Browse Source

Updates! Yay! Bunch of stuff added, more edits/formatting stuff. Two folders, sphinx and mobile, sphinx is for new site generation using the markdown files and mobile is a react native version of the original mobile app. So, should be seeing updates to my website along with a re-release of the original app.

pull/11/head
root 5 years ago
parent
commit
1ee765a04e
118 changed files with 32466 additions and 1626 deletions
  1. +1
    -1
      Draft/ATT&CK-Stuff/Windows/Windows_Discovery.md
  2. +5
    -3
      Draft/AnonOpsecPrivacy.md
  3. +14
    -25
      Draft/Basic Security Information.md
  4. +34
    -62
      Draft/Car Hacking.md
  5. +5
    -10
      Draft/Conferences.md
  6. +2
    -0
      Draft/Darknets.md
  7. +203
    -184
      Draft/Defense.md
  8. +5
    -9
      Draft/Disinformation.md
  9. +8
    -0
      Draft/Documentation & Reports -.md
  10. +7
    -4
      Draft/Exfiltration.md
  11. +24
    -20
      Draft/Exploit Development.md
  12. +42
    -27
      Draft/Forensics Incident Response.md
  13. +1
    -1
      Draft/Fuzzing Bug Hunting.md
  14. +335
    -385
      Draft/Interesting Things Useful stuff.md
  15. +50
    -39
      Draft/Malware.md
  16. +78
    -15
      Draft/Network Attacks & Defenses.md
  17. +84
    -142
      Draft/Password Bruting and Hashcracking.md
  18. +58
    -47
      Draft/Phishing.md
  19. +106
    -85
      Draft/Privilege Escalation & Post-Exploitation.md
  20. +1
    -0
      Draft/Programming - Languages Libs Courses References.md
  21. +60
    -15
      Draft/Red-Teaming.md
  22. +26
    -29
      Draft/Reverse Engineering.md
  23. +65
    -110
      Draft/Rootkits.md
  24. +32
    -27
      Draft/System Internals Windows and Linux Internals Reference.md
  25. +18
    -26
      Draft/Threat Modeling.md
  26. +3
    -1
      Draft/Threat-Hunting.md
  27. +48
    -65
      Draft/Web & Browsers.md
  28. +3
    -0
      Draft/Wireless Networks & RF.md
  29. +164
    -294
      Draft/things-added.md
  30. +8
    -0
      MobileApplication/.babelrc
  31. +75
    -0
      MobileApplication/.flowconfig
  32. +17
    -0
      MobileApplication/.gitignore
  33. +1
    -0
      MobileApplication/.watchmanconfig
  34. +17
    -0
      MobileApplication/App.js
  35. +9
    -0
      MobileApplication/App.test.js
  36. +220
    -0
      MobileApplication/README.md
  37. +5
    -0
      MobileApplication/app.json
  38. +27
    -0
      MobileApplication/package.json
  39. +6127
    -0
      MobileApplication/yarn.lock
  40. +2
    -0
      Sphinx/CONTRIBUTING.md
  41. +21
    -0
      Sphinx/LICENSE
  42. +20
    -0
      Sphinx/Makefile
  43. +199
    -0
      Sphinx/README.md
  44. +0
    -0
      Sphinx/_static/.gitsave
  45. +36
    -0
      Sphinx/make.bat
  46. +53
    -0
      Sphinx/package-lock.json
  47. +8
    -0
      Sphinx/package.json
  48. BIN
      Sphinx/readme-img/landing.png
  49. BIN
      Sphinx/readme-img/page.png
  50. +20
    -0
      Sphinx/requirements.txt
  51. +453
    -0
      Sphinx/source/Anon-Opsec-Privacy.md
  52. +744
    -0
      Sphinx/source/Attacking-Defending-Android.md
  53. +182
    -0
      Sphinx/source/Attacking-Defending-iOS.md
  54. +278
    -0
      Sphinx/source/BIOS-UEFI-Attacks-Defenses.md
  55. +79
    -0
      Sphinx/source/Basic-Security-Information.md
  56. +87
    -0
      Sphinx/source/Building-A-Pentest-Lab.md
  57. +155
    -0
