Preface

What is this and why does it exist?

All links, the content behind and the opinions there are not mine.
If you follow an external link, it is your problem, not mine if you do not like, what you find there.
Please be aware, that this is just a list of topics I find interesting.

All mentioned security tools can be found here: https://github.com/MrMarco74/security-geraffel



Tools

Investigate malicious Windows logon by visualizing and analyzing Windows event log
–> LogonTracer - github <–

IDA pro plugin to find crypto constants (and more)
–> findcrypt-yara - github <–

Arduino Entropy Library (Temporary Fork)
–> Arduino-Entropy-Library - github <–

Find interesting Amazon S3 Buckets by watching certificate transparency logs
–> bucket-stream - github <–

Get control of your servers. Simple. Effective. Awesome!
–> netdata - github <–

A Qt and C++ GUI for radare2 reverse engineering framework
–> cutter - github <–

Droidefense: Advance Android Malware Analysis Framework
–> Droidefense - github <–

A CMS Exploit Framework
–> cmsPoc - github <–

Win32 port of OpenSSH
–> Win32-OpenSSH - github <–

GPU implementation of the Argon2 password hashing function
–> argon2-gpu - github <–

FruityWiFi is a wireless network auditing tool. The application can be installed in any Debian based system adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM (Raspberry Pi), Raspbian (Raspberry Pi), Pwnpi (Raspberry Pi), Bugtraq, NetHunter.
–> FruityWifi - github <–

.NET implementation of LibProtection library - an alternative implementation of the standard functionality of the formatted and interpolated strings. It provides a realtime automatic protection from any class of the injection attacks, which belong to the most attacked languages (HTML, URL, JavaScript, SQL and the file paths are currently supported).
–> libprotection-dotnet - github <–

PowerShell V3.0 or higher module for interacting with the VirtusTotal service to analize suspicious files and URLs using either the Public or Private Version 2 API provided by VirusTotal.
–> Posh-VirusTotal - github <–




Talks & Knowledge

How to Extract Content from VMDK Files
–> Extract Content from VMDK - Altaro <–

Damn Vulnerable NodeJS Application
–> dvna - github <–

Google to Warn Android Users on Apps Collecting Data
–> Google to Warn Android Users on Apps Collecting Data - Security Week <–

Presentation from Zero Nights 2017 - Neat tricks to bypass CSRF-protection
–> CSRF-protection bypass - Slideshare <–

(Not) All She Wrote (Part 3): Rigged RTF Documents
–> Rigged RTF Documents Part 3 - Security Over Simplicity <–




Threats

Reversing a PyInstaller based ransomware
–> hc6.exe ransomware - Extreme Coders Blog <–

PCI Leech - Ulf Fritz Interview - DEF CON 25
–> PCI Leech - Youtube <–

Microsoft Windows 10 Creators Update (version 1703) (x86) - ‘WARBIRD’ ‘NtQuerySystemInformation ‘ Kernel Local Privilege Escalation
–> warbird_exploit_dll.c - Exploit Database <–

Mailsploit is a collection of bugs in email clients that allow effective sender spoofing and code injection attacks. The spoofing is not detected by Mail Transfer Agents (MTA) aka email servers, therefore circumventing spoofing protection mechanisms such as DMARC (DKIM/SPF) or spam filters.
–> Mailsploit - Mailsploit <–

Massive Data Breach Exposes How A Virtual Keyboard App for Smartphones Collects Sensitive & Personal Data On Its 31 Million Users.
–> Ai.type massive data breach - The Hacker News <–

Android Security Bulletin—December 2017
–> 47 Android Bugs - Android Security <–

Hashicorp vagrant-vmware-fusion 4.0.23 - Local root Privilege Escalation
–> vmware fusion local root priv escalation - Exploit DB <–