_ _ _ -+---/ \ / \ -----------------------------------------------------------/ \ -- |_\ \\ \ ___ ___ ___ ___ ___ ___ ___ ___ ___ _______ __ __ ___ _\ \ |//___ \\ \\ \\ \\ \\ \\ \\ \\__\\ \\__\\ _ \\ \_\ \_\ \ / \\ \ |\ \\ \\ \\ \\ \\ \\ \\ \ ___\ \ \ \\ \\ \\ \\ \\ \\ \ |\_/ \_/ \__\\__\\_/ \__\\ \\__\\__\\__\ \_____/ \__\\__\\ / \__\\_/ -+---------------------------___\ \ ---------------------------------- - - - |\__\\ / 2 0 2 0 0 2 1 8 | |F E A T U R E D -+----------------------------------------------------------------------- - - - | |[plazmaz] > | China's systematic tracking, arrests of Uighurs exposed in Xinjiang leak | |[pic0o] > | Malware Attack Hits Boston Children's Hospital Physician Group | |[dnz] > | Hacker Makes $360,000 ETH From a Flash Loan Single Transaction Involving | Fulcrum, Compound, DyDx and Uniswap |> The transaction on etherscan | |[yuu] > | US says it can prove Huawei has backdoor access to mobile-phone networks |> Huawei: Media Statement Regarding WSJ "Backdoor" Story | | |N E W S -+----------------------------------------------------------------------- - - - |> | DOJ charges four Chinese military hackers for Equifax hack |> Full Equifax Indictment |> | Cyber criminals spread coronavirus conspiracy theories |> | Docs: Shadow Inc. Directly Tied to Left-Wing Media Operation |> | Hackers are demanding nude photos to unlock files in a new ransomware | scheme targeting women |> | Baltimore to use police surveillance planes in controversial pilot program |> | Federal Agencies Use Cellphone Location Data for Immigration Enforcement |> | Iranian hackers have been hacking VPN servers to plant backdoors in | companies around the world |> | A US House candidate says she was hacked - now she's warning others | | |G O O D R E A D S -+----------------------------------------------------------------------- - - - |> | Arduino-to-Arduino Voltage Glitching |> | DNS Tunneling Series, Part 3: The Siren Song of RogueRobin |> | Simplify Your Life With This Pocket Rotary Cellphone |> | Azeria: Understanding Trusted Execution Environments and Arm TrustZone |> | How the CIA used Crypto AG encryption devices to spy on countries for | decades |> | iPhone Extractions: 5 Questions That Will Unlock More Data with checkm8 |> | The war against space hackers: how the JPL works to secure its missions | from nation-state adversaries |> | Wacom drawing tablets track the name of every application that you open |> | MuckRock: Anonymous + general hacktivists 2009-2018 (LAPD) |> | Taking undercollateralized loans for fun and for profit | | |R E S O U R C E S -+----------------------------------------------------------------------- - - - |> | checkra1n for Linux now available |> | 0xdade: Red Team PROXY Protocol (Nginx) |> | hacksysteam/HackSysExtremeVulnerableDriver - Vulnerable Linux Driver |> | A Rough Idea of Blind Regular Expression Injection Attack |> | LiveOverflow - Introduction to Docker for CTFs |> | The SSH server that knows who you are |> | IDAPython script renames functions according to the Linux syscall (int 80h) | they contain. |> | More angr - Defeating 5 ELF Crackmes |> | Official VirusTotal Plugin for IDA Pro 7 |> | C#, The Language For All Platforms - Now Including Windows 3.11 And DOS |> | Red Teaming Toolkit Collection |> | FOIA'd NSA Course on Python (warning: 118 MB) |> | World's First Classical Chinese Programming Language | | |S T R E A M S -+----------------------------------------------------------------------- - - - |> | plazmaz: pastehunter dev stream |> | k4m1k4z13r: Linux and System Administration Workshop Stream |> | aneilan: threat hunting / metasploitable |> | notdan: banned from porn streaming site | | |C H E A T C O D E S -+----------------------------------------------------------------------- - - - |> | plazmaz - Not hunter2: Buffer Overflow in Sudo via pwfeedback |> | saleemrashid/sudo-cve-2019-18634 |> | containerd versus dockerd WORKDIR non-root permissions |> | sailay1996/amd_eop_poc: CVE-2020-8950 AMD User Experience Program Launcher | from Radeon Software Privilege Escalation |> | Understanding Twitter IDs |> | Exploiting Netgear's Routerlogin.com |> | Twitch 2FA Bypass ( WONTFIX ) |> | Forging SWIFT MT Payment Messages for fun and pr...research! |> | CDPwn - 5 Zero-day Vulnerabilities in Cisco's Discovery Protocol Impacting | Tens of Millions of Enterprise-grade Devices |> | Command Injection WAF Bypass |> | ctags fuzzing writeup |> | CVE-2020-0618: RCE in SQL Server Reporting Services (SSRS) |> | CVE-2019-18683: Exploiting a Linux kernel vulnerability in V4L2 subsystem | | |S A F A R I Z O N E -+----------------------------------------------------------------------- - - - |> |[dustyfresh] dork for All in one migration backups |> |[dustyfresh] dork for wifi password tagged on a map |> |[dustyfresh] Truffle hog API expressions converted to Yara signatures |> |[dustyfresh] ai1wm backups dork |> |[hermit] site:m4u.com.au |> |[hermit] metadata.rdns:*.*.*.*.*.*.*.* |> |[n0pbear] dork for wordpress DB setups |> |[plazmaz] malicious ad party |> |[plazmaz] the larsen family |> |[plazmaz] github dork for k8s secret files |> |[plazmaz] cpanel dork |> |[rqu] Caucus App Error Page |> |[sshell] I shall call this art piece "2 bugs, 1 payload" |> |[yuu] Ad Network CDN Dork |> |[yuu] Gucci Login |> |[yuu] service.gucci.com |> |[dril_gpt2] disney's iphone jailbreak | | -+------------------------------------------------------------------------------ Weekly Mix by @0Katz