Interesting Things & Useful Stuff

Table of Contents

Sort

https://www.recordedfuture.com/disinformation-service-campaigns/ https://getindico.io/

https://www.niceideas.ch/roller2/badtrash/entry/deciphering-the-bengladesh-bank-heist https://citizenlab.ca/2018/10/the-kingdom-came-to-canada-how-saudi-linked-digital-espionage-reached-canadian-soil/

  • Cambridge Analytica explains how the Trump campaign worked
    • Molly Schweickert, Vice President Global Media from Cambridge Analytica on "How digital advertising worked for the US 2016 presidential campaign". How they used Facebook user data and other sources to target specific users with individual messages for the 2016 Trump election campaign. She is Alexander Nix' digital marketing expert.

http://www.tidepools.co/history.html https://www.iafrikan.com/2019/09/02/south-africa-mass-surveillance-spying-undersea-fiber-cables/ http://habitatchronicles.com/2007/03/the-untold-history-of-toontowns-speedchat-or-blockchattm-from-disney-finally-arrives/ https://v1.escapistmagazine.com/articles/view/video-games/issues/issue_101/559-Will-Bobba-for-Furni.3

  • HiJackThis Fork v3

  • Revealed: How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran - Kim Zetter, Huib Modderkolk(Yahoo News)

  • Why Arabs Lose Wars - Norvell B. De Atkine - Middle East Quarterly(1999)

  • Flame Warriors - Mike Reed

  • Spying

    • https://theintercept.com/2018/05/19/japan-dfs-surveillance-agency/
    • http://www.spiegel.de/international/germany/inside-the-nsa-s-war-on-internet-security-a-1010361.html
    • https://commons.erau.edu/cgi/viewcontent.cgi?article=1008&context=ibpp
    • http://science.sciencemag.org/content/363/6425/374
    • https://www.amazon.com/The-Widow-Spy-Martha-Peterson/dp/0983878129
    • http://www.wect.com/story/31012495/ex-cia-spy-recalls-her-time-in-russia/
    • https://espionagehistoryarchive.com/2015/03/24/the-kgbs-intelligence-school/
    • https://ia800300.us.archive.org/16/items/MoraleOperations/MoraleOperations.pdf
    • https://repository.library.georgetown.edu/bitstream/handle/10822/553096/mobleyBlake.pdf?se
    • https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/csi-studies/studies/vol.-57-no.-1-a/vol.-57-no.-1-a-pdfs/Burkett-MICE%20to%20RASCALS.pdf
    • https://drive.google.com/file/d/0Bzt0K7_O4qyqNE1UMG5Uc1VGcXc/edit
    • https://longreads.com/2015/01/12/the-dark-arts-a-corporate-espionage-reading-list/
    • https://www.gov.uk/government/speeches/mi6-c-speech-on-fourth-generation-espionage
    • https://www.bellingcat.com/resources/how-tos/2019/02/01/tracking-illicit-transactions-with-blockchain-a-guide-featuring-mueller/
    • https://www.reuters.com/investigates/special-report/usa-spying-raven/ China
    • https://www.theguardian.com/news/2018/dec/07/china-plan-for-global-media-dominance-propaganda-xi-jinping https://theblog.okcupid.com/the-case-for-an-older-woman-99d8cabacdf5 https://theblog.okcupid.com/the-big-lies-people-tell-in-online-dating-a9e3990d6ae2

https://pagedout.institute/?page=issues.php https://www.cnet.com/forums/discussions/beyond-the-grave-virus-infecting-hedge-funds/

https://elpais.com/elpais/2019/03/13/inenglish/1552464196_279320.html http://www.catb.org/~esr/jargon/html/koans.html

https://cepr.shorthandstories.com/haiti-contractors/index.html https://www.brennancenter.org/analysis/just-what-fbi-investigation-fact-sheet https://vault.fbi.gov/FBI%20Domestic%20Investigations%20and%20Operations%20Guide%20%28DIOG%29/FBI%20Domestic%20Investigations%20and%20Operations%20Guide%20%28DIOG%29%202016%20Version/FBI%20Domestic%20Investigations%20and%20Operations%20Guide%20%28DIOG%29%202016%20Version%20Part%2001%20of%2002/view

  • gotty
    • Share your terminal as a web application https://baesystemsai.blogspot.com/2016/04/two-bytes-to-951m.html https://www.ribbonfarm.com/2012/03/08/halls-law-the-nineteenth-century-prequel-to-moores-law/ https://epic.org/2019/01/border-agency-finalizes-social.html https://epic.org/foia/epic-v-dhs-media-monitoring/ https://www.govinfo.gov/content/pkg/FR-2018-12-27/pdf/2018-27944.pdf https://www.rand.org/research/gun-policy/analysis/essays/mass-shootings.html https://priceonomics.com/the-san-francisco-drug-economy/

https://cosmism.blogspot.com/2010/05/existentialism-today-terror-management.html

https://www.mail-archive.com/lt@lists.liberationtech.org/msg00104.html

  • A Verified Information-Flow Architecture
    • SAFE is a clean-slate design for a highly secure computer system, with pervasive mechanisms for tracking and limiting information flows. At the lowest level, the SAFE hardware supports fine-grained programmable tags, with efficient and flexible propagation and combination of tags as instructions are executed. The operating system virtualizes these generic facilities to present an information-flow abstract machine that allows user programs to label sensitive data with rich confidentiality policies. We present a formal, machine-checked model of the key hardware and software mechanisms used to control information flow in SAFE and an end- to-end proof of noninterference for this model.
  • SimpleVisor
    • SimpleVisor is a simple, portable, Intel VT-x hypervisor with two specific goals: using the least amount of assembly code (10 lines), and having the smallest amount of VMX-related code to support dynamic hyperjacking and unhyperjacking (that is, virtualizing the host state from within the host). It works on Windows and UEFI.
  • Adapting Software Fault Isolation to Contemporary CPU Architectures
    • Software Fault Isolation (SFI) is an effective approach to sandboxing binary code of questionable provenance, an interesting use case for native plugins in a Web browser. We present software fault isolation schemes for ARM and x86-64 that provide control-flow and memory integrity with average performance overhead of under 5% on ARM and 7% on x86-64. We believe these are the best known SFI implementations for these architectures, with significantly lower overhead than previous systems for similar architectures. Our experience suggests that these SFI implementations benefit from instruction-level parallelism, and have particularly small impact for work- loads that are data memory-bound, both properties that tend to reduce the impact of our SFI systems for future CPU implementations.

