┌──────────────────────────────────────────────────────────────────────────────────┐ │ │ │ ██ ██ ███ ██ ██ │ │ ██ ██████████████████ ███ ██ ██ ██ │ │ ███████████████████ ██ ██ ███ ███ ████████ █████████ │ │ ███ ██ ██ ██ ██ ███ ███ ██ ████ ██ │ │ ██ ██ ████████████████████ ████████████████████ ██ ███ ██ ██ │ │ ████ ███████████ ██ ██ ██ ████████ ██ ██ │ │ ██ ██ ██ ██ ███ ██████████ ██ ██ ██ ██ │ │ ██ ██ ███████ ██ ██ ██ ██ ██ │ │ ██ ██ ███████ ██ ████████ ██ │ │ ██ █████████████ ███████ ███ ███████████████████ ██ ██████ │ │ │ │ ██ ██ │ │ ██████████ █ ██ ██ ████████████████████ │ │ ███ ██ ███ ██ ███ ███ │ │ ██████ ███ ███ ███ ███ │ │ █████ ███ ███ ██████ │ │ ███████████ ██ ██ ███ ████ │ │ █████ ███ █████ ███ │ │ ████ ██ ███ ██████ ███ ████ │ │ ██ ███ ████ ████ ███ ██ │ │ █████████████ ████ ████ ███ ███ │ │ │ │ ___ │ │ / _ \ │ │ | / \ | │ │ | \_/ | │ │ \___/ ___ │ │ _|_|_/[_]\__==_ │ │ [---------------] │ │ | O /---\ | │ │ | | | | │ │ | \___/ | │ │ [---------------] │ │ [___] │ │ | |\\ │ │ | | \\ │ │ [ ] \\_ │ │ /|_|\ ( \ │ │ //| |\\ \ \ │ │ // | | \\ \ \ │ │ // |_| \\ \_\ │ │ // | | \\ │ │ //\ | | /\\ │ │ // \ | | / \\ │ │ // \ | | / \\ │ │ // \|_|/ \\ │ │ // [_] \\ │ │ // H \\ │ │ // H \\ │ │ // H \\ │ │ // H \\ │ │ // H \\ │ │ // \\ │ │ // \\ │ │ │ │ ██ ██ ██ ██ ██ ███ ██████████ │ │ ██ ███████████ ██ ██ █████████ █ ██ ██ │ │ ███████ ██ ██ ██ ██ ██ ██ ███████ ██ ██ ██ │ │ ██ ██ ██ ██ ██ ██ ██ ███ ██ ██ ██ ██ │ │ ██ █████████████ ██ ██ ███ ███ ██ ██ ██ │ │ ██████ ████ ██ ███████ ██ ██ ██ │ │ █ ██ █ ██ ██ ██ ██ ██ ██ ██ █ ██ █ ████ │ │ ██ ██ ████ ██ ██ ██ ██ ██ ██ ██ █ │ │ ██ ██ ██████ ██ ██ ██ ██ ██ ███ ██ ██ │ │ ██ ██ ██ ██ ████████████████████ ██ █ █████ │ │ │ └──────────────────────────────────────────────────────────────────────────────────┘ ██ ██ ██ ███ ██ ██ ██ ██ ██ ██ ████████ ██ ██ ██ ██ ██ ██ ███████████████████ ███ ███████████████████ ██ ██ ██ ██ ██ ██ ██ ████ ██ ██ ██ ██ ██ ████ ███████████ ████ ████████ █████████ ███████████████████ ██████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ███████████ ██ ██ ████████ ██ ██ ██ ███ ██ █ ██ ██ ██ ███ ███ █████ █████████████ ███ ██ ██ ██ ██ ██ ███ ██ ███ ███ ██ ██ ██ ██ ███████████ █ ██ ██████ ██████ ███ ███ ███████ ██ T H U G C R O W D┌──────────────────────────────────────────────────────────────────────────────────┐ │ │ │ ════════════════════════════════ N E W S ════════════════════════════════ │ │ │ │▶ Google Says Malicious Websites Have Been Quietly Hacking iPhones for Years │ │ │ │▶ Dept. of Homeland Security Forced to Release List of Keywords Used to │ │ Monitor Social Networking Sites │ │ │ │▶ Ring reportedly shared video sharing data, detailed maps with police in 2018 │ │ │ │▶ Ring Says It Doesn't Use Facial Recognition, But It Has "A Head Of Face │ │ Recognition Research" │ │ │ │▶ President Trump Tweets Sensitive Surveillance Image of Iran │ │ │ │▶ Bang Bros Bought a Huge Porn Doxing Forum and Set Fire to It │ │ │ │▶ John McAfee forced to move hideout after 'a**hole' publicly outed location │ │ on Twitter │ │ │ │▶ Malware Found in CamScanner Android App With 100+ Million Users │ │ │ │▶ Head of NOAA says 5G deployment could set weather forecasts back 40 years. │ │ The wireless industry denies it. │ │ │ │▶ Australian who says he invented bitcoin ordered to hand over up to $5bn │ │ │ │▶ Hackers Could Steal a Tesla Model S by Cloning Its Key Fob - Again │ │ │ │▶ Phishing attack of Oregon Judicial Department affects 6,600+ people │ │ │ │▶ The frighteningly simple technique that hijacked Jack Dorsey's Twitter │ │ │ │▶ Hackers Hit Unpatched Pulse Secure and Fortinet SSL VPNs │ │ │ │▶ Fraudsters deepfake CEO’s voice to trick manager into transferring $243,000 │ │ │ │▶ Popular face-swapping app Zao sparks another privacy outcry │ │ │ │▶ Google