────────┐ ┌────── ╒═════════════▒██████████ ▒██ ───┐▒█ ──────┐ ┌────▒████████ ┐ ╶───────┐ │ │▒████████████████ ▒███ ▒████ │ │▒█████ │▒████ │ │▒████████████████ ▒███ ▒███ ▒███ │▒████ │▒███ │ ┌───────┘ │▒█ ▒████ ▒████ ▒███ ──▒████ ▒████ ▒████ ───┤ │ ───────┤ │ │▒████ ▒████ ▒████ ▒███ ▒████ ▒███ ▒████████ │ │ │ │▒████ ▒████ ▒████ ▒████ ▒█████ ▒███ ▒█████████ │ └──────── └───▒████ ──▒██████████ ─▒████ ──▒█████ ▒██ ────▒███ ─▒████ ─ ╶───────┘▒████ ══▒███████████ ═▒███ ══▒█████ ═▒███ ════▒███ ══▒████ ═════════╕ .┌─┘▒████ ▒███████████ ▒███ ▒██████ ▒███ ▒███ ▒████ └─┐. ╷│▒████ ▒████ ▒██████████████████▒███ ▒████ ▒███ │╷ ││▒██ ▒████ ▒████ ▒██████████████████▒████ ▒███ ▒███ ▒██ ││ ││▒██ ▒██ ▒████ ▒████ ▒████████████ ▒████▒█████ ▒████ ▒██ ▒██ ││ ││▒██ ▒██ ▒████ ▒████ ▒████ ▒████ ▒███ ▒█████████████ ▒██ ▒██ ││ ││▒██ ▒████ ▒██ ▒████ ▒██ ▒███ ▒███████ ▒██ ││ ││▒████ ▒███ ││ ││▒████ ▒███ ││ ││POST-DEFCON RECAP ░█ ▒███ ││ ││▒██████████░▒████ ▒█████████ ▒████ ▒████ ▒████ ▒██ ││ │▒█████████████ ▒████████ ▒█████ ▒█████████ ▒███ ▒████▒████████ ││▒████ ▒████ ▒████ ▒████ ▒█████ ▒████ ▒████ ▒████ ▒█████████ ││▒████ ▒████ ▒████ ▒████ ▒██████ ▒█████████ ▒████ ▒████ ▒██ ▒█████ ││▒███ ▒████ ▒████ ▒████ ▒██████ ▒█████████ ▒████ ▒████ ▒███ ▒████ │▒████ ▒██ ▒███████ ▒████ ▒███████ ▒███████ ▒█████ ▒████ ▒███ ▒████ ▒████ ▒███ ▒██████████████ ▒███████ ▒███████ ▒█████ ▒████ ▒███ ▒████ ▒███ ▒████ ▒██████████████████ ▒████████ ▒████████████████████ ▒███ ▒████ ▒████ ▒████ ▒██████████ ▒████▒████ ▒█████ ▒████████████████████ ▒██ ▒████ ▒████ ▒████████ ▒████ ▒████ ░▒██ ▒█████████████████████ ▒███ ▒████ ▒████ ▒█████████ ▒████ ▒████ ▒███ ▒████████████████ ▒███ ▒████ ▒████ ▒████ ▒████ ▒████ ▒████ ▒████ ▒███████ ▒██████ ▒████ ▒████ ││▒███████████ ▒████ ▒████ ▒█████████ ▒██████ ▒███████ ▒███████████ ││ ││▒██████ ▒███ ▒████ ▒█████ ▒██████ ▒███ ░▒█ ▒██████ ││ ││▒████ ▒█████ ││ ││▒████ ▒███ ││ ││▒███ ││ ││ ││ ││██ █ █▀▀ █ █ ▄▀▀▀ ││ ││█ █ █ █▄▄ █ ▄ █ ▀▄▄▄ ││ ││█ ██ █▄▄▄ █ █ ▄▄▄▀ ││ ││ ││ ││ ·• Teen Security Researcher Suspended for Exposing Vulnerabilities in His ││ ││ School's Software ││ ││ ││ ││ ·• Apple Confirms $1 Million Reward For Anyone Who Can Hack An iPhone ││ ││ ││ ││ ·• GitHub sued for aiding hacking in Capital One breach ││ ││ ││ ││ ·• Canon DSLR Camera Infected with Ransomware Over the Air ││ ││ ││ ││ ·• New Dragonblood vulnerabilities found in WiFi WPA3 standard ││ ││ ││ ││ ·• Reverse RDP Attack Enables Guest-to-Host Escape in Microsoft Hyper-V ││ ││ ││ ││ ·• Honda's Security Soft Spots Exposed in Unsecured Database ││ ││ ││ ││ ·• Hungary