http://spth.virii.lu/articles.htm https://bugs.php.net/bug.php?id=50696 https://dynamicland.org/

End Sort


General Articles

  • General
  • Airplanes
  • Attacking
  • Attribution
  • Barcodes
    • Simplifying the Business Bar Coded Boarding Pass Implementation Guide
    • What’s contained in a boarding pass barcode?
    • QR Code interesting
    • ClearImage Free Online Barcode Reader / Decoder
    • Decoding Small QR-Codes by hand
    • QR Inception: Barcode-in-Barcode Attacks
      • 2D barcodes offer many benefits compared to 1D barcodes, such as high information density and robustness. Before their introduction to the mobile phone ecosystem, they have been widely used in specific applications, such as logistics or ticketing. However, there are multiple competing standards with different benefits and drawbacks. Therefore, reader applications as well as dedicated devices have to support multiple standards. In this paper, we present novel attacks based on deliberately caused ambiguities when especially crafted barcodes conform to multiple standards. Implementation details decide which standard the decoder locks on. This way, two users scanning the same barcode with different phones or apps will receive different content. This potentially opens way for multiple problems related to security. We describe how embedding one barcode symbology into another can be used to perform phishing attacks as well as targeted exploits. In addition, we evaluate the extent to which popular 2D barcode reader applications on smartphones are susceptible to these barcode-in-barcode attacks. We furthermore discuss mitigation techniques against this type of attack.
  • Breaches
  • Code Search Engines
    • symbolhound
      • SymbolHound is a search engine that doesn't ignore special characters. This means you can easily search for symbols like &, %, and π. We hope SymbolHound will help programmers-------- find information about their chosen languages and frameworks more easily.
    • grokbit
      • Code search engine
  • Crypto
    • RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis
      • Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.
    • Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks On PCs
      • We demonstrated physical side-channel attacks on a popular software implementation of RSA and ElGamal, running on laptop computers. Our attacks use novel side channels and are based on the observation that the "ground" electric potential in many computers fluctuates in a computation-dependent way. An attacker can measure this signal by touching exposed metal on the computer's chassis with a plain wire, or even with a bare hand. The signal can also be measured at the remote end of Ethernet, VGA or USB cables. Through suitable cryptanalysis and signal processing, we have extracted 4096-bit RSA keys and 3072-bit ElGamal keys from laptops, via each of these channels, as well as via power analysis and electromagnetic probing. Despite the GHz-scale clock rate of the laptops and numerous noise sources, the full attacks require a few seconds of measurements using Medium Frequency signals (around 2 MHz), or one hour using Low Frequency signals (up to 40 kHz).
  • Databases
  • Educational
  • Funny
    • Hacker Scripts
      • Based on a true story
    • Programming Sucks
    • pewpew
      • Why should security vendors be the only ones allowed to use silly, animated visualizations to "compensate"? Now, you can have your very own IP attack map that's just as useful as everyone else's. IPew is a feature-rich, customizable D3 / javascript visualization, needing nothing more than a web server capable of serving static content and a sense of humor to operate.
  • General Computation
    • Introduction to Resource Oriented Computing - Whitepaper
    • Detecting Automation of Twitter Accounts: Are You a Human, Bot, or Cyborg
    • A Tale of Two Kernels: Towards Ending Kernel Hardening Wars with Split Kernel
      • Abstract: Software security practitioners are often torn between choosing per- formance or security. In particular, OS kernels are sensitive to the smallest performance regressions. This makes it difficult to develop innovative kernel hardening mechanisms: they may inevitably incur some run-time performance overhead. Here, we propose building each kernel function with and without hardening, within a single split kernel . In particular, this allows trusted processes to be run under unmodified kernel code, while system calls of untrusted pro- cesses are directed to the hardened kernel code. We show such trusted processes run with no overhead when compared to an un- modified kernel. This allows deferring the decision of making use of hardening to the run-time. This means kernel distributors, system administrators and users can selectively enable hardening accord- ing to their needs: we give examples of such cases. Although this approach cannot be directly applied to arbitrary kernel hardening mechanisms, we show cases where it can. Finally, our implementa- tion in the Linux kernel requires few changes to the kernel sources and no application source changes. Thus, it is both maintainable and easy to use
    • The Eavesdropper’s Dillemma
    • Mov is turing ocmplete
    • Towards Optimization-Safe Systems: Analyzing the Impact of Undefined Behavior
      • This paper studies an emerging class of software bugs called optimization-unstable code: code that is unexpectedly discarded by compiler optimizations due to undefined behavior in the program. Unstable code is present in many systems, including the Linux kernel and the Postgres database. The consequences of unstable code range from incorrect functionality to missing security checks. To reason about unstable code, this paper proposes a novel model, which views unstable code in terms of optimizations that leverage undefined behavior. Using this model, we introduce a new static checker called Stack that precisely identifies unstable code. Applying Stack to widely used systems has uncovered 160 new bugs that have been confirmed and fixed by developers
    • Annoyances Caused by Unsafe Assumptions
