Preface

What is this and why does it exist?

All links, the content behind and the opinions there are not mine.
If you follow an external link, it is your problem, not mine if you do not like, what you find there.
Please be aware, that this is just a list of topics I find interesting.

All mentioned security tools can be found here: https://github.com/MrMarco74/security-geraffel


Tools

A 147 char XSS polyglot which can break out of 20+ contexts
–> Awesome Polyglots - github <–

LDAP library for auditing MS AD
–> msldap - github <–

Halfempty is a new testcase minimization tool, designed with parallelization in mind
–> halfempty - github <–

Basic functionality of this module is ability to quickly verify if given IP address is on any of over 80 defined DNSBL lists
–> PSBlackListChecker - github <–

Gitrob: Now in Go
–> gitrob - Michael Henriksen <–

A Linux version of the ProcDump Sysinternals tool
–> ProcDump-for-Linux - github <–

Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind
–> Parrot Security 4.3 - Parrot Project <–


Talks & Knowledge

Another Word on Delegation
–> AD Delegation - harmj0y <–

5 Ways to Find Systems Running Domain Admin Processes
–> Find Running Domain Admin Processes - netSPI <–

PowerShell: Documenting your environment by running systeminfo on all Domain-Computers
–> powershell environment sysinfo scanner - sid-500.com <–

GDB + GEF cheatsheet for reversing binaries
–> gdb_gef-cheatsheet - github <–

How to bypass AMSI and execute ANY malicious Powershell code
–> bypass AMSI - zc00l blog <–


Threats

Two New Bluetooth Chip Flaws Expose Millions of Devices to Remote Attacks
–> CVE-2018-16986 / CVE-2018-7080 - The Hacker News <–

Google Home (in)Security
–> Google Home (in)Security - Jerry Gamblin <–

PoC for the iOS 11.4.1 and MacOS 10.13 kernel vulnerability in lio_listio
–> lightspeed - github <–

iOS 12.1 passcode bypass
–> iOS 12.1 passcode bypass - HackRead <–

New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data
–> CVE-2018-5407 - The Hacker News <–

Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs)
–> CVE-2018-12037 / CVE-2018-12038 - Carlo Meijer <–

GNU Wget: Eine Schwachstelle ermöglicht die Manipulation von Cookies
–> CVE-2018-0494 - DFN Cert <–