Preface

What is this and why does it exist?

All links, the content behind and the opinions there are not mine.
If you follow an external link, it is your problem, not mine if you do not like, what you find there.
Please be aware, that this is just a list of topics I find interesting.

All mentioned security tools can be found here: https://github.com/MrMarco74/security-geraffel


Tools

Java library to analyse Portable Executable files with a special focus on malware analysis and PE malformation robustness
–> PortEx - github <–

FPGA modules used together with the PCILeech Direct Memory Access (DMA) Attack Software
–> PCILeech FPGA - github <–

Archery is an opensource vulnerability assessment and management tool which helps developers and pentesters to perform scans and manage vulnerabilities
–> Archery - Archery <–

Researchers ported the NSA EternalSynergy, EternalRomance, and EternalChampion to Metasploit
–> NSA exploits in Metasploit - security affairs <–

FLARE IDA Pro Script Series: Simplifying Graphs in IDA
–> SimplifyGraph - FireEye <–

Proof of concept of LibreOffice remote arbitrary file disclosure vulnerability
–> CVE-2018-6871 - github <–

Quiet for Android - TCP over sound
–> org.quietmodem.Quiet - github <–

ActiveMime File Format Documentation
–> activemime-format - github <–

Longtime Sunshine is a proof of concept Nashorn based post exploitation framework. Nashorn is the JavaScript engine that Oracle introduced in Java 8.
–> Longtime Sunshine - github <–



Talks & Knowledge

How to escape sandboxes without technical skills
–> SandboxEscaper - SandboxEscaper <–

PCAP Analyzer for Splunk – Getting Started
–> Splunk/Wireshark - TCP Dump <–

Malware Analysis, Threat Intelligence and Reverse Engineering: workshop slides
–> Workshop slides - Blaze’s Security Blog <–

IDA v7.0 Freeware Version
–> IDA v7.0 - Hex-Rays <–

In-Memory Evasion
–> In-Memory Evasion - Cobalt Strike Blog <–

Evil XML with two encodings
–> Evil XML - Arseniy Sharoglazov <–

Feature, not bug: DNSAdmin to DC compromise in one line
–> DNSAdmin to DC compromise - Medium <–

Hackers hijack Nintendo Switch, show Linux loaded on console
–> Linux on Nintendo Switch - ars TECHNICA <–

Vshadow: Abusing the Volume Shadow Service for Evasion, Persistence, and Active Directory Database Extraction
–> Vshadow AD DB Extraction - bohops <–

Analyzing GrandSoft Exploit Kit
–> Analyzing GrandSoft Exploit Kit - nao_sec <–

Abusing Token Privileges For Windows Local Privilege Escalation
–> Abusing Token Privileges for Escalation - Foxglove Security <–

Windows 10 has the ability to get system-unique tracking identifiers that persist across reinstalls by storing them in the TPM or UEFI firmware variables
–> SystemIdentification Class - Microsoft <–



Threats

Hackers Can Now Steal Data Even From Faraday Cage Air-Gapped Computers
–> Get over Air-Gap in a Faraday Cage - The Hacker News <–

Return of Quant Loader: Malspam using PDF files tries a new tactic
–> Quant Loader - Malware Traffic Analysis <–

TheFatRat and BeEF - pre and post exploitation method
–> TheFatRat and BeEF - Dcctor Chaos <–

Yet another way to hide from Sysinternals’ tools
–> Hide from Sysinternals tools - Hexacorn Ltd <–

New Monero mining malware infected 500K PCs by using 2 NSA exploits
–> Monero mining malware - Hack Read <–