      • This installation of What Were They Thinking illustrates some of the annoyances that can be caused when developing software that has to inter-operate with third-party applications. Two such cases will be dissected and discussed in detail for the purpose of showing how third-party applications can fail when used in conjunction with software that performs certain tasks. The analysis of the two cases is meant to show how complex failure conditions can be analyzed and used to determine inter-operability problems.
    • Reflections on Trusting Trust
    • Ceremony Design and Analysis
      • Abstract: The concept of Ceremony is introduced as an extension of the concept of network protocol, with human nodes alongside computer nodes and with communication links that include UI, human-to-human communication and transfers of physical objects that carry data. What is out-of-band to a protocol is in-band to a ceremony, and therefore subject to design and analysis using variants of the same mature techniques used for the design and analysis of protocols. Ceremonies include all protocols, as well as all applications with a user interface, all workflow and all provisioning scenarios. A secure ceremony is secure against both normal attacks and social engineering. However, some secure protocols imply ceremonies that cannot be made secure.
    • Lightweight Virtualization on Microkernel-based Systems
  • History
  • Informational
  • Informational(non-serious-kinda)
  • Internet
    • chipmachine
    • Wars Within
      • In this paper I will uncover the information exchange of what may be classified as one of the highest money making schemes coordinated by 'organized crime'. I will elaborate on information gathered from a third party individual directly involved in all aspects of the scheme at play. I will provide a detailed explanation of this market's origin, followed by a brief description of some of the actions strategically performed by these individuals in order to ensure their success. Finally, I will elaborate on real world examples of how a single person can be labeled a spammer, malware author, cracker, and an entrepreneur gone thief. For the purposes of avoiding any legal matters, and unwanted media, I will refrain from mentioning the names of any individuals and corporations who are involved in the schemes described in this paper.
    • Seven Months’ Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse
      • Abstract: Typosquatting is the act of purposefully registering a domain name that is a mistype of a popular domain name. It is a concept that has been known and studied for over 15 years, yet still thoroughly practiced up until this day. While previous typosquatting studies have always taken a snapshot of the typosquatting landscape or base their longitudinal results only on domain registration data, we present the first content- based , longitudinal study of typosquatting. We collected data about the typosquatting domains of the 500 most popular sites of the Internet every day, for a period of seven months, and we use this data to establish whether previously discovered typosquatting trends still hold today, and to provide new results and insights in the typosquatting landscape. In particular we reveal that, even though 95% of the popular domains we investigated are actively targeted by typosquatters, only few trademark owners protect themselves against this practice by proactively registering their own typosquatting domains. We take advantage of the longitudinal aspect of our study to show, among other results, that typosquatting domains change hands from typosquatters to legitimate owners and vice versa, and that typosquatters vary their monetization strategy by hosting different types of pages over time. Our study also reveals that a large fraction of typosquatting domains can be traced back to a small group of typosquatting page hosters and that certain top-level domains are much more prone to typosquatting than others
  • Marketing
  • News
  • Programming
    • Object-oriented HTML
      • HTML isn't a programming language as such, it's actually a markup language. This means that it misses out on a lot of the good stuff that real programming languages have, including the joys of object-oriented programming. This project brings inheritance, polymorphism, and public "methods" to HTML. With startling imagination, I've called it object-oriented HTML and chosen the file extension .oohtml.
  • Political
  • Random
    • what3words
    • what3words provides a precise and incredibly simple way to talk about location. We have divided the world into a grid of 3m x 3m squares and assigned each one a unique 3 word address.
  • Side Channel Attacks
    • A Practical Methodology for Measuring the Side-Channel Signal Available to the Attacker for Instruction-Level Event
      • Abstract: This paper presents a new metric, which we call Signal Available to Attacker (SAVAT), that measures the side channel signal created by a specific single-instruction difference in program execution, i.e. the amount of signal made available to a potential attacker who wishes to decide whether the program has executed instruction/event A or instruction/event B. We also devise a practical methodology for measuring SAVAT in real systems using only user-level access permissions and common measurement equipment. Finally, we perform a case study where we measure electromagnetic (EM) emanations SAVAT among 11 different instructions for three different laptop systems. Our findings from these experiments confirm key intuitive expectations, e.g. that SAVAT between on-chip instructions and off-chip memory accesses tends to be higher than between two on-chip instructions. However, we find that particular instructions, such as integer divide, have much higher SAVAT than other instructions in the same general category (integer arithmetic), and that last-level-cache hits and misses have similar (high) SAVAT. Overall, we confirm that our new metric and methodology can help discover the most vulnerable aspects of a processor architecture or a program, and thus inform decision-making about how to best manage the overall side channel vulnerability of a processor, a program, or a system.
    • Palinopsia - Is your VirtualBox reading your E-Mail? Reconstruction of FrameBuffers from VRAM
  • Timelines