      Sphinx/source/CTF-Wargames.md
  58. +129
    -0
      Sphinx/source/Car-Hacking.md
  59. +125
    -0
      Sphinx/source/CheatSheets.md
  60. +38
    -0
      Sphinx/source/Conferences.md
  61. +66
    -0
      Sphinx/source/Counter-Surveillance.md
  62. +218
    -0
      Sphinx/source/Courses-Training.md
  63. +49
    -0
      Sphinx/source/Crypto-Currencies.md
  64. +424
    -0
      Sphinx/source/Cryptography-Encryption.md
  65. +54
    -0
      Sphinx/source/Darknets.md
  66. +211
    -0
      Sphinx/source/Data-Analysis-Visualization.md
  67. +248
    -0
      Sphinx/source/Defense.md
  68. +30
    -0
      Sphinx/source/Disclosure.md
  69. +25
    -0
      Sphinx/source/Disinformation.md
  70. +116
    -0
      Sphinx/source/Documentation-Reports.md
  71. +15
    -0
      Sphinx/source/Drones.md
  72. +578
    -0
      Sphinx/source/Embedded-Device-Hardware-Hacking.md
  73. +276
    -0
      Sphinx/source/Exfiltration.md
  74. +1755
    -0
      Sphinx/source/Exploit-Development.md
  75. +602
    -0
      Sphinx/source/Forensics-Incident-Response.md
  76. +461
    -0
      Sphinx/source/Fuzzing-Bug-Hunting.md
  77. +176
    -0
      Sphinx/source/Game-Hacking.md
  78. +409
    -0
      Sphinx/source/Gamma_group_hack_writeup.txt
  79. +927
    -0
      Sphinx/source/Hacking-Team-Writeup.md
  80. +5
    -0
      Sphinx/source/Home-Security.md
  81. +297
    -0
      Sphinx/source/Honeypots.md
  82. +4
    -0
      Sphinx/source/How-To-Suck-at-Information-Security.md
  83. +55
    -0
      Sphinx/source/Lab-For-Exploit-Dev-Basic.md
  84. +19
    -0
      Sphinx/source/Mainframes.md
  85. +779
    -0
      Sphinx/source/Malware.md
  86. +87
    -0
      Sphinx/source/Metasploit.md
  87. +1317
    -0
      Sphinx/source/Network-Attacks-Defenses.md
  88. +502
    -0
      Sphinx/source/Network-Security-Monitoring-Logging.md
  89. +521
    -0
      Sphinx/source/Open-Source-Intelligence.md
  90. +64
    -0
      Sphinx/source/Opsec-rant-alpraking.md
  91. +331
    -0
      Sphinx/source/Opsec-rant2-nachash.md
  92. +287
    -0
      Sphinx/source/Password-Bruting-and-Hashcracking.md
  93. +277
    -0
      Sphinx/source/Phishing.md
  94. +237
    -0
      Sphinx/source/Physical-Security.md
  95. +54
    -0
      Sphinx/source/Policy-Compliance.md
  96. +240
    -0
      Sphinx/source/Port-List.md
  97. +1703
    -0
      Sphinx/source/Privilege-Escalation-Post-Exploitation.md
  98. +623
    -0
      Sphinx/source/Programming-Languages-Libs-Courses-References.md
  99. +703
    -0
      Sphinx/source/Red-Teaming.md
  100. +611
    -0
      Sphinx/source/Reverse-Engineering-REMath-Literature.md

+ 1
- 1
Draft/ATT&CK-Stuff/Windows/Windows_Discovery.md View File

@ -66,7 +66,7 @@ DNS
* [dns-parallel-prober](https://github.com/lorenzog/dns-parallel-prober)
* This script is a proof of concept for a parallelised domain name prober. It creates a queue of threads and tasks each one to probe a sub-domain of the given root domain. At every iteration step each dead thread is removed and the queue is replenished as necessary.
* [DNS Recon](https://github.com/darkoperator/dnsrecon)
* [DNS Dumpster](www.dnsdumpster.com)
* [DNS Dumpster](https://www.dnsdumpster.com)
* DNSdumpster.com is a free domain research tool that can discover hosts related to a domain. Finding visible hosts from the attackers perspective is an important part of the security assessment process.
