Preface

What is this and why does it exist?

All links, the content behind and the opinions there are not mine.
If you follow an external link, it is your problem, not mine if you do not like, what you find there.
Please be aware, that this is just a list of topics I find interesting.

All mentioned security tools can be found here: https://github.com/MrMarco74/security-geraffel



Tools

Keybase launches encrypted git
–> Keybase launches encrypted git - keybase.io <–

USB Canary v2.0.0 is officially been released with OSX support!
–> USB Canary - github <–

Auto Scanning to SSL Vulnerability
–> a2sv - github <–

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
–> VHostScan - github <–

USB Key Cleaner: CIRCLean
–> CirClean - n0where.net <–

.NET debugger and assembly editor
–> dnSpy - github <–

CapLoader is designed to simplify complex tasks, such as digging through gigabytes of PCAP data looking for traffic that sticks out or shouldn’t be there
–> CapLoader 1.6 released - NetReSec <–

jSQL Injection is a Java application for automatic SQL database injection.
–> jsq-injection - github <–

The aim of Wordsmith is to assist with creating tailored wordlists. This is mostly based on geolocation.
–> wordsmith - github <–

Official Black Hat Arsenal Security Tools Repository
–> Black Hat Arsenal Tools - github <–



Talks & Knowledge

Android Reverse Engineering tools - Not the Usual Suspects
–> Fortinet / Axelle Apvrile - Virusbulletin <–

Bypassing Intel Boot Guard
–> Bypassing Intel Boot Guard - EMBEDI <–

MetaTwin – Borrowing Microsoft Metadata and Digital Signatures to “Hide” Binaries
–> MetaTwin - Threat Express <–



Threats

CVE-2017-12617 Apache TomCat PoC
–> CVE-2017-12617 Apache TomCat PoC - github <–

Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution
–> CVE-2017-12617 Apache TomCat PoC - Exploit-DB <–

VPN logs helped unmask alleged ‘net stalker, say feds
–> PureVPN assisted investigation of suspect - The Register <–

New 4G, 5G Network Flaw ‘Worrisome’
–> New 4G, 5G Network Flaw ‘Worrisome’ - DarkReading <–

Disqus Discloses 2012 Breach Impacting 17 Million Users
–> Disqus Data Breach - SecurityWeek <–

Macro-less Code Exec in MSWord
–> Macro-less Code Exec in MSWord - SENSEPOST <–

Warning: Microsoft is using Cortana to read your private Skype conversations
–> Cortana reads your Skype conversations - betanews <–

The Absurdly Underestimated Dangers of CSV Injection
–> CSV Excel Import Attack - George Mauer <–