Preface

What is this and why does it exist?

All links, the content behind and the opinions there are not mine.
If you follow an external link, it is your problem, not mine if you do not like, what you find there.
Please be aware, that this is just a list of topics I find interesting.

All mentioned security tools can be found here: https://github.com/MrMarco74/security-geraffel



Tools

Scan MSSQL databases for payment card data without relying on key words
–> DataLoc - github <–

A MT940 parser in Rust
–> mt940-rs - github <–

Faker is a PHP library that generates fake data for you
–> Faker - github <–

Check capabilities of european payment providers who participate in the SEPA system
–> sepa-clearer - github <–

A Python Package for Data Exfiltration - Version 1.0.0 Update
–> PyExfil - github <–

AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation
–> fireprox - github <–

A JavaScript Engine Fuzzer
–> fuzzilli - github <–



Talks & Knowledge

Bypassing AV (Windows Defender) … Cat vs. Mouse
–> Bypassing AV - cyberguider <–

LogParser EVTX Adventures
–> LogParser EVTX Adventures - DFIR TNT <–

WMI wiki for offense and defense
–> WMI wiki - peerlyst <–

Why is Kerberos Terrible?
–> Why is Kerberos Terrible? - Steve on Security <–

PoC||GTFO 0x19 is out!
–> pocorgtfo - github <–

Stealing Data With CSS: Attack and Defense
–> dubbed CSS Exfil - mike gualtieri <–



Threats

Unpatched Zero-Days in Microsoft Edge and IE Browsers Disclosed Publicly
–> IE/Edge Zero day - The Hacker News <–

FileZilla Untrusted Search Path
–> FileZilla vuln - Medium <–

Thousands of Unprotected Kibana Instances Exposing Elasticsearch Databases
–> Unprotected Kibana Instances - The Hacker News <–