Preface

What is this and why does it exist?

All links, the content behind and the opinions there are not mine.
If you follow an external link, it is your problem, not mine if you do not like, what you find there.
Please be aware, that this is just a list of topics I find interesting.

All mentioned security tools can be found here: https://github.com/MrMarco74/security-geraffel


Tools

TraceWrangler - Packet Capture Toolkit
–> TraceWrangler - Jasper <–

A Hardware Privacy Monitor for iPhones
–> Introspection Engine - Bruce Schneier <–

Bloodhound is an incredible tool to probe your Active Directory environment
–> BloodHound - Wald0 <–

Docker Daemon - Unprotected TCP Socket (Metasploit)
–> Docker Daemon- Exploit-DB <–

Analyzing JPEG files
–> Analyzing JPEG files - SANS/Didier Stevens <–

A tool for passive data capture and reconnaissance of serial flash chips
–> sniffROM - github <–

dcrawl – Web Crawler For Unique Domains
–> dcrawl - github <–

Sysinternals Update: Sysmon v6.10, Process Monitor v3.40, Autoruns v13.80, AccessChk v6.11
–> Sysinternals Update - TechNet Microsoft <–


Talks & Knowledge

iOS 11 makes it tougher than ever for cops to grab your data
–> iOS 11 Security - WIRED <–

Lateral Movement using Excel.Application and DCOM
–> Lateral Movement using Excel.Application and DCOM - SPECTER OPS <–

7 Takeaways From The Equifax Data Breach
–> Equifax - DARKReading <–

The new mobile-friendly version of Google Dashboard is rolling out this week
–> New Google Dashboard - ZDNet <–

Take These Steps to Secure Your Raspberry Pi Against Attackers
–> Securing Raspberry Pi - Make: <–

Chrome’s Plan to Distrust Symantec Certificates
–> Chrome without Symantec Certs - GoogleBlog <–

Tesla Hacks: The Good, The Bad, & The Ugly
–> Tesla Hacks - DARKReading <–

Tracing arbitrary Methods and Function calls on Android and iOS
–> Tracing arbitrary Methods iOS/Android - TechBlog Mediaservice.net <–

Wildcard Certificates Coming January 2018
–> Wildcard Certificates Coming January 2018 - Let’s Encrypt <–

A Method for Web Security Policies
–> draft-foudil-securitytxt-00 - IETF <–

mrmcd CTF writeup: Friendly Machine
–> MRMCD CTF writeup - Shift or die <–

XXE Payloads
–> XXE Payloads - github <–

Equifax Hack Blamed on a Flaw in Apache Struts Framework
–> Equifax Hack - Hack Read <–


Threats

Researcher discloses 10 D-Link zero-day router flaws
–> D-Link Zero-Da - ZDNet <–

Linux Trojan SSH Scan
–> Linux Trojan SSH Scan - PasteBin <–

Xafecopy Malware Secretly Steals Money From Android Devices
–> Xafecopy Malware - HackRead <–

Everybody without Android Oreo vulnerable to overlay attack
–> Android Overlay Attack - The Register <–

WIRELESS ‘BLUEBORNE’ ATTACKS TARGET BILLIONS OF BLUETOOTH DEVICES
–> BlueBorne Bluetooth Attack - threat post <–

Bashware lets malware evade detection by exploiting Windows 10 Linux Shell
–> Win10 Linux Shell as hideout for malware - Hack Read <–