Preface

What is this and why does it exist?

All links, the content behind and the opinions there are not mine.
If you follow an external link, it is your problem, not mine if you do not like, what you find there.
Please be aware, that this is just a list of topics I find interesting.

All mentioned security tools can be found here: https://github.com/MrMarco74/security-geraffel



Tools

Tool designed to help identify incorrectly configured Django applications that are exposing sensitive information
–> djangohunter - github <–

Utilizing thegithub ALPC Flaw in combination with Diagnostics Hub as found in Server 2016 and Windows 10
–> alpc-diaghub - github <–

FCL (Fileless Command Lines) - Known command lines of fileless malicious executions
–> FCL - github <–



Talks & Knowledge

Samsung Galaxy S9, iPhone X Hacked at Pwn2Own Tokyo
–> Pwn2Own Tokyo - SecurityWeek <–

Employees’ Poor Security Habits Getting Worse, Survey Finds
–> Sailpoint Research - InfoSecurity <–

Kinda useful notes collated together publicly
–> PentestHardware - github <–



Threats

UAC Bypass by Mocking Trusted Directories
–> UAC Bypass - Medium <–