▄▄▄▄
▄▄▄▄▄███████
▄▄████████████████▄
█████████████████████
▀█████████████████████▄
██████████████████████▄
▄█████████████████████████ ▄▄▄▄▄ ▄▄ ▄▄▄▄ ▄▄▄▄ ▄▄▄▄▄ ▄▄▄ ▄▄ ▄▄ ▄▀█▀▄
████████████████████████████ █▀███ ▀█ ██ ██ ███ █ ▄██ █ ▄▀ ▄█▄ ▀▄
█████████████████████████████▄ ███ ██ ▄▄██ ███ █ ███ █▄█▄█▄█▄█
██████████████████████████████ ███ ██ ██ ███ █ ███ ▀██▀ █ █████ █
██████████████████████████████ ███ ██ ██ ███ █ ▀██ ██ ▀█▀█▀█▀
█████████████████████████████ ▀▀▀▀▀▀ ▀▀▀▀ ▀▀▀▀ ▀▀▀ ▀ ▀▀ ▀ ▀▀▀
██████████████████████▀▀▀████ ███████████████████████████████████████████████
█████ ▀▀▀██████▀▀ ████ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█████ ███▄ ▄████▀ ▄█▀ ▀█ ▀███ ▀█▄ ▄█▀ █▄ ▀███▀ ██ ▀█ ▀██ ▀█▄
██████▄▄▄▄▄▄███████████████ ███ ▀ ███ ██ ███ ███ ███ ██ █ ██ ███
███████████████████████████ ███ ███ ▄█▄ ███ ███ ███ ██▄ ██ ███
█████████████████████████ ███ ▄ ███ ██ ███ ███ ███ ▀██ ██ ███
▀██████████████████████ ▀█▄ ▄▀ ▄███▄ ███ ▀█▄ █▀ ██ ██ ▄██ ▄█▀
▀████████▀▀ ▀███████
▄████████▄ ███████
███████████▄▄▄▄███████ 2 0 1 9 1 0 0 7
▀█████████████████▀▀
▀█████████████▀
██████████▀
▀▀████▀
NEWS
~ D-Link router remote code execution vulnerability will not be patched
~ Attackers exploit 0day vulnerability that gives full control of Android
phones
~ Signal Bug Could Have Let Hackers Listen to Android Users Via Microphone
~ Former Yahoo engineer admits using his access to steal users sexual images
~ WhatsApp vulnerability exploited through malicious GIFs to hijack chat
sessions
~ Dutch police take down hornets' nest of DDoS botnets
~ FBI investigating alleged hacking attempt into mobile voting app during 2018
midterms
~ Adobe to deactivate accounts for all Venezuelan users due to US sanctions
~ Kaspersky warns of encryption-busting Reductor malware The Register
~ South Park banned in China over episode mocking Government censorship
GOOD READS
~ How a double-free bug in WhatsApp turns to RCE
~ New Security Risks Create Need For Stealthy Chips
~ You don't have Impostor Syndrome
~ BusesCanFly - Hardware Hacking for the Masses Slides
~ Open-Source Command and Control of the DOUBLEPULSAR Implant
~ This Operating System is also a Picture
~ Deobfuscating And Analyzing A Vbs Dropper
RESOURCES
~ inforion/idapython-cheatsheet - An IDAPython Cheatsheet
~ threatland/TL-BOTS - Collection of source code for a large number of Botnets
from around 2013 to the present
~ Intro to Assembly Optimization with @netspooky
~ kevthehermit/RATDecoders - Python Decoders for Common Remote Access Trojans
~ Inhale.py Update Fixes Insane ES Mappings
~ zyantific/zydis - Fast and lightweight x86/x86-64 disassembler library
~ iMPURE!aSCII art expo #74 - Featuring ThugCrowd logo by x0
~ fkie-cad/awesome-embedded-and-iot-security - A curated list of awesome
embedded and IoT security resources.
CHEATS
~ Notdan - Want 'ps axwwu' output but dont have a shell on an LFI vuln box?
~ Signal: Incoming call can be connected without user interaction
~ Android: Use-After-Free in Binder driver
~ Drop The MIC 2 (CVE 2019-1166) & Exploiting LMv2 Clients (CVE-2019-1338)
SAFARI
[busescanfly]
~ 0day exploit tutorial for some reason
[hermit]
~ Zebra Technologies network printers remote admin dork
~ Very old myspace feature, still active
[dustyfresh]
~ Dork for chase and wells fargo phishing kits
~ Jupyter notebooks dork
~ Jupyter notebooks config file github dork
[yuu]
~ Hotel Management Software demo that we signed up for
~ Fun Dork - Azure Websites
___ ____
,-"" `. < HONK >
,' _ e )`-._ / ----
/ ,' `-._<.===-'
/ /
/ ;
_ / ;
(`._ _.-"" ""--..__,' |
<_ `-"" \
<`- :
(__ <__. ;
`-. '-.__. _.' /
\ `-.__,-' _,'
`._ , /__,-'
""._\__,'< <____
| | `----.`.
| | \ `.
; |___ \-``
\ --<
`.`.<
`-'
Weekly Mix by @0Katz