Regex for credit cards
 ^(?:4[0-9]{12}(?:[0-9]{3})?          # Visa
 |  5[1-5][0-9]{14}                  # MasterCard
 |  3[47][0-9]{13}                   # American Express
 |  3(?:0[0-5]|[68][0-9])[0-9]{11}   # Diners Club
 |  6(?:011|5[0-9]{2})[0-9]{12}      # Discover
 |  (?:2131|1800|35\d{3})\d{11}      # JCB
)$

Interesting Talks/Videos

  • Interesting Talks

    • You and Your Research - Haroon Meer
      • What does it take to do quality research? What stops you from being a one-hit wonder? Is there an age limit to productive hackery? What are the key ingredients needed and how can you up your chances of doing great work? In a talk unabashedly stolen from far greater minds we hope to answer these questions and discuss their repercussions.
    • Bootstrapping A Security Research Project Andrew Hay
      • It has become increasingly common to see a headline in the mainstream media talking about the latest car, television, or other IoT device being hacked (hopefully by a researcher). In each report, blog, or presentation, we learn about the alarming lack of security and privacy associated with the device's hardware, communications mechanisms, software/app, and hosting infrastructure in addition to how easy it might be for an attacker to take advantage of one, or multiple, threat vectors. The truth is, anyone can perform this kind of research if given the right guidance. To many security professionals, however, the act of researching something isn,t the problem...it's what to research, how to start, and when to stop. Academics think nothing of researching something until they feel it's "done" (or their funding/tenure runs out). Security professionals, however, often do not have that luxury. This session will discuss how to research, well, ANYTHING. Proven methods for starting, continuing, ending, leading, and collaborating on reproducible research will be discussed - taking into account real-world constraints such as time, money, and a personal life. We will also discuss how to generate data, design your experiments, analyze your results, and present (and in some cases defend) your research to the public.
    • A talk about (info-sec) talks - Haroon Meer
      • Last year there was an Information Security conference taking place for almost every day of the year. This translates to about 15 information security talks per day, every day. The question is, is this a bad thing? Even niche areas of the info-sec landscape have their own dedicated conference these days. Is this a good thing?
    • Take Charge of Your Infosec Career! - Glen Roberts - BSidesSLC2015
      • You spent $5,000, a plane trip, a hotel and a full workweek on your last infosec course but when was the last time you invested even just a few hours of your time exclusively to developing your infosec career in a truly meaningful way? This talk will challenge the way you view your career and give you actionable steps for taking charge of it so you can optimize the rewards and fulfillment you receive from your work. Glen will leverage the stories and best practices from dozens of information security professionals to help inspire your infosec career journey. This presentation will be engaging and speak to the soul in a way that instills ownership of your own career and generates a passion for finding and carving out your own authentic career path.
    • Con Video Rig Enhancements - IronGeek & SkyDog
  • Attacking/PenTester/RedTeam

  • Educational

    • Con Video Rig Enhancements - IronGeek & SkyDog
    • How to Become an InfoSec Autodidact - Kelly Shortridge - Duo Tech Talk
    • Volatile Memory: Behavioral Game Theory in Defensive Security
    • The Art of Explanation: Behavioral Models of InfoSec - Kelly Shortridge
    • 301 The Road to Hiring is Paved in Good Intentions Tim OBrien
    • Ermahgerd: Lawrs - Robert Heverly - Anycon17
      • When do you, and other coders, hackers, developers, and tinkerers, think or worry about the law? If your answer is, ?Not very often,? then this talk is for you. We all need to think about the law. And it's not just privacy, or computer fraud, or even anti-circumvention law, that we should think about. We need to think about law as a whole and how it can help us do or stop us from doing what we want to do. This talk will start with a broad overview of the ways in which we implicate law when we do what we do, and then will focus on what that means for us and the broader implications that can arise from our various activities. Do you think the law would stop you from doing what you want to do or punish you for doing it? It might, but it also might not. If you think it does, do you think you should be able to do what you want to do? If you do, then we need to hack the law, and to do that we?ll need to talk to the legal coders, those writers of our cultural software. This talk will tackle not only law and working with code, but also why it matters for us to be aware of the law and engaged in improving it.
    • The Impact of Dark Knowledge and Secrets on Security and Intelligence Professionals - Richard Thieme
      • Dismissing or laughing off concerns about what it does to a person to know critical secrets does not lessen the impact on life, work, and relationships of building a different map of reality than “normal people” use. One has to calibrate narratives to what another believes. One has to live defensively, warily. This causes at the least cognitive dissonance which some manage by denial. But refusing to feel the pain does not make it go away. It just intensifies the consequences when they erupt. Philip K. Dick said, reality is that which, when you no longer believe in it, does not go away. When cognitive dissonance evolves into symptoms of traumatic stress, one ignores those symptoms at one’s peril. But the very constraints of one’s work often make it impossible to speak aloud about those symptoms, because that might threaten one’s clearances, work, and career. And whistle blower protection is often non-existent.
    • Weapons of Mass Distraction
      • In this talk, we aim to briefly cover the background of sock puppets (and related attacks) before moving on to real world demonstrations & “attacks“. Rigging polls, abusing Twitter, causing Reddit riots & targeting popular news organisations are some of the (many) attacks covered. In all these cases we discuss what we tried, what worked, what didn’t and what the implications are of the attacks. Where possible we will cover defences and solutions.
    • Youre stealing it wrong 30 years of inter pirate battles - Jason Scott - Defcon 18
    • [TROOPERS15] Andreas Lindh - Defender Economics
  • Genuinely Interesting/Unusual

