Preface

What is this and why does it exist?

All links, the content behind and the opinions there are not mine.
If you follow an external link, it is your problem, not mine if you do not like, what you find there.
Please be aware, that this is just a list of topics I find interesting.

All mentioned security tools can be found here: https://github.com/MrMarco74/security-geraffel


Tools

Krack AP module for Scapy
–> Krack AP module - github <–

GoCrack provides APIs to manage password cracking tasks across supported cracking engines
–> GoCrack - github <–

pestudio is used by many Computer Emergency Response Teams (CERT) worldwide in order to perform malware initial assessments
–> pestudio Updated Version - Winitor <–

Exitmap - A Fast and Modular Scanner for TOR Exit Relays
–> Exitmap - KitPloit <–

BlueCoat Filesystem Manager
–> bcfs-manager - github <–

DKMC - Dont kill my cat - Malicious payload evasion tool
–> DKMC - github <–

You can use ropper to display information about files in different file formats and you can find gadgets to build rop chains for different architectures (x86/x86_64, ARM/ARM64, MIPS, PowerPC)
–> ropper - github <–

Chrome plugin that automatically checks software vulnerabilities in browsed websites
–> Vulners Web Scanner - Google <–


Talks & Knowledge

A Guide to Attacking Domain Trusts
–> A Guide to Attacking Domain Trusts - Specter Ops <–

Configuring Least Privilege SSH scans with Nessus
–> Nessus HowTo - Tenable Blog <–

This book aims to cover the practical aspects of using the extensive reverse engineering framework, radare2
–> Radare2 Explorations - gitbook <–

Interacting with the BlueCoat Filesystem
–> Interacting with the BlueCoat Filesystem - Insinuator <–

Ships Are Vulnerable to Cyber Attacks Due To Maritime Platform Flaw
–> Flaws in the AmosConnect 8 web platform - HackRead <–

The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli
–> ROCA Paper - ACM Digital Library <–

The DUHK Attack - Don’t Use Hard-coded Keys
–> DUHK Attack Whitepaper - DUHK Attack <–


Threats

Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure Exploit
–> Java SE JNLP XEE Exploit - 0day.today <–

Microsoft Windows 10 Creators Update 32-bit Ring-0 Code Execution Exploit
–> Win 10 32-Bit Ring-0 Exploit - 0day.today <–

Third-party swipes Dell’s web address (DellBackupandRecoveryCloudStorage.com) for a month
–> DellBackupandRecoveryCloudStorage.com Malware Alert - E Hacking News <–

Emergency Oracle Patch closes Bug rated 10/10 in Severity
–> CVE-2017-10151 - Threat Post <–