Subsidiary of Microsoft Corporation Agrees to Pay $8.7 Million ││ ││ in Criminal Penalties to Resolve Foreign Bribery Case ││ ││ ││ ││ ·• Hidden Injection Flaws Found in BIG-IP Load Balancers ││ ││ ││ ││ ·• New Qualcomm Chip Flaws Expose Millions of Android Devices to Hacking ││ ││ ││ ││ ·• Critical Vulnerabilities in Nvidia Drivers ││ ││ ││ ││ ·• Cisco "Knowingly Sold Hackable Video Surveillance System to U.S. ││ ││ Government" ││ ││ ││ ││ ·• Cyberattack On LAPD Confirmed: Data Breach Impacts Thousands Of Officers ││ ││ ││ ││ ·• DHS issues hacking security alert for small planes ││ ││ ││ ││ ·• Black Hat USA 2019: IBM X-Force Red Reveals New Warshipping Hack To ││ ││ Infiltrate Corporate Networks ││ ││ ││ ││ ·• Black Hat Talk About 'Time AI' Causes Uproar, Is Deleted By Conference ││ ││ ││ ││ ·• DEFCON 2019: 35 Bugs in Office Printers Offer Hackers an Open Door ││ ││ ││ ││ ·• British Police Threaten Prosecution for Anyone Caught Mocking Drug ││ ││ Dealers Haircut ││ ││ ││ ││█▀▀▄ █▀▀█ █▀▀█ █▀▄ █▀▀▄ █▀▀ ▄▀▀▄ █▀▄ ▄▀▀▀ ││ ││█ ▄ █ █ █ █ █ █ █▄▄▀ █▄▄ █▄▄█ █ █ ▀▄▄▄ ││ ││█▄▄█ █▄▄█ █▄▄█ █▄▄█ █ █▄█▄▄▄█ █ █▄▄█ ▄▄▄▀ ││ ││ ││ ││ ·• How to Lock Down the Kernel to Secure the Container ││ ││ ││ ││ ·• HTTP Desync Attacks: Request Smuggling Reborn ││ ││ ││ ││ ·• [netspooky] Cisco SMI: Still Tippin' ││ ││ ││ ││ ·• Blackhat: Pre-auth RCE on Leading SSL VPNs ││ ││ ││ ││ ·• Blackhat: Inside the Apple T2 ││ ││ ││ ││ ·• [icyphox] Picking the FB50 smart lock (CVE-2019-13143) ││ ││ ││ ││ ·• TLS Fingerprinting with JA3 and JA3S ││ ││ ││ ││ ·• Exploring the internals of the .NET Runtime ││ ││ ││ ││ ·• Using an RTL-SDR, RF Fingerprinting and Deep Learning to Authenticate ││ ││ RF Devices ││ ││ ││ ││ ·• The Lost Art of Warez ││ ││ ││ ││ ·• Base64 Magic! ││ ││ ││ ││ ·• WCTF2019: Gyotaku The Flag ││ ││ ││ ││ ·• Juuls New E-Cig Sure Is Collecting a Dumb Amount of Data About Its Users ││ ││ ││ ││ ·• Ahold-Delhaize and how bug bounty reports should be handled ││ ││ ││ ││ ·• Exploiting Qualcomm WLAN And Modem Over-The-Air ││ ││ ││ ││ ·• Harnessing Weapons of Mac Destruction ││ ││ ││ ││█▀▀▀▄ █▀▀▄ █▀▀█ ▀▀█ █▀▀ █▀▀▀ ▀▀█▀▀▄▀▀▀ ││ ││█▄▄▄▀ █▄▄▀ █ █ █ █▄▄ █ █ ▀▄▄▄ ││ ││█ █ █ █▄▄█ █▄▄█ █▄▄▄ █▄▄▄ █ ▄▄▄▀ ││ ││ ││ ││ ·• ThreatLand - TL.FRAUD: A collection of fraud related tools for research. ││ ││ ││ ││ ·• Skelsec's pypykatz has a bunch of new features! ││ ││ ││ ││ ·• The Teletypist - hexadecim8's old school hacker history zine ││ ││ ││ ││ ·• Sampler: A tool for shell commands execution, visualization & alerting. ││ ││ ││ ││ ·• Kubernetes Audit Repo ││ ││ ││ ││█▀▀▀ █ █ █▀▀ ▄▀▀▄▀▀█▀▀▄▀▀▀ ││ ││█ █▀▀█ █▄▄ █▄▄█ █ ▀▄▄▄ ││ ││█▄▄▄ █ █ █▄▄▄█ █ █ ▄▄▄▀ ││ ││ ││ ││ ·• thu.gg Kiosk Hacking PoC Landing Page (Work in Progress) ││ ││ ││ ││ ·• [mg] Legit Looking iPhone Lightning Cables Will Hijack Your Computer ││ ││ ││ ││ ·• zer0pwn - CVE-2019-14744 KDE Desktop File Command Injection ││ ││ └─ [poc] KDE Desktop File Command Injection ││ ││ ││ ││ ·• Steam Windows Client Local Privilege Escalation 0day ││ ││ └─ [poc] SteamEoP.ps1 ││ ││ ││ ││ ·• SharpGPOAbuse - A tool to take advantage of a user's edit rights on a ││ ││ GPO in order to compromise the objects that are controlled by that GPO. ││ ││ ││ ││ ·• CVE-2019-11581 - Atlassian Jira Unauthorized Template Injection Vuln ││ ││ ││ ││ ·• Understanding and Evading Get-InjectedThread ││ ││ ││ ││ ·• Dlink-CVE-2019-13101 ││ ││ ││ ││ ·• Fortinet FortiRecorder hardcoded password ││ ││ ││ ││ ·• ghostscript CVE-2019-10216: -dSAFER escape via .buildfont1 ││ ││ ││ ││ ·• Linux 4.10 < 5.1.17 PTRACE_TRACEME local root (CVE-2019-13272) ││ ││ ││ ││▄▀▀▀ ▄▀▀▄ █▀▀ ▄▀▀▄ █▀▀▄ █ Leave nothing but log entries. ││ ││▀▄▄▄▄ █▄▄█ █▄▄ █▄▄█ █▄▄▀ ▄ Take nothing but screenshots. ││ ││▄▄▄▄▀ █ █ █ █ █ █ █▄ █ Kill nothing but time. ││ ││ ││ ││ ·• [hermit] XSS in US Postal Service Package Tracker ││ ││ ·• [hermit] Spam Dating App Persistent iFrame Injection ││ ││ ·• [hermit] Sprint / Chrysler Telematics Dev Backend ││ ││ ·• [hermit] Sprint / Chrysler Telematics Dev Links ││ ││ ·• [hermit] Sprint's Cellebrite Support Documentation ││ ││ ·• [hermit] Weirdly cached Facebook open dir ││ ││ ·• [hermit] "The most cursed dork of all time" ││ ││ ·• [hermit] Wordpress site exports dork ││ ││ ·• [hermit] Google CPanel Dork ││ ││ ·• [hermit] Voicemail Office Open Dir ││ ││ ·• [hermit] Macy's UI/JS Test Suite ││ ││ ·• [hermit] Dreambox RCE Dork ││ ││ ·• [hermit] old_website/oldwebsite/oldsite/old/... ││ ││ ·• [hermit] Send a push notification, somewhere? ││ ││ ·• [hermit] Christina Aguilera API ? ││ ││ ·• [sshell] Backups containing database creds for the Lebanese Chamber of ││ ││ Commerce, Industry, and Agriculture ││ ││ ·• [sshell] lists of voter records with full names, addresses, and party ││ ││ affiliation for a county in new jersey ││ ││ ·• [xehle] Google Data Export Dork ││ ││ ·• [xehle] Department of Education Download Pages ││ ││ ·• [yuu] A lot of old NASA stuff ││ ││ ·• [yuu] Lantronix Unauthenticated "Setup Mode" Dork ││ ││ ·• [yuu] Timeclock Dork ││ ││ ││ ││ ││ ╵│ Mix by 0katz │╵ ·└─┐ ┌─┘· ╘══════════════════════════════════════════════════════════════════════════╛