Preface

What is this and why does it exist?

All links, the content behind and the opinions there are not mine.
If you follow an external link, it is your problem, not mine if you do not like, what you find there.
Please be aware, that this is just a list of topics I find interesting.

All mentioned security tools can be found here: https://github.com/MrMarco74/security-geraffel



Tools

Post Exploitation Collection - This repository is a collection of the post exploitation voodoo from too many sources to name
–> post-exploitation - github <–

The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks
–> bettercap - github <–

Exchange your privileges for Domain Admin privs by abusing Exchange
–> privexchange - github <–

Gets plaintext Active Directory credentials if you’re on the internal network but outside the AD environment
–> icebreaker - github <–



Talks & Knowledge

Offensive Security Bookmarks
–> Offensive Security Bookmarks - github / EK <–

Decompilation Using Pattern-Independent Control-Flow Structuring and Semantics-Preserving Transformations
–> No More Gotos - github <–

Steganography - A list of useful tools and resources
–> Steganography - github <–

c++patterns
–> c++patterns - c++patterns <–

Bypassing Crowdstrike Falcon detection, from phishing email to reverse shell
–> Crowdstrike bypass - 0x00sec <–

URLhaus API Documentation
–> URLhaus API Documentation - URLhaus <–

Extracting user password data with mimikatz dcsync
–> mimikatz dcsync - ASDF <–

Making Meterpreter Look Google-Signed (Using MSI & JAR Files)
–> Meterpreter KnowHow - Medium <–



Threats

It only takes a Skype Call to Unlock an Android Handset
–> Skype unlocks Android - HackRead <–

DNS Infrastructure Hijacking Campaign
–> Alert (AA19-024A) - US-CERT <–

Exploit for a bug in TurboFan’s typing of JSCall nodes for builtins kStringLastIndexOf and kStringIndexOf
–> TurboFan Exploit - github <–