Preface

What is this and why does it exist?

All links, the content behind and the opinions there are not mine.
If you follow an external link, it is your problem, not mine if you do not like, what you find there.
Please be aware, that this is just a list of topics I find interesting.

All mentioned security tools can be found here: https://github.com/MrMarco74/security-geraffel


Tools

Remote Desktop Protocol in Twisted Python
–> rdpy - github <–

Fast subdomains enumeration tool for penetration testers
–> Sublist3r - github <–

Unified & Consistent Whois API & Whois Parser System
–> WhoisXMLAPI - WhoisXMLAPI <–

DNSDB query scripts
–> dnsdb-query - github <–

Iris Investigation Platform
–> Iris - Domaintools <–

Scalable, Open Source and Free Security Incident Response Solutions
–> TheHive Project - TheHive Project <–

Yalda, Automated Bulk Intelligence
–> yalda - github <–

Fuck Off As A Service
–> FOAAS - foaas.com <–

Snifflab: An environment for testing mobile devices
–> Snifflab - Open Effect <–

Binary Ninja Plugins
–> Binary Ninja Plugins - github <–


Talks & Knowledge

Firefox - settings cookie via DOMParser
–> settings cookie via DOMParser - InsertScript Blog <–

Deny All - Application Whitelisting on Mac and Windows
–> Application Whitelisting - VGRSEC <–

ARM assembly basics cheatsheet
–> ARM assembly basics cheatsheet - Azeria-Labs <–

CIF is a cyber threat intelligence management system
–> CIFv3 - github <–

New OWASP Top 10 List Includes Three New Web Vulns
–> New OWASP Top 10 List - OWASP <–

ARMv8 Shellcodes from ‘A’ to ‘Z’
–> ARMv8 Shellcodes from ‘A’ to ‘Z’ - Arxiv.org <–

A collection of resources for linux reverse engineering
–> linux-re-101 - github <–

INTEL-SA-00086 Security Bulletin for Intel Management Engine (ME) and Advanced Management Technology (AMT) Vulnerabilities: What You Need To Know
–> INTEL-SA-00086 vulnerabilities? What’s Up? - Rapid 7 <–


Threats

New Vulnerability Exploits Antivirus Programs to Install Malware
–> AV as Malware Installer - HackRead <–

New Banking Trojan Similar to Dridex, Zeus, Gozi
–> Second Stage infection through Emotet Trojan - DarkReading <–

Remote Code Execution in CouchDB
–> RCE in CouchDB - Max Justicz <–

Amazon Echo and Google Home Devices Vulnerable to BlueBorne Attack
–> BlueBorne Attack at Amazon Echo and Google Home Devices - HackRead <–

Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard
–> Vulnerability Note VU#817544 - CERT <–

Intel® Management Engine Critical Firmware Update (Intel SA-00086)
–> Intel SA-00086 - INTEL <–

K21905460: BIG-IP SSL vulnerability CVE-2017-6168
–> CVE-2017-6168 - F5 <–