Preface

What is this and why does it exist?

All links, the content behind and the opinions there are not mine.
If you follow an external link, it is your problem, not mine if you do not like, what you find there.
Please be aware, that this is just a list of topics I find interesting.

All mentioned security tools can be found here: https://github.com/MrMarco74/security-geraffel


Tools

IDAtropy is a plugin for Hex-Ray’s IDA Pro designed to generate charts of entropy and histograms using the power of idapython and matplotlib.
–> IDAtropy - github <–

A toolset to make a system look as if it was the victim of an APT attack
–> APTSimulator - github <–

Proof of concept attack and detection for ROBOT (Return Of Bleichenbacher’s Oracle Threat).
–> robot-detect - github <–

Kernel Driver Fuzzer
–> kDriver-Fuzzer - github <–

Stealing CSRF tokens with CSS injection (without iFrames)
–> cssInjection - github <–

Simple program that allows you to run commands as another user without being prompted for their password.
–> runsharp - github <–

display unicode character properties
–> unicode - github <–

Tool for dropping malware from EK
–> mal_getter - github <–

Generates permutations, alterations and mutations of subdomains and then resolves them
–> altdns - github <–

ommand-line tool to scan Google search results for vulnerabilities
–> dorkbot - github <–



Talks & Knowledge

Quickpost: Remote Shell On Windows Via Tor Onion Service
–> Quickpost: Remote Shell On Windows Via Tor Onion Service - Didier Stevens <–

AutoSploit: Mass Exploitation Just Got a Lot Easier
–> AutoSploit - DARKreading <–

New public open source sandbox analysis system
–> Cape Sandbox - Context IS <–



Threats

Covert Data Channel in TLS dodges network perimeter protection
–> Covert Data Channel in TLS - threatpost <–

Knock, knock. Who’s there? Another Amazon Key door-lock hack
–> Amazon Key door-lock hack - The Register <–

Attackers Exploiting Unpatched Flaw in Flash
–> Flash Exploit - Krebs on Security <–

All Ledger hardware wallets vulnerable to man in the middle attack
–> Ledger hardware wallets vulnerable - HackRead <–