Preface

What is this and why does it exist?

All links, the content behind and the opinions there are not mine.
If you follow an external link, it is your problem, not mine if you do not like, what you find there.
Please be aware, that this is just a list of topics I find interesting.

All mentioned security tools can be found here: https://github.com/MrMarco74/security-geraffel


Tools

Spaghetti - Web Application Security Scanner
–> Spaghetti - github <–

A set of exploitation/reversing aids for IDA
–> IDA aids - github <–

The OWASP ZAP Attack Proxy core project
–> ZAP Attack Proxy - github <–

WPA, the Krack Attack, and Kismet
–> Krack Attack and Kismet - Kismet Wireless <–


Talks & Knowledge

Hack.lu 2017 Malicious use of Microsoft “Local Administrator Password Solution”
–> Malicious use of LAPS - youtube / Hack.lu <–

Here’s a Video of the Latest ATM Malware Sold on the Dark Web
–> ATMjackpot - BleepingComputer <–

Unlocking a Subaru with a Raspberry Pi, a 433MHz Radio, and an Unpatched Exploit
–> Unlocking a Subaru - hackster.io <–

OWASP Proactive Controls 3.0
–> OWASP Proactive Controls 3.0 - OWASP <–

Androsia: A tool for securing in memory sensitive data - AppSecUSA 2017
–> Androsia - Youtube / AppSec USA <–

Pivoting from blind SSRF to RCE with HashiCorp Consul
–> SSRF to RCE - Kernel Picnic <–


Threats

Key Reinstallation Attacks - Breaking WPA2 by forcing nonce reuse
–> KRACK Attacks - krackattacks.com <–

Apple iOS 10.2 (14C92) - Remote Code Execution
–> iOS 10.2 RCE - Exploit-DB <–

LENOVO QUIETLY PATCHES MASSIVE BUG IMPACTING ITS ANDROID TABLETS AND ZUK, VIBE PHONES
–> Lenovo Massive Bug - threat post <–

Old MS Office feature weaponized in malspam attacks
–> Office Malspam using DDE - Malwarebytes Labs <–

Microsoft Kept Secret That Its Bug-Tracking Database Was Hacked In 2013
–> Microsoft Bug-Tracking Database hacked - The Hacker News <–

BlackOasis APT and new targeted attacks leveraging zero-day exploit
–> BlackOasis APT - SecureList <–

ROCA: Vulnerable RSA generation (CVE-2017-15361)
–> ROCA - CRoCS wiki <–

Fresh Adobe Zero-Day Spotted in the Wild
–> Fresh Adobe Flash Zero-Day - info security <–

Hancitor Campaign using DDE
–> Hancitor Campaign using DDE - Virustotal <–

Taiwan Heist: Lazarus Tools and Ransomware
–> Taiwan Heist - BAE Systems Threat Research Blog <–