    • Achilles Heel of the American Banking System
    • You're Leaking Trade Secrets - Defcon22 Michael Schrenk
      • Networks don't need to be hacked for information to be compromised. This is particularly true for organizations that are trying to keep trade secrets. While we hear a lot about personal privacy, little is said in regard to organizational privacy. Organizations, in fact, leak information at a much greater rate than individuals, and usually do so with little fanfare. There are greater consequences for organizations when information is leaked because the secrets often fall into the hands of competitors. This talk uses a variety of real world examples to show how trade secrets are leaked online, and how organizational privacy is compromised by seemingly innocent use of The Internet.
    • Exploiting Network Surveillance Cameras Like a Hollywood Hacker - Black Hat 2013
    • Paypals War on Terror - Chaos Communication Congress 31
    • CompSci in the DPRK
    • Disrupting an Adware-serving Skype Botnet
      • Not crazy technical or anything, moreso an interesting tale that shows one person with a little bit of skill can disrupt malvertising campaigns with a little legwork.
    • Software Supply Chains and the Illusion of Control - Derek Weeks
      • In this presentation I am sharing the results of a three-year, industry-wide study on open source development and security practices across 3,000 organizations and 25,000. I will detail how these organizations are employing a vast community of open source component suppliers, warehouses, and development tools that take the form of software supply chains. Modern software development practices are now consuming BILLIONS of open source and third-party components. The tooling with package managers and build tools such as Maven, Gradle, npm, NuGet, RubyGems and others has promoted the usage of components to a convenient standard practice. As a result, 90% of a typical application is now composed of open source components. The good news: use of the components is improving developer productivity and accelerating time to market. However, using these components brings ownership and responsibility with it and this fact is largely overlooked. The unspoken truth: not all parts are created equal. For example, 1 in 16 components in use include known security vulnerabilities. Ugh. This session aims to enlighten development professionals by sharing results from the State of the Software Supply Chain reports from 2015 through 2017. The reports blend of public and proprietary data with expert research and analysis. Attendees in this session will learn: - What our analysis of 25,000 applications reveals about the quality and security of software built with open source components - How organizations like Mayo Clinic, Exxon, Capital One, the U.S. FDA and Intuit are utilizing the principles of software supply chain automation to improve application security - Why avoiding open source components over 3 years old might be a really good idea - How to balance the need for speed with quality and security -- early in the development lifecycle We will also discuss how you can best approach the effort for development teams to identify, track and replace components with known vulnerabilities, while getting more products and new features to market quickly. Attend this session and gain insight as to how your organization’s application development practices compare to others. I'll share the industry benchmarks to take back and discuss with your development, security, and open source governance teams.
    • Hacks, Lies, & Nation States - Mario DiNatale - ANYCON 2017
      • A hilarious and non-technical skewering of the current state of Cybersecurity, the Cybersecurity
    • Money Makes Money: How To Buy An ATM And What You Can Do With It by Leigh Ann Galloway - BSides Manchester2017
    • (In)Outsider Trading – Hacking stocks using public information and (influence) - Robert Len - BSides CapeTown16
      • This talk will take a look at how inadvertently leaked technical information from businesses, can be used to successfully trade stocks. This results in making huge profits. We look at different methods of influencing the stock market, such as DDOS attacks (at critical time periods) and simple techniques such as Phish-baiting CEO’s to acquire sensitive, relevant information that can be applied in the real world to make massive gains in profit. We will also take a look at historic trends. How previous hacks, breaches and DDOS attacks have affected stock prices and investor confidence over time. Specific reference will be made towards listed South African companies (Or a particular listed SA company) and a POC will hopefully be completed by the presentation date.
    • Pwning pwners like a n00b
      • Cybercrime, blackhat hackers and some Ukrainians. If that doesn’t catch your attention, then stop reading. Follow the story of how stupid mistakes, OPSEC fails, and someone with a little too much time on his hands was able to completely dismantle a spamming and webshell enterprise using really simple skills and techniques you could pick up in a week. Did we mention that d0x were had as well? This talk will be an in-depth examination at the investigation and exploitation process involved.
    • Human Trafficking in the Digital Age
    • Stealing Profits from Spammers or: How I learned to Stop Worrying and Love the Spam - Grant Jordan - Defcon17
      • Every time you look at your inbox, there it is... SPAM! Your penis needs enlargement, a horny single girl from Russia "accidentally" emailed you, and a former Nigerian prince knows that you're just the man to safeguard his millions. But in 2007, while still a student at MIT, one particular kind caught my eye: stock spam. Those bizarre stock market "tips" that claim you should buy a particular stock because it's "about to go through the roof!!!!" Like most people, I initially thought nothing of these ridiculous emails. That was until Kyle Vogt (now of Justin.tv) proposed the stupidest idea I had ever heard: "There has to be some way we can make money off these spammers". After trying, and failing, to prove Kyle wrong, the two of us embarked on a 4-month study into the dark depths of stock spam. In this talk, I'll explain how we went from hand-sorting tens of thousands of spam emails to developing a trading strategy able to take a piece of the spammers' profits. And how, in the process, our work produced data that disproved the results of nearly all the existing stock spam research.
  • Insider Threats

  • Policy

    • Just What The Doctor Ordered? - Scott Erven and Shawn Merdinger - DEF CON 22
      • This discussion will also highlight the fallout from security standards not being a requirement for medical device manufacturers, and our experience in identifying and reporting vulnerabilities. We will provide our insight into what needs to be done for healthcare organizations to respond to the new threat of cyber-attack against medical devices. We are working towards a future where cyber security issues in medical devices are a thing of the past. We will discuss the recent success and traction we have gained with healthcare organizations, federal agencies and device manufacturers in addressing these security issues. The train is now moving, so please join us to find out how you can get involved and make a difference by ensuring patient safety.
    • Psychology of Security - Stefan Schumacher - Trooper14
      • In this talk I will introduce the Institute’s research programme about the Psychology of Security. We are going to research the psychological basics of IT security, including: How do people experience IT security? How are they motivated? How do they learn? Why do people tend to make the same mistakes again and again (Buffer Overflow, anyone?)? What can we do to prevent security incidents? Which curricula should be taught about IT security?
    • Killing you softly Josh Bressers
      • The entire security industry has a serious skill problem. We,re technically able, but we have no soft skills. We can,t talk to normal people at all. We can barely even talk to each other, and it's killing our industry. Every successful industry relies on the transfer of skills from the experienced to the inexperienced. Security lacks this today. If I asked you how you learned what you know about security, what would your answer be? In most cases you learned everything you know on your own. There was minimal learning from someone else. This has left us with an industry full of magicians, but even worse it puts us in a place where there is no way to transfer skill and knowledge from one generation to the next. Magicians don,t scale. If we think about this in the context of how we engage non security people it's even worse! Most non security people have no idea what security is, what security does, or even why security is important. It's easy to laugh at the horrible security problems almost everything has today, but in reality we,re laughing at ourselves. Historically we,ve blamed everything else for this problem when in reality it's 100% our fault. One of the our great weaknesses is failing to get the regular people to understand security and why it's important. This isn,t a surprise if you think about how the industry communicates. We can barely talk to each other, how can we possibly talk to someone who doesn,t know anything about security? Normal people are confused and scared, they want to do the right thing but they have no idea what that is. The future leaders in security are going to have to be able to teach and talk to their security peers, but more importantly they will have to engage everyone else. Security is being paid attention to like never before, and yet we have nothing to say to anyone. What has changed in the last few years? If we don,t do our jobs, someone else will do them for us, and we,re not going to like the results. Security isn,t a technical problem, technical problems are easy, security is a communication problem. Communications problems are difficult. Let's figure out how we can fix that.
    • Bridging the Air Gap: Cross Domain Solutions - Patrick Orzechowski
      • For years the government has been using CDS to bridge networks with different classification levels. This talk will focus on what CDS systems are, how they’re built, and what kind of configurations are common in the wild. Furthermore, we’ll look at testing techniques to evaluate the security of these systems and potential ways to exploit holes in configuration and design. We’ll also look at the ways the commercial world might benefit from a data and type-driven firewall as well as some of the downfalls and negative aspects of implementing a cross-domain system.
  • Political

