Preface

What is this and why does it exist?

All links, the content behind and the opinions there are not mine.
If you follow an external link, it is your problem, not mine if you do not like, what you find there.
Please be aware, that this is just a list of topics I find interesting.

All mentioned security tools can be found here: https://github.com/MrMarco74/security-geraffel



Tools

A Python Package for creating backdoors!
–> Python Package for creating backdoors - 0x00sec <–

The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise (IOCs).
–> CISCO CSIRT - CISCO <–
–> CISCO CSIRT - github <–

Burpa: A Burp Suite Automation Tool
–> Burpa - github <–

The Social-Engineer Toolkit (SET) repository from TrustedSec
–> SET - GitHub <–




Talks & Knowledge

PowerShell: The increased use of PowerShell in cyber attacks
–> PowerShell in Cyber Attacks - Slideshare <–

Tiny PE
–> Tiny PE - Phreedom.org <–

Google “Titan” secure microcontroller
–> Google “Titan” secure microcontroler - FirmareSecurity <–

OpenSSL Support In Debian Unstable Drops TLS 1.0/1.1 Support
–> Debian Drops TSL 1.0/1.1 - Debian <–

THE Hashtag Wifi-Cactus (#wificactus DEF CON 25)
–> Wifi-Cactus - palshack.org <–

This robot looks just like a bat and it’s creepy af
–> Bat Drone - Twitter <–

@elie’s fascinating look at the 1st #SHA-1 collision. Enjoy & pass it on.
–> eli’s SHA1-Collision - youtube/defcon <–

Phishing for automated cars ;)
–> Phishing for automated cars - Bleeping Computer <–

Social engineering the hospital during her heart failure to get a debug log of her own pacemaker.
–> MarieGMoe debug log ofo own pacemaker - Twitter <–

Artillery for Cyber Warriors - WiMonitor
–> WiMonitor - HackerArsenal <–

Vulnerability Disclosure Cheat Sheet
–> Vulnerability Disclosure Cheat Sheet - OWASP <–

Btw, if you use Chrome, the most recent update brings back the certificate detail window as an opt-in.
–>chrome://flags/#show-cert-link - Chrome <–

.NET Framework 4.7.1 is going to change a lot of hashing algorithm defaults from SHA1 to SHA256 (SignedXml/CMS, etc)




Threats

Flaws in ISP gateways let attackers remotely tap internet traffic
–> Flaws in ISP gateways - HackRead <–

Fake BBB Malspam uses goo.gl links to send JavaScript File
–> Fake BBB Malspam - Malware Traffic Analysis <–

Flash Malware mit Miner etc.
–> #RigEK - Twitter <–

Vulnerability Explotation in Docker Container Environments
–> BLACK HAT EUROPE 2015 - SecurityTube <–

New Malware using .CNC Extension
–> Malware threat - VirusTotal <–

VPN has been found to be actively injecting JavaScript codes using iframes for advertising and tracking purposes
–> VPN Provider track users - CDT.org <–

Adobe Patches 69 Flaws in Reader, Acrobat
–> Adobe Patches - SecurityWeek <–