* [enumall](https://github.com/Dhayalan96/enumall)
* Script to enumerate subdomains, leveraging recon-ng. Uses google scraping, bing scraping, baidu scraping, yahoo scarping, netcraft, and bruteforces to find subdomains. Plus resolves to IP.


+ 5
- 3
Draft/AnonOpsecPrivacy.md View File

@ -21,6 +21,7 @@
#### Cull
[Technical analysis of client identification mechanisms](http://www.chromium.org/Home/chromium-security/client-identification-mechanisms)
[Client Identification Mechanisms](http://www.chromium.org/Home/chromium-security/client-identification-mechanisms)
#### end cull
@ -31,7 +32,7 @@
* [Bugger - Adam Curtis](http://www.bbc.co.uk/blogs/adamcurtis/entries/3662a707-0af9-3149-963f-47bea720b460)
* Maybe the real state secret is that spies aren't very good at their jobs and don't know much about the world
* [Mobile Phone Data lookup](https://medium.com/@philipn/want-to-see-something-crazy-open-this-link-on-your-phone-with-wifi-turned-off-9e0adb00d024)
* [Privacy Online Test And Resource Compendium](https://github.com/CHEF-KOCH/Online-Privacy-Test-Resource-List/blob/master/README.md)
@ -129,7 +130,7 @@ Blogposts
* Many countries and administrative domains exploit control over their communication infrastructure to censor online content. This paper presents the design, im plementation and evaluation of Kaleidoscope , a peer-to-peer system of relays that enables users within a censored domain to access blocked content. The main challenge facing Kaleidoscope is to resist the cens or’s efforts to block the circumvention system itself. Kaleidoscope achieves blocking-resilienc e using restricted service discovery that allows each user to discover a small set of unblocked relays while only exposing a small fraction of relays to the censor. To restrict service discovery, Kaleidoscope leverages a trust network where links reflects real-world social relationships among users and uses a limited advertisement protocol based on random routes to disseminate relay addresses along the trust netwo rk; the number of nodes reached by a relay advertisement should ideally be inversely proportional to the maximum fraction of infiltration and is independent of the network size. To increase service availa bility in large networks with few exit relay nodes, Kaleidoscope forwards the actual data traffic across multiple relay hops without risking exposure of exit relays. Using detailed analysis and simulations, we show that Kalei doscope provides > 90% service availability even under substantial infiltration (close to 0.5% of edges) and when only 30% of the relay nodes are online. We have implemented and deployed our system on a small scale serving over 100,000 requests to 40 censored users (relatively small user base to realize Kaleidoscope’s anti-blocking guarantees) spread across different countries and administrative domains over a 6-month period
* [A Technical Description of Psiphon](https://psiphon.ca/en/blog/psiphon-a-technical-description)
* * [Discovering Browser Extensions via Web Accessible Resources - Chalmers security lab](http://www.cse.chalmers.se/research/group/security/publications/2017/extensions/codaspy-17-full.pdf)
* [A STUDY OF COMINT PERSONNEL SECURITY STANDARDS AND PRACTICES](https://www.cia.gov/library/readingroom/document/cia-rdp82s00527r000100060014-6)
@ -212,7 +213,8 @@ Blogposts
* meek is a blocking-resistant pluggable transport for Tor. It encodes a data stream as a sequence of HTTPS requests and responses. Requests are reflected through a hard-to-block third-party web server in order to avoid talking directly to a Tor bridge. HTTPS encryption hides fingerprintable byte patterns in Tor traffic.sek
* [HTTPLeaks](https://github.com/cure53/HTTPLeaks)
* HTTPLeaks - All possible ways, a website can leak HTTP requests
* [haven](https://guardianproject.github.io/haven/)
* Android application that leverages on-device sensors to provide monitoring and protection of physical spaces.