to pay security researchers who find Android apps and Chrome │ │ extensions misusing user data │ │ │ │ ════════════════════════ G O O D R E A D S ════════════════════════ │ │ │ │▶ A very deep dive into iOS Exploit chains found in the wild │ │ │ │▶ Definitive Dossier of Devilish Debug Details – Part One: PDB Paths & Malware │ │ │ │▶ Attacking SSL VPN - Part 3: The Golden Pulse Secure SSL VPN RCE Chain, with │ │Twitter as Case Study! │ │ │ │ ▶ The Art of Becoming TrustedInstaller - Task Scheduler Edition │ │ │ │▶ Photo-Realistic’ Emojis and Emotes With Progressive Face Super-Resolution │ │ │ │▶ ROMs and Mappers: Why NES Games Can Be So Different On The Same Hardware │ │ │ │▶ Silvio's thread about unsafe APIs in C │ │ │ │▶ The big South African IP address heist – How millions are made on the │ │grey market │ │ │ │ ▶ Brain-reading tech is coming. The law is not ready to protect us. │ │ │ │▶ Taking Control of VMware Through the Universal Host Control Interface Part 2 │ │ │ │ ══════════════════════════R E S O U R C E ══════════════════════════ │ │ │ │▶ Godbolt Compiler Explorer │ │ │ │▶ zFRAG - Zen Hard Disk Management Tool │ │ │ │▶ subjack - Subdomain Takeover tool written in Go │ │ │ │▶ Kerberos Attacks Cheatsheet │ │ │ │▶ LTE Quick Reference │ │▶ GNU Radio LTE receiver │ │ │ │▶ pwn_jenkins - Notes about attacking Jenkins servers │ │ │ │▶ ThugCrowd - Bettercap Loader │ │▶ [bane] Using Bettercap-Loader │ │ │ │ ═════════════════════════════C H E A T S ═════════════════════════════ │ │ │ │▶ DNS Spoofing on Kubernetes Clusters │ │▶ kube-dnsspoof │ │ │ │▶ Beautiful regex to zigzag lines across the terminal │ │ │ │▶ Confluence Local File Disclosure Vulnerability Analysis (CVE-2019-3394) │ │ │ │▶ Multiple critical vulnerabilities in Cisco UCS Director, Cisco Integrated │ │ Management Controller Supervisor and Cisco UCS Director Express for Big Data │ │ │ │▶ Gentoo Linux Security Advisory 2019-08-26 │ │ │ │▶ dovecot security update │ │ │ │▶ Irssi 1.2.2:CVE-2019-15717 │ │ │ │▶ ghostscript (.forceput exposed) │ │ │ │ ═════════════════════════════S A F A R I ═════════════════════════════ │ │ │ │ ( ᴋᴜᴘᴏ... )WARNING │ │◯ o │ │ |‾\_|_/‾| o The following section features stunts performed either │ │__ | _ _ |_ ° by professionals or under the supervision of professionals. │ │\‾ | =0 =)/ Accordingly, ThugCrowd and the producers must insist │ │ (‿, ``` \) that no one attempt to recreate or re-enact any │ │ | | stunt or activity performed in this section. │ │ \_/‾‾l_/ │ │ │ │ [busescanfly] │ │ │ │▶ Alexa Factorial Freestyle │ │ │ │ [docOutlaw] │ │ │ │▶ Someone's personal site │ │▶ This week in webcams │ │ │ │ [dustyfresh] │ │ │ │▶ Some sort of open dir full of SMS Spying Tool sessions │ │▶ chaseperfect.zip is the phishing kit with PHP files in it.. │ │▶ Dork for webshells - ?ev= is the parameter, base64 encoded │ │▶ onedrive phishing kit │ │ │ │ [hermit] │ │ │ │▶ Some chats if you're feeling lonely │ │▶ A bunch more chat clients │ │▶ KiwiIRC Dork │ │▶ Mibbit IRC Dork │ │▶ AWS Forums Dork │ │▶ Website Stats Dork │ │▶ phpmyadmin creds dork │ │▶ A bunch of fake John McAfee twitters │ │▶ An equipment billing page │ │▶ "worst url ive seen in a bit" │ │▶ site:hunan.gov.cn filetype:txt │ │▶ site:gov.cn -inurl:hunan filetype:txt │ │▶ Someone's auth mechanism │ │ │ │ [plazmaz] │ │ │ │▶ VNC gaming │ │▶ Evil Kitten Chrome Extension │ │▶ Cool tab invasive extensions │ │ │ │ [sshell] │ │ │ │▶ Leafly Gopher Service │ │ │ │ [x0] │ │ │ │▶ dare.js │ │ │ │ [xehle] │ │ │ │▶ CoolStart Extensions │ │▶ 50k+ Chrome Extensions │ │ │ │ │ │ [yuu] │ │ │ │▶ bnp phishing kit │ │ │ │○ │ │ No show tonight! See you next week! /\__\\__/\ │ │ / \ │ │ \( ミ ⌒● ⌒ ミ)/ ★KUPO!★ │ └──────────────────────────────────────────────────────────────────────────────────┘