Preface

What is this and why does it exist?

All links, the content behind and the opinions there are not mine.
If you follow an external link, it is your problem, not mine if you do not like, what you find there.
Please be aware, that this is just a list of topics I find interesting.

All mentioned security tools can be found here: https://github.com/MrMarco74/security-geraffel


Tools

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks
–> DOMPurify - github <–

Set up your own malware analysis lab with VirtualBox, INetSim and Burp
–> Malware Analysis Lab - Christophe Tafani-Dereeper <–

OALabs Malware Analysis Virtual Machine
–> Malware Analysis VM - OALabs <–

FuzzCheck is a coverage-guided fuzzing engine for Swift packages that works with typed values instead of raw binary buffers
–> fuzzcheck - github <–

Powershell-based Windows Security Auditing Toolbox
–> WINspect - github <–

Scan for open S3 buckets and dump
–> S3Scanner - github <–

Vulnerability PoCs of Android Bluetooth
–> CVE-2018-9365 - github <–

Crawler which extracts URLs, files, intel & endpoints from a target and is ridiculously fast
–> Photon - github <–

IlluminateJs is a static JavaScript deobfuscator
–> illuminatejs - github <–


Talks & Knowledge

Passing the hash with native RDP client (mstsc.exe)
–> Pass the hash with RDP - Michael Eder <–

Security, Moore’s law, and the anomaly of cheap complexity
–> Halvar Flake - Google Project Zero <–

Google Enables ‘Site Isolation’ Feature By Default For Chrome Desktop Users
–> Site Isolation Feature For Chrome - The Hacker News <–

Almost booting an iOS kernel in QEMU
–> iOS kernel in QEMU - Worth Doing Badly <–

Finding setuid binaries on Linux and BSD
–> Finding setuid bins - Linux Audit <–


Threats

Attackers Target iPhones Using Open Source MDM Solution
–> Attack iPhones over MDM - SecurityWeek <–

Multiple Bugs Found in QNAP Q’Center Web Console
–> QNAP Q’Center Bugs - threatpost <–

New Bluetooth Hack Affects Millions of Devices from Major Vendors
–> CVE-2018-5383 - The Hacker News <–