--------------


+ 14
- 25
Draft/Basic Security Information.md View File

@ -43,28 +43,17 @@ These are links to basic technically links or things I feel might help someone
### I'll sort later
[304 Hold my Red Bull Undergraduate Red Teaming Jonathan Gaines](https://www.youtube.com/watch?v=9vgpqRzuvLk)
[100 OWASP Top 10 Hacking Web Applications with Burp Suite Chad Furman](https://www.youtube.com/watch?v=2p6twRRXK_o)
[213 How not to Infosec Dan Tentler](https://www.youtube.com/watch?v=S5O47gemMNQ)
[Application Whitelisting Using Microsoft AppLocker](https://www.iad.gov/iad/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm)
[So You Want To Be A H6x0r Getting Started in Cybersecurity Doug White and Russ Beauchemin ](https://www.youtube.com/watch?v=rRJKghTTics)
[How to become a pentester - Corelan](https://www.corelan.be/index.php/2015/10/13/how-to-become-a-pentester/)
[SANS Institute Security Consensus Operational Readiness Evaluation](https://www.sans.org/media/score/checklists/LinuxCheatsheet_2.pdf)
[Windows Commands Abused by Attackers](http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html)
[Red Hat Enterprise Linux 6 Security Guide](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/pdf/Security_Guide/Red_Hat_Enterprise_Linux-6-Security_Guide-en-US.pdf)
[Mitigate threats by using Windows 10 security features](https://docs.microsoft.com/en-us/windows/threat-protection/overview-of-threat-mitigations-in-windows-10)
https://github.com/iadgov/Pass-the-Hash-Guidance
https://blog.zsec.uk/101-intro/
* [Attacking Big Business](https://www.cyberis.co.uk/blog/attacking-big-business)
* [304 Hold my Red Bull Undergraduate Red Teaming Jonathan Gaines](https://www.youtube.com/watch?v=9vgpqRzuvLk)
* [100 OWASP Top 10 Hacking Web Applications with Burp Suite Chad Furman](https://www.youtube.com/watch?v=2p6twRRXK_o)
* [213 How not to Infosec Dan Tentler](https://www.youtube.com/watch?v=S5O47gemMNQ)
* [Application Whitelisting Using Microsoft AppLocker](https://www.iad.gov/iad/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm)
* [So You Want To Be A H6x0r Getting Started in Cybersecurity Doug White and Russ Beauchemin ](https://www.youtube.com/watch?v=rRJKghTTics)
* [How to become a pentester - Corelan](https://www.corelan.be/index.php/2015/10/13/how-to-become-a-pentester/)
* [SANS Institute Security Consensus Operational Readiness Evaluation](https://www.sans.org/media/score/checklists/LinuxCheatsheet_2.pdf)
* [Windows Commands Abused by Attackers](http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html)
* [Red Hat Enterprise Linux 6 Security Guide](https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/pdf/Security_Guide/Red_Hat_Enterprise_Linux-6-Security_Guide-en-US.pdf)
* [Mitigate threats by using Windows 10 security features](https://docs.microsoft.com/en-us/windows/threat-protection/overview-of-threat-mitigations-in-windows-10)
* [Pass the Hash Guidance](https://github.com/iadgov/Pass-the-Hash-Guidance)
* Configuration guidance for implementing Pass-the-Hash mitigations. iadgov
* [Learning the Ropes 101: Introduction - zsec.uk](https://blog.zsec.uk/101-intro/)

+ 34
- 62
Draft/Car Hacking.md View File

@ -11,89 +11,63 @@
#### Cull
#### Sort
### End cull
#### End Sort
## <a name="general"></a>General
Seriously check this first ---> [Awesome Vehicle Security List(github awesome lists)](https://github.com/jaredthecoder/awesome-vehicle-security)
[Introduction to Hacking in Car Systems - Craig Smith - Troopers15](https://www.youtube.com/watch?v=WHDkf6kpE58)
[Intro to Automotive Security - Ariel Zentner](https://www.youtube.com/watch?v=yAzqFhq06_E)
[The OpenXC Platform](http://openxcplatform.com/)
* OpenXC™ is a combination of open source hardware and software that lets you extend your vehicle with custom applications and pluggable modules.
* [Introduction to Hacking in Car Systems - Craig Smith - Troopers15](https://www.youtube.com/watch?v=WHDkf6kpE58)
* [Intro to Automotive Security - Ariel Zentner](https://www.youtube.com/watch?v=yAzqFhq06_E)
* [The OpenXC Platform](http://openxcplatform.com/)
* OpenXC™ is a combination of open source hardware and software that lets you extend your vehicle with custom applications and pluggable modules.
