Preface

What is this and why does it exist?

All links, the content behind and the opinions there are not mine.
If you follow an external link, it is your problem, not mine if you do not like, what you find there.
Please be aware, that this is just a list of topics I find interesting.

All mentioned security tools can be found here: https://github.com/MrMarco74/security-geraffel



Tools

A personal information dashboard for your terminal
–> wtf - github <–

A high-level framework for developing efficient zk-SNARK circuits
–> xjsnark - github <–

PoCs of Vulnerabilities on Bluedroid
–> Bluedroid - github <–

Platform Security Assessment Framework
–> chipsec - github <–

A tool/lib to encrypt/decrypt Microsoft Office Document
–> msoffice - github <–

Osint tool based on namechk.com for checking usernames on more than 100 websites, forums and social networks
–> Namechk - github <–

Network share sniffer and auto-mounter for crawling remote file systems
–> sharesniffer - github <–

A pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX
–> EvilOSX - github <–

Gitrob is a command line tool which can help organizations and security professionals find sensitive information lingering in publicly available files on GitHub
–> gitrob - Michael Henriksen <–

To parse ugly Microsoft DNS Logs
–> DNSplice - github <–

Kerberos manipulation library in pure Python
–> minikerberos - github <–

This tool modifies NTLMv1/NTLMv1-ESS/MSCHAPv2 hashes so they can be cracked with DES Mode 14000 in hashcat
–> ntlmv1-multi - github <–

A curated list of awesome YARA rules, tools, and people
–> awesome-yara - github <–

Suite of plugins that provide the ability to transfer analysis data between Binary Ninja and IDA
–> bnida - github <–



Talks & Knowledge

Installing PowerShell on Kali Linux
–> PowerShell on Kali - Kali Linux <–

Bypass Data Execution Protection (DEP)
–> DEP Bypass - 0x00 Sec <–

A cartoon intro to DNS over HTTPS
–> DNS over HTTPS - moz://a Hacks <–

Announcing public git archive
–> announcing-pga - source{d} <–

OPCDE DXB 2017 + 2018 Materials
–> OPCDE - github <–

Software Problem Solving Cheat Sheet v0.1
–> Software Problem Solving Cheat Sheet v0.1 - nextron-systems <–

Encrypted OOXML Documents
–> Encrypted OOXML Documents - Didier Stevens <–



Threats

Microsoft Windows 10 scrrun.dll Active-X Creation / Deletion Issues
–> scrrun.dll vulns - packet storm security <–

ZIP SLIP FLAW AFFECTS THOUSANDS OF OPEN-SOURCE PROJECTS
–> ZIP slip flaw - threat post <–

Analysis of the Second Wave of Flash Zero-day Exploit in 2018
–> CVE-2018-5002 - 360.cn <–

Cisco Secure Access Control System Remote Code Execution Vulnerability
–> CVE-2018-0253 - CISCO <–

InvisiMole: surprisingly equipped spyware, undercover since 2013
–> InvisiMole - We Live Security <–