_ _ _
-+--- / \ / \ ----------------------------------------------------------- / \ --
| _\ \\ \ ___ ___ ___ ___ ___ ___ ___ ___ ___ _______ __ __ ___ _\ \
| //___ \\ \\ \\ \\ \\ \\ \\ \\__\\ \\__\\ _ \\ \_\ \_\ \ / \\ \
| \ \\ \\ \\ \\ \\ \\ \\ \ ___\ \ \ \\ \\ \\ \\ \\ \\ \
| \_/ \_/ \__\\__\\_/ \__\\ \\__\\__\\__\ \_____/ \__\\__\\ / \__\\_/
-+--------------------------- ___\ \ ---------------------------------- - - -
| \__\\ / 2 0 2 0 0 2 1 8
|
| F E A T U R E D
-+----------------------------------------------------------------------- - - -
|
| [plazmaz]
> | China's systematic tracking, arrests of Uighurs exposed in Xinjiang leak
|
| [pic0o]
> | Malware Attack Hits Boston Children's Hospital Physician Group
|
| [dnz]
> | Hacker Makes $360,000 ETH From a Flash Loan Single Transaction Involving
| Fulcrum, Compound, DyDx and Uniswap
| > The transaction on etherscan
|
| [yuu]
> | US says it can prove Huawei has backdoor access to mobile-phone networks
| > Huawei: Media Statement Regarding WSJ "Backdoor" Story
|
|
| N E W S
-+----------------------------------------------------------------------- - - -
|
> | DOJ charges four Chinese military hackers for Equifax hack
| > Full Equifax Indictment
|
> | Cyber criminals spread coronavirus conspiracy theories
|
> | Docs: Shadow Inc. Directly Tied to Left-Wing Media Operation
|
> | Hackers are demanding nude photos to unlock files in a new ransomware
| scheme targeting women
|
> | Baltimore to use police surveillance planes in controversial pilot program
|
> | Federal Agencies Use Cellphone Location Data for Immigration Enforcement
|
> | Iranian hackers have been hacking VPN servers to plant backdoors in
| companies around the world
|
> | A US House candidate says she was hacked - now she's warning others
|
|
| G O O D R E A D S
-+----------------------------------------------------------------------- - - -
|
> | Arduino-to-Arduino Voltage Glitching
|
> | DNS Tunneling Series, Part 3: The Siren Song of RogueRobin
|
> | Simplify Your Life With This Pocket Rotary Cellphone
|
> | Azeria: Understanding Trusted Execution Environments and Arm TrustZone
|
> | How the CIA used Crypto AG encryption devices to spy on countries for
| decades
|
> | iPhone Extractions: 5 Questions That Will Unlock More Data with checkm8
|
> | The war against space hackers: how the JPL works to secure its missions
| from nation-state adversaries
|
> | Wacom drawing tablets track the name of every application that you open
|
> | MuckRock: Anonymous + general hacktivists 2009-2018 (LAPD)
|
> | Taking undercollateralized loans for fun and for profit
|
|
| R E S O U R C E S
-+----------------------------------------------------------------------- - - -
|
> | checkra1n for Linux now available
|
> | 0xdade: Red Team PROXY Protocol (Nginx)
|
> | hacksysteam/HackSysExtremeVulnerableDriver - Vulnerable Linux Driver
|
> | A Rough Idea of Blind Regular Expression Injection Attack
|
> | LiveOverflow - Introduction to Docker for CTFs
|
> | The SSH server that knows who you are
|
> | IDAPython script renames functions according to the Linux syscall (int 80h)
| they contain.
|
> | More angr - Defeating 5 ELF Crackmes
|
> | Official VirusTotal Plugin for IDA Pro 7
|
> | C#, The Language For All Platforms - Now Including Windows 3.11 And DOS
|
> | Red Teaming Toolkit Collection
|
> | FOIA'd NSA Course on Python (warning: 118 MB)
|
> | World's First Classical Chinese Programming Language
|
|
| S T R E A M S
-+----------------------------------------------------------------------- - - -
|
> | plazmaz: pastehunter dev stream
|
> | k4m1k4z13r: Linux and System Administration Workshop Stream
|
> | aneilan: threat hunting / metasploitable
|
> | notdan: banned from porn streaming site
|
|
| C H E A T C O D E S
-+----------------------------------------------------------------------- - - -
|
> | plazmaz - Not hunter2: Buffer Overflow in Sudo via pwfeedback
|
> | saleemrashid/sudo-cve-2019-18634
|
> | containerd versus dockerd WORKDIR non-root permissions
|
> | sailay1996/amd_eop_poc: CVE-2020-8950 AMD User Experience Program Launcher
| from Radeon Software Privilege Escalation
|
> | Understanding Twitter IDs
|
> | Exploiting Netgear's Routerlogin.com
|
> | Twitch 2FA Bypass ( WONTFIX )
|
> | Forging SWIFT MT Payment Messages for fun and pr...research!
|
> | CDPwn - 5 Zero-day Vulnerabilities in Cisco's Discovery Protocol Impacting
| Tens of Millions of Enterprise-grade Devices
|
> | Command Injection WAF Bypass
|
> | ctags fuzzing writeup
|
> | CVE-2020-0618: RCE in SQL Server Reporting Services (SSRS)
|
> | CVE-2019-18683: Exploiting a Linux kernel vulnerability in V4L2 subsystem
|
|
| S A F A R I Z O N E
-+----------------------------------------------------------------------- - - -
|
> | [dustyfresh] dork for All in one migration backups
|
> | [dustyfresh] dork for wifi password tagged on a map
|
> | [dustyfresh] Truffle hog API expressions converted to Yara signatures
|
> | [dustyfresh] ai1wm backups dork
|
> | [hermit] site:m4u.com.au
|
> | [hermit] metadata.rdns:*.*.*.*.*.*.*.*
|
> | [n0pbear] dork for wordpress DB setups
|
> | [plazmaz] malicious ad party
|
> | [plazmaz] the larsen family
|
> | [plazmaz] github dork for k8s secret files
|
> | [plazmaz] cpanel dork
|
> | [rqu] Caucus App Error Page
|
> | [sshell] I shall call this art piece "2 bugs, 1 payload"
|
> | [yuu] Ad Network CDN Dork
|
> | [yuu] Gucci Login
|
> | [yuu] service.gucci.com
|
> | [dril_gpt2] disney's iphone jailbreak
|
|
-+------------------------------------------------------------------------------
Weekly Mix by @0Katz