## <a name="writeup"></a>Writeups/Blogposts/How-To
[Broadcasting Your Attack: Security Testing DAB Radio In Cars](https://www.youtube.com/watch?v=ryNtz1nxmO4)
[Tesla Model S JSON API (unofficial RE post)](http://docs.timdorr.apiary.io/#reference/vehicles)
[Tesla Model S JSON API (unofficial RE post)](http://docs.timdorr.apiary.io/#reference/vehicles)
[Cyber-attacks on vehicles P-I!](http://dn5.ljuska.org/napadi-na-auto-sistem-1.html)
[Cyber-attacks on vehicles P-II!](http://dn5.ljuska.org/cyber-attacks-on-vehicles-2.html)
[An Introduction to the CAN Bus: How to Programmatically Control a Car: Hacking the Voyage Ford Fusion to Change A/C Temperature](https://news.voyage.auto/an-introduction-to-the-can-bus-how-to-programmatically-control-a-car-f1b18be4f377)
* [Broadcasting Your Attack: Security Testing DAB Radio In Cars](https://www.youtube.com/watch?v=ryNtz1nxmO4)
* [Tesla Model S JSON API (unofficial RE post)](http://docs.timdorr.apiary.io/#reference/vehicles)
* [Tesla Model S JSON API (unofficial RE post)](http://docs.timdorr.apiary.io/#reference/vehicles)
* [Cyber-attacks on vehicles P-I!](http://dn5.ljuska.org/napadi-na-auto-sistem-1.html)
* [Cyber-attacks on vehicles P-II!](http://dn5.ljuska.org/cyber-attacks-on-vehicles-2.html)
* [An Introduction to the CAN Bus: How to Programmatically Control a Car: Hacking the Voyage Ford Fusion to Change A/C Temperature](https://news.voyage.auto/an-introduction-to-the-can-bus-how-to-programmatically-control-a-car-f1b18be4f377)
## <a name="talks"></a>Talks & Presentations
[Hacking Cars with Python -Eric Evenchick PyCon 2017](https://www.youtube.com/watch?v=3bZNhMcv4Y8&app=desktop)
* Modern cars are networks of computers, and a high end vehicle could have nearly 100 different computers inside. These devices control everything from the engine to the airbags. By understanding how these systems work, we can interface with vehicles to read data, perform diagnostics, and even modify operation. In this talk, we'll discuss pyvit, the Python Vehicle Interface Toolkit. This library, combined with some open source hardware, allows developers to talk to automotive controllers from Python. We will begin with an introduction to automotive networks, to provide a basis for understanding the tools. Next, we will look at the tools and show the basics of using them. Finally, we'll discuss real world applications of these tools, and how they're being used in the automotive world today.
[Adventures in Automotive Networks and Control Units](https://www.youtube.com/watch?v=MEYCU62yeYk&app=desktop)
* Charlie Miller & Chris Valasek
[Broadcasting your attack: Security testing DAB radio in cars - Andy Davis](http://2015.ruxcon.org.au/assets/2015/slides/Broadcasting-your-attack-Security-testing-DAB-radio-in-cars.pdf)
[A Survey of Remote Automotive Attack Surfaces - Black Hat USA 2014](https://www.youtube.com/watch?v=mNhFGJVq2HE)
[Broadcasting your attack: Security testing DAB radio in cars - Andy Davis](http://2015.ruxcon.org.au/assets/2015/slides/Broadcasting-your-attack-Security-testing-DAB-radio-in-cars.pdf)
[A Vulnerability in Modern Automotive Standards and How We Exploited It](https://documents.trendmicro.com/assets/A-Vulnerability-in-Modern-Automotive-Standards-and-How-We-Exploited-It.pdf)
[Car hacking: getting from A to B with Eve (SHA2017)](https://www.youtube.com/watch?v=l9760bzUN3E)
* Car security is, not surprisingly, a hot topic; after all they are fast and heavy computer controlled machinery that nowadays come with all kinds of internet connectivity. So we decided to have a look at it. In our presentation, we’ll first cover some theory behind the IT-part of car architecture. We’ll discuss attack vectors and their likelihood of success, and then discuss the various vulnerabilities we found. Finally, we will combine these vulnerabilities into a remote attack. Depending on the disclosure process with the vendor, which is pending, we might be able to demonstrate the attack.
