.com/gdbinit/rootfool
Description: Dynamically disable and enable Sys. Integrity Protec.(SIP) in
El Capitan.

' ╔═╗┌─┐┌─┐┬ ┬┬─┐┬┌┬┐┬ ┬


' ╚═╗├┤ │ │ │├┬┘│ │ └┬┘
' ╚═╝└─┘└─┘└─┘┴└─┴ ┴ ┴
' All about security issues/problems.

URL: http://legalhackers.com/advisories/Google-AdWords-API-libraries-
XXE-Injection-Vulnerability.txt
Description: Google AdWords API client libraries - XML eXternal Entity
Injection (XXE).

URL: http://www.icewall.pl/?p=696&lang=en
Description: Microsoft Windows FastFAT.sys Sectors per FAT Denial of
Service Vulnerability.

URL: http://blog.checkpoint.com/2015/11/05/check-point-discovers-
critical-vbulletin-0-day/
Description: Critical vBulletin 0-Day (Research).

URL: http://tinyhack.com/2015/11/08/teensy-lc-u2f-key/
Description: Teensy LC U2F key (Why not?).

URL: https://github.com/gsbabil/ClassicNFC/blob/master/gsbabil-
ruxconf2015.pdf
PoC: https://github.com/gsbabil/ClassicNFC
Description: Hack NFC Access Cards & Steal CC Data with Android.

URL: http://blog.a-way-out.net/blog/2015/11/06/host-header-injection/
Description: Capable of Host header injection attacks in PHP vulnerability.

URL: http://blog.talosintel.com/2015/10/dangerous-clipboard.html
Description: Dangerous Clipboard - Analysis of the MS15-072 Patch.

URL: http://www.greyhathacker.net/?p=738
Description: Elevating privileges by exploiting weak folder permissions
(Windows).

' ╔═╗┬ ┬┌┐┌


' ╠╣ │ ││││
' ╚ └─┘┘└┘
' Spare time ?

URL:
https://github.com/freddymartinez9/securitytalks/blob/master/IMSICatche
rsForActivists.md
Description: IMSI Catchers - Practical Knowledge for Activists.

URL: https://instant.io/
Description: Streaming file transfer over WebTorrent.

URL: http://www.unfitbits.com/
Description: Free your fitness data from yourself.

' ╔═╗┬─┐┌─┐┌┬┐┬┌┬┐┌─┐
' ║ ├┬┘├┤ │││ │ └─┐
' ╚═╝┴└─└─┘─┴┘┴ ┴ └─┘
' Content Helpers (0x)
52656e61746f20526f64726967756573202d204073696d7073306e202d
20687474703a2f2f706174686f6e70726f6a6563742e636f6d

You might also like