  • Misc/Didn't Fit above

  • Interesting Papers

  • "I want my money back!" Li­mi­t­ing On­line Pass­word-Gues­sing Fi­nan­ci­al­ly -Ma­xi­mi­li­an Golla, Da­ni­el V. Bai­ley, Mar­kus Dür­muth

    • In this work-in-pro­gress re­port, we pro­po­se an opt-in de­po­sit-ba­sed ap­proach to ra­te-li­mi­t­ing that tack­les on­line gues­sing at­tacks. By de­man­ding a small de­po­sit for each login at­tempt, which is im­me­dia­te­ly re­fun­ded after a suc­cess­ful sign in, on­line gues­sing at­ta­ckers face high costs for re­pea­ted un­suc­cess­ful log­ins. We pro­vi­de an in­iti­al ana­ly­sis of sui­ta­ble pay­ment sys­tems and re­a­sonable de­po­sit va­lues for re­al-world im­ple­men­ta­ti­ons and di­s­cuss se­cu­ri­ty and usa­bi­li­ty im­pli­ca­ti­ons of the sys­tem.
  • Emo­ji­Auth: Quan­ti­fy­ing the Se­cu­ri­ty of Emo­ji-ba­sed Au­then­ti­ca­ti­on - Ma­xi­mi­li­an Golla, Den­nis De­te­ring, Mar­kus Dür­muth

    • Mo­bi­le de­vices, such as smart­pho­nes and ta­blets, fre­quent­ly store con­fi­den­ti­al data, yet im­ple­men­ting a se­cu­re de­vice un­lock func­tio­na­li­ty is non-tri­vi­al due to re­stric­ted input me­thods. Gra­phi­cal know­ledge-ba­sed sche­mes have been wi­de­ly used on smart­pho­nes and are ge­ne­ral­ly well ad­ap­ted to the touch­screen in­ter­face on small screens. Re­cent­ly, gra­phi­cal pass­word sche­mes based on emoji have been pro­po­sed. They offer po­ten­ti­al be­ne­fits due to the fa­mi­li­a­ri­ty of users with emoji and the ease of ex­pres­sing me­mo­ra­ble sto­ries. Howe­ver, it is well-known from other gra­phi­cal sche­mes that user-selec­ted au­then­ti­ca­ti­on secrets can sub­stan­ti­al­ly limit the re­sul­ting en­tro­py of the au­then­ti­ca­ti­on secret. In this work, we study the en­tro­py of user-selec­ted secrets for one ex­em­pla­ry in­stan­tia­ti­on of emo­ji-ba­sed au­then­ti­ca­ti­on. We ana­ly­zed an im­ple­men­ta­ti­on using 20 emoji dis­play­ed in ran­dom order on a grid, where a user selects pass­codes of length 4 wi­thout fur­ther re­stric­tions. We con­duc­ted an on­line user study with 795 par­ti­ci­pants, using the collec­ted pass­codes to de­ter­mi­ne the re­sis­tan­ce to gues­sing based on se­ver­al gues­sing stra­te­gies, thus esti­ma­ting the selec­tion bias. We eva­lua­ted Mar­kov mo­del-ba­sed gues­sing stra­te­gies based on the selec­ted se­quence of emoji, on its po­si­ti­on in the grid, and com­bined mo­dels ta­king into ac­count both fea­tures. While we find selec­tion bias based on both the emoji as well as the po­si­ti­on, the me­a­su­red bias is lower than for si­mi­lar sche­mes. De­pen­ding on the model, we can re­co­ver up to 7% at 100 gues­sing at­tempts, and up to 11% of the pass­codes at 1000 gues­sing at­tempts. (For com­pa­ri­son, pre­vious work on the gra­phi­cal An­dro­id Un­lock pat­tern sche­me (CCS 2013) re­co­ver­ed around 18% at 100 and 50% at 1000 gues­sing at­tempts, de­s­pi­te a theo­re­ti­cal key­space of more than dou­b­le the size for the An­dro­id sche­me.) These re­sults de­mons­tra­te some po­ten­ti­al for a usa­ble and re­la­tive­ly se­cu­re sche­me and show that the size of the theo­re­ti­cal key­space is a bad pre­dic­tor for the rea­lis­tic guessa­bi­li­ty of pass­codes.
  • Interesting Software Projects

    • Upspin
      • Upspin is an experimental project to build a framework for naming and sharing files and other data securely, uniformly, and globally: a global name system of sorts. It is not a file system, but a set of protocols and reference implementations that can be used to join things like file systems and other storage services to the name space. Performance is not a primary goal. Uniformity and security are. Upspin is not an official Google product
  • Interesting Hardware Projects

    • Digital Ding Dong Ditch
      • Digital Ding Dong Ditch is a device to hack into and ring my best friend's wireless doorbell whenever I send a text message to the device. The best part of the device is that it causes my friend, without fail, to come outside, find no one, and go back in. In this project, we'll learn not only how to create this device, but how to reverse engineer radio frequencies we know nothing about using RTL-SDR (a ~$14 software defined radio), as well as creating hardware and software using Arduino, the Adafruit FONA (GSM/SMS/2G board), an RF (radio frequency) transmitter to transmit custom signals, and even how to reverse engineer a proprietary radio signal we know nothing about!

