Preface

What is this and why does it exist?

All links, the content behind and the opinions there are not mine.
If you follow an external link, it is your problem, not mine if you do not like, what you find there.
Please be aware, that this is just a list of topics I find interesting.

All mentioned security tools can be found here: https://github.com/MrMarco74/security-geraffel



Tools

Windows RID Hijacking persistence technique
–> RID-Hijacking - github <–

Deserialization payload generator for a variety of .NET formatters
–> ysoserial.net - github <–

A targeted password brute force tool
–> PassGen - github <–

Auditing, system hardening, compliance testing
–> Lynis - Lynis <–

A bunch of JavaScript extensions for WinDbg
–> windbg-scripts - github <–

A library for prototyping realtime hand detection (bounding box), directly in the browser
–> handtrack.js - github <–

BinDiff 5 for IDA 7.2. Windows. Linux. macOS
–> BinDiff - zynamics <–

Six Degrees of Domain Admin - Update
–> BloodHound - github <–

A Bring Your Own Land Toolkit that Doubles as a WMI Provider
–> WheresMyImplant - github <–

Security auditing tool for Azure environments
–> azucar - github <–



Talks & Knowledge

XXE on Windows system …then what ??
–> XXE on Windows system - Medium <–

A software reverse engineering (SRE) suite of tools developed by NSA’s Research Directorate in support of the Cybersecurity mission
–> Ghidra Wiki - Because-Security Blog <–



Threats

Ghidra from XXE to RCE
–> Ghidra from XXE to RCE - YT / lock <–