Preface

What is this and why does it exist?

All links, the content behind and the opinions there are not mine.
If you follow an external link, it is your problem, not mine if you do not like, what you find there.
Please be aware, that this is just a list of topics I find interesting.

All mentioned security tools can be found here: https://github.com/MrMarco74/security-geraffel



Tools

Home of the dionaea honeypot
–> Dionaea Honeypot - github <–

BTLE packet sniffer based on HACKRF (function and performance similar to TI’s packet sniffer)
–> BTLE Sniffer - github <–

A BLE scanner for “smart” devices hacking
–> BLE Scanner - github <–

Syscall Monitor is a system monitor program (like Sysinternal’s Process Monitor) using Intel VT-X/EPT for Windows7+
–> Syscall Monitor - github <–

Seamlessly spy on SSH session like it is your tty
–> SSH Pry Spy - github <–

Blind SQL injection exploitation tool written in ruby.
–> Blind SQL Injection Tool - github <–

Kali Linux 2017.2 Release
–> Kali Linux 2017.2 Release - Kali <–

WinDbg Preview
–> WinDbg Preview - Microsoft <–

A framework to study Exploit Kits
–> EKFiddle - github <–



Talks & Knowledge

Signature scheme submitted to NIST’s Post-Quantum Cryptography Project
–> Prune Horst - ASDF <–

XXE Payloads
–> XXE Payloads - github <–

APT33: Researchers Expose Iranian Hacking Group Linked to Destructive Malware
–> APT33 - The Hacker News <–

HOW TO HACK A TURNED-OFF COMPUTER, OR RUNNING UNSIGNED CODE IN INTEL MANAGEMENT ENGINE
–> Intel ME - BlackHat.com <–

SecureAuth to Merge with Core Security
–> Company Merge - DarkReading <–

Infrared Cameras Allow Hackers to Jump Air Gaps
–> Jump Air Gaps using Infrared - SecurityWeek <–

Important Information on New EU Regulations
–> EU Regulations - InfoSecurity Magazine <–

ISPs May Be Helping Hackers to Infect you with FinFisher Spyware
–> FinFisher - The Hacker News <–

Deloitte hit by cyber-attack revealing clients’ secret emails
–> Deloitte hacked - The Guardian <–

PassGAN: Password Cracking Using Machine Learning
–> PassGAN - DarkReading <–

Biometrics and Smartphones
–> Biometrics and Smartphones - Collin Mulliner <–

Verizon Hit by Another Amazon S3 Leak
–> Amazon S3 Leak (again) - Info Security <–

Hijacking .NET to Defend PowerShell
–> Hijacking .NET - Amanda Rousseau <–

Kali Knowledge
–> Kali Knowledge - Miloserdov.org <–



Threats

Joomla! 3.7.5 - Takeover in 20 Seconds with LDAP Injection
–> Joomla Security Hole - RIPSTech <–

Crystal Finance Millennium used to spread malware
–> Crystal Finance Webpage hacked - Blaze’s Security Blog <–

LeakyX the vulnerability that Apple and Microsoft has known about for years
–> LeakyX - Litwin <–

Android-App Go Keyboard soll Nutzer ausspionieren
–> Android-App Go Keyboard Spyware - Heise Security <–

Ransomware or Wiper? RedBoot Encrypts Files but also Modifies Partition Table
–> RedBoot - Bleeping Computer <–

ZNIU: First Android Malware to Exploit Dirty COW Vulnerability
–> Dirty COW Vuln on Android - TrendMicro <–

Broadcom: OOB write when handling 802.11k Neighbor Report Response
–> Broadcom Vuln on iPhone - Project Zero <–