Screen Scraping

Tools

  • Tools
    • Scrapy
      • An open source and collaborative framework for extracting the data you need from websites. In a fast, simple, yet extensible way.
    • iMacros for Firefox
      • Automate Firefox. Record and replay repetitious work. If you love the Firefox web browser, but are tired of repetitive tasks like visiting the same sites every days, filling out forms, and remembering passwords, then iMacros for Firefox is the solution you’ve been dreaming of! Whatever you do with Firefox, iMacros can automate it.
    • Scraper - Chrome plugin
      • Scraper is a simple data mining extension for Google Chrome™ that is useful for online research when you need to quickly analyze data in spreadsheet form. To use it: highlight a part of the webpage you'd like to scrape, right-click and choose "Scrape similar...". Anything that's similar to what you highlighted will be rendered in a table ready for export, compatible with Google Docs™. This is a work-in-progress (i.e. there are bugs), and is currently intended for intermediate to advanced users who are comfortable with XPath, though jQuery is also supported to an extent.
    • IRobot
      • IRobot@IRobotSoft is an intelligent Web automation software. It features a small core that powers everything you need for handling Web data. You can easily teach and create your own robots to automate your daily activities. The robots will click links, submit forms, connect to databases, and run custom code to analyse data.
    • OutWit Hub - Shareware
      • OutWit Hub breaks down Web pages into their different constituents. Navigating from page to page automatically, it extracts information elements and organizes them into usable collections.
    • Webrecorder
      • Create high-fidelity, interactive web archives of any web site you browse
    • wikiteam
      • Tools for downloading and preserving wikis
    • Paste-Scraper
    • Wayback scraper
    • scrape-twitter
      • Access Twitter data without an API key
    • Puppeteer
      • Puppeteer is a Node library which provides a high-level API to control Chrome or Chromium over the DevTools Protocol. Puppeteer runs headless by default, but can be configured to run full (non-headless) Chrome or Chromium.
    • teleport
      • Modern SSH server for clusters and teams.

Simulators/ions

  • Simulators
    • Shadow
      • Summary: Shadow is a unique, open source discrete-event network simulator that runs real applications like Tor. Shadow combines the accuracy of emulation with the efficiency and control of simulation, achieving the best of both approaches
    • Hflow2
      • Data Analysis System
    • VirtualPlant
      • VirtuaPlant is a Industrial Control Systems simulator which adds a “similar to real-world control logic” to the basic “read/write tags” feature of most PLC simulators. Paired with a game library and 2d physics engine, VirtuaPlant is able to present a GUI simulating the “world view” behind the control system allowing the user to have a vision of the would-be actions behind the control systems.strated as the fruits of the bug hunting labour.

Various Purpose Based OS's

  • Various Purpose Based OS's
    • Parrot Security
    • Qubes
      • Qubes is an open-source operating system designed to provide strong security for desktop computing using Security by Compartmentalization approach. Qubes is based on Xen, the X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers. Qubes Release 1 was released in September 2012 and Release 2 in September 2014. Qubes also supports Windows-based AppVMs beginning with Release 2 (currently in “Beta”). Qubes Release 3 is coming soon and will introduce Hypervisor Abstraction Layer (HAL), allowing easy porting to alternative virtualization systems.
    • Liberte
      • Liberté Linux is a secure, reliable, lightweight and easy to use Gentoo-based LiveUSB/SD/CD Linux distribution with the primary purpose of enabling anyone to communicate safely and covertly in hostile environments. Whether you are a privacy advocate, a dissident, or a sleeper agent, you are equally likely to find Liberté Linux useful as a mission-critical communication aid.
    • Archassault
      • The ArchAssault Project is an Arch Linux derivative for penetration testers, security professionals and all-around Linux enthusiasts. This means we import the vast majority of the official upstream Arch Linux packages, these packages are unmodified from their upstream source. While our Arch Linux base is primarily untouched, there are times were we have to fork a package to be able to better support our vast selection of tools. All of our packages strive to maintain the Arch Linux standards, methods and philosophies.
    • Kali linux
      • You do pentesting with it.
    • Tails
      • Tails is a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity, and helps you to: use the Internet anonymously and circumvent censorship; all connections to the Internet are forced to go through the Tor network; leave no trace on the computer you are using unless you ask it explicitly; use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.
    • PenQ
      • PenQ is an open source, Linux-based penetration testing browser bundle we built over Mozilla Firefox. It comes pre-configured with security tools for spidering, advanced web searching, fingerprinting, anonymous browsing, web server scanning, fuzzing, report generating and more.
    • Active Defense Harbinger Distribution (ADHD)
      • The Active Defense Harbinger Distribution (ADHD) is a Linux distro based on Ubuntu LTS. It comes with many tools aimed at active defense preinstalled and configured. The purpose of this distribution is to aid defenders by giving them tools to "strike back" at the bad guys. ADHD has tools whose functions range from interfering with the attackers' reconnaissance to compromising the attackers' systems. Innocent bystanders will never notice anything out of the ordinary as the active defense mechanisms are triggered by malicious activity such as network scanning or connecting to restricted services.
    • Blogpost going over it/setting it up - HolisticInfosec

