Accidentally Took Memorial Day Weekend Off Edition
New tool: FinalRecon- OSINT Tool For All-In-One Web Reconnaissance
https://blog.hackersonlineclub.com/2019/05/finalrecon-osint-tool-for-all-in-one.html?m=1
Permanent URL Hijack Through 301 HTTP Redirect Cache Poisoning
https://blog.duszynski.eu/domain-hijack-through-http-301-cache-poisoning/
Didier Stevens, one of my favorite researchers, mentioned that one of his readers has made a docker container with all of his tools.
https://blog.didierstevens.com/2019/05/27/dssuite-a-docker-container-with-my-tools/
There is a POC for CVE-2019-0708. Certainly is worth a look.
https://github.com/Ekultek/BlueKeep
Speaking of Docker, there is a bug that allows a hypervisor jump.
https://duo.com/decipher/docker-bug-allows-root-access-to-host-file-system
https://nakedsecurity.sophos.com/2019/05/31/unpatched-docker-bug-allows-read-write-access-to-host-os/
Finally, the always-wonderful folks at Portswigger have a cool analysis of Behavioral Fuzzing.
https://portswigger.net/blog/provoking-browser-quirks-with-behavioural-fuzzing
And that's the news! Have a great week.