Preface

What is this and why does it exist?

All links, the content behind and the opinions there are not mine.
If you follow an external link, it is your problem, not mine if you do not like, what you find there.
Please be aware, that this is just a list of topics I find interesting.

All mentioned security tools can be found here: https://github.com/MrMarco74/security-geraffel



Tools

SAML Raider – SAML2 Security Testing Burp Extension
–> SAML Raider - Darknet.org.uk <–

jSQL – Automatic SQL Injection Tool In Java
–> jSQL - Darknet.org.uk <–



Talks & Knowledge

Android Bootloader Vulnerabilities in Vendor Customizations’ includes a live demo
–> The final talk of #WOOT17 ‘fastboot oem vuln - Twitter <–

An Intro to Compilers - How to Speak to Computers, Pre-Siri
–> An Intro to Compilers - Nicole Orchard <–

Blue Pill for Your Phone - backdooring ARM hypervisor on Snapdragon based phones with @ABazhaniuk
–> Blue Pill for Your Phone - GitHub <–

https://twitter.com/PolarToffee/status/897493041963048961
Malware Encoded Into DNA Hacks the Computer that Reads It
–> Hacking Computer with DNA - The Hacker News <–

Analysing/Detecting Malicious PDF’s Primer
–> Analysing/Detecting Malicious PDF’s Primer - LinkCabin <–

Running an Effective Incident Response Tabletop Exercise
–> Incident Response Tabletop - Rapid7 <–

Reminds me about to update my old whitepaper… they did long to adopt to this way of transfering the code…
–> Canvas isn’t your friend - HighAntDev <–
The Silent Risk: The Risk of File-Less Cyber Attacks
–> File-Less Cyber Attackes - InfoSecurity Magazine <–



Threats

Millions of RDP Endpoints Exposed Online and Ready for Bad Things
–> Exposed RDP Endpoints - Bleeping Computer <–

Remote Desktop Protocol (RDP) Exposure
–> Remote Desktop Protocol (RDP) Exposure - Rapid7 <–

New “Disdain” Exploit Kit Spotted on Underground Forums
–> Disdain Exploit Kit - SecurityWeek <–

On Hacker Daily: spyware that can silently record audio, SonicSpy, found hidden in 1,000 Android mobile apps.
–> Android Spyware SonicSpy - Twitter <–

Powerful backdoor found in software used by >100 banks and energy cos.
–> Backdoor in Server Management Software - arsTECHNICA <–
–> Backdoor in Server Management Software - DarkReading <–

Past week, found a malware called “Keeker”
–> Malware Keeker - Virustotal <–
It gets commands from a Gmail account over POP3. From RU speaking actor.
–> Malware Keeker - Twitter <–