Interesting Software

  • Generally Interesting
    • scanless
      • Command-line utility for using websites that can perform port scans on your behalf. Useful for early stages of a penetration test or if you'd like to run a port scan on a host and have it not come from your IP address.
    • Simplevisor
      • SimpleVisor is a simple, portable, Intel VT-x hypervisor with two specific goals: using the least amount of assembly code (10 lines), and having the smallest amount of VMX-related code to support dynamic hyperjacking and unhyperjacking (that is, virtualizing the host state from within the host). It runs on both Windows and UEFI.
  • Data Visualization
    • ProcDOT
      • This tool processes Sysinternals Process Monitor (Procmon) logfiles and PCAP-logs (Windump, Tcpdump) to generate a graph via the GraphViz suite. This graph visualizes any relevant activities (customizable) and can be interactively analyzed.
    • Local
    • Foreign LINUX
      • Foreign LINUX is a dynamic binary translator and a Linux system call interface emulator for the Windows platform. It is capable of running unmodified Linux binaries on Windows without any drivers or modifications to the system. This provides another way of running Linux applications under Windows in constrast to Cygwin and other tools.
  • Network
    • Netdude
      • The Network Dump data Displayer and Editor is a framework for inspection, analysis and manipulation of tcpdump trace files. It addresses the need for a toolset that allows easy inspection, modification, and creation of pcap/tcpdump trace files. Netdude builds on any popular UNIX-like OS, such as Linux, the BSDs, or OSX.
  • Programming Related
    • Hachoir
      • Hachoir is a Python library that allows to view and edit a binary stream field by field
    • pdf-bot
      • 🤖 A Node queue API for generating PDFs using headless Chrome. Comes with a CLI, S3 storage and webhooks for notifying subscribers about generated PDFs
    • exitmap
      • A fast and modular scanner for Tor exit relays.
    • SniffJoke
      • SniffJoke is an application for Linux that handle transparently your TCP connection, delaying, modifyng and inject fake packets inside your transmission, make them almost impossible to be correctly readed by a passive wiretapping technology (IDS or sniffer)
    • Unicorn-Engine
      • Unicorn is a lightweight multi-platform, multi-architecture CPU emulator framework.
    • Distributed File Storage Using JavaScript Botnets
  • Other
    • ZeroMQ
    • recap
      • recap is a reporting script that generates reports of various information about the server.
    • LuxBase
    • Delta Copy
      • In technical terms, DeltaCopy is a "Windows Friendly" wrapper around the Rsync program, currently maintained by Wayne Davison. "rsync" is primarily designed for Unix/Linux/BSD systems. Although ports are available for Windows, they typically require downloading Cygwin libraries and manual configuration.
    • autojump - a faster way to navigate your filesystem
      • autojump is a faster way to navigate your filesystem. It works by maintaining a database of the directories you use the most from the command line.
    • Universal Extractor
      • Universal Extractor is a program designed to decompress and extract files from any type of archive or installer, such as ZIP or RAR files, self-extracting EXE files, application installers, etc
  • Personal Utilities
    • CyberChef - GCHQ
      • CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more.
    • WizTree
      • WizTree is a disk space analyzer that will quickly scan your entire hard drive and shows you which files and folders are using the most disk space. WizTree obtains information by directly scanning the MFT file, so it can only work with local (directly attached) drives formatted with the NTFS file system. It won't work with network drives, substituted drives or non-NTFS formatted drives. We may add support for other drive types in the future if there's enough demand.
    • Xmount
      • What is xmount? xmount allows you to convert on-the-fly between multiple input and output harddisk image types. xmount creates a virtual file system using FUSE (Filesystem in Userspace) that contains a virtual representation of the input image. The virtual representation can be in raw DD, DMG, VHD, VirtualBox's virtual disk file format or in VmWare's VMDK file format. Input images can be raw DD, EWF (Expert Witness Compression Format) or AFF (Advanced Forensic Format) files. In addition, xmount also supports virtual write access to the output files that is redirected to a cache file. This makes it possible to boot acquired harddisk images using QEMU, KVM, VirtualBox, VmWare or alike.
    • HashID
      • hashID is a tool written in Python 3 which supports the identification of over 220 unique hash types using regular expressions. It is able to identify a single hash, parse a file or read multiple files in a directory and identify the hashes within them. hashID is also capable of including the corresponding hashcat mode and/or JohnTheRipper format in its output. hashID works out of the box with Python 2 = 2.7.x or Python 3 = 3.3 on any platform.
    • gibbersense
      • Extract Sense out of Gibberish stuff
    • algo
      • 1-click IPSEC VPN in the Cloud
    • cyberfree
      • Cyber-free browsing extension for Chrome
    • noVNC
      • noVNC is a HTML5 VNC client that runs well in any modern browser including mobile browsers (iOS and Android).
    • No More Secrets
      • This project provides a command line tool called nms that recreates the famous data decryption effect seen on screen in the 1992 hacker movie Sneakers. For reference, you can see this effect at 0:35 in this movie clip.
    • Hardentools
      • Hardentools is a collection of simple utilities designed to disable a number of "features" exposed by operating systems (Microsoft Windows, for now), and primary consumer applications. These features, commonly thought for Enterprise customers, are generally useless to regular users and rather pose as dangers as they are very commonly abused by attackers to execute malicious code on a victim's computer. The intent of this tool is to simply reduce the attack surface by disabling the low-hanging fruit. Hardentools is intended for individuals at risk, who might want an extra level of security at the price of some usability. It is not intended for corporate environments.
    • Etcher
      • Etcher is a powerful OS image flasher built with web technologies to ensure flashing an SDCard or USB drive is a pleasant and safe experience. It protects you from accidentally writing to your hard-drives, ensures every byte of data was written correctly and much more.
    • Windows Firewall Control - Managing Windows Firewall is now easier than ever
    • Magic Wormhole
      • This package provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another. The two endpoints are identified by using identical "wormhole codes": in general, the sending machine generates and displays the code, which must then be typed into the receiving machine.
  • Editors
    • wxHex Editor
      • wxHexEditor is another Free Hex Editor, build because there is no good hex editor for Linux system, specially for big files.
  • GPU Keylogger
    • Demon
      • GPU keylogger PoC by Team Jellyfish