* [Hacking Cars with Python -Eric Evenchick PyCon 2017](https://www.youtube.com/watch?v=3bZNhMcv4Y8&app=desktop)
* Modern cars are networks of computers, and a high end vehicle could have nearly 100 different computers inside. These devices control everything from the engine to the airbags. By understanding how these systems work, we can interface with vehicles to read data, perform diagnostics, and even modify operation. In this talk, we'll discuss pyvit, the Python Vehicle Interface Toolkit. This library, combined with some open source hardware, allows developers to talk to automotive controllers from Python. We will begin with an introduction to automotive networks, to provide a basis for understanding the tools. Next, we will look at the tools and show the basics of using them. Finally, we'll discuss real world applications of these tools, and how they're being used in the automotive world today.
* [Adventures in Automotive Networks and Control Units](https://www.youtube.com/watch?v=MEYCU62yeYk&app=desktop)
* Charlie Miller & Chris Valasek
* [Broadcasting your attack: Security testing DAB radio in cars - Andy Davis](http://2015.ruxcon.org.au/assets/2015/slides/Broadcasting-your-attack-Security-testing-DAB-radio-in-cars.pdf)
* [A Survey of Remote Automotive Attack Surfaces - Black Hat USA 2014](https://www.youtube.com/watch?v=mNhFGJVq2HE)
* [Broadcasting your attack: Security testing DAB radio in cars - Andy Davis](http://2015.ruxcon.org.au/assets/2015/slides/Broadcasting-your-attack-Security-testing-DAB-radio-in-cars.pdf)
* [A Vulnerability in Modern Automotive Standards and How We Exploited It](https://documents.trendmicro.com/assets/A-Vulnerability-in-Modern-Automotive-Standards-and-How-We-Exploited-It.pdf)
* [Car hacking: getting from A to B with Eve (SHA2017)](https://www.youtube.com/watch?v=l9760bzUN3E)
* Car security is, not surprisingly, a hot topic; after all they are fast and heavy computer controlled machinery that nowadays come with all kinds of internet connectivity. So we decided to have a look at it. In our presentation, we’ll first cover some theory behind the IT-part of car architecture. We’ll discuss attack vectors and their likelihood of success, and then discuss the various vulnerabilities we found. Finally, we will combine these vulnerabilities into a remote attack. Depending on the disclosure process with the vendor, which is pending, we might be able to demonstrate the attack.
## <a name="tool"></a>Tools
[CANBus Triple](https://canb.us/)
* General purpose Controller Area Network swiss army knife / development platform.
[Yet Another Car Hacking Tool](https://asintsov.blogspot.ro/2016/03/yet-another-car-hacking-tool.html?m=1)
[CANToolz](https://github.com/eik00d/CANToolz)
* CANToolz is a framework for analysing CAN networks and devices. This tool based on different modules which can be assembled in pipe together and can be used by security researchers and automotive/OEM security testers for black-box analysis and etc. You can use this software for ECU discovery, MITM testing, fuzzing, bruteforcing, scanning or R&D testing and validation
[canspy](https://github.com/manux81/canspy)
* Very simple tool for users who need to interface with a device based on CAN (CAN/CANopen/J1939/NMEA2000/DeviceNet) such as motors, sensors and many other devices.
[CBM - The Bicho](https://github.com/UnaPibaGeek/CBM)
* For the first time, a hardware backdoor tool is presented having several advanced features, such as: remote control via SMS commands, automated launch of attack payloads at a GPS location or when a specific car status is reached; and a configuration interface that allows users to create attack payloads in an easy manner. Have you ever imagined the possibility of your car being automatically attacked based on its GPS coordinates, its current speed or any other set of parameters? Now it's possible :-)
* [CANBus Triple](https://canb.us/)
* General purpose Controller Area Network swiss army knife / development platform.
* [Yet Another Car Hacking Tool](https://asintsov.blogspot.ro/2016/03/yet-another-car-hacking-tool.html?m=1)
* [CANToolz](https://github.com/eik00d/CANToolz)
* CANToolz is a framework for analysing CAN networks and devices. This tool based on different modules which can be assembled in pipe together and can be used by security researchers and automotive/OEM security testers for black-box analysis and etc. You can use this software for ECU discovery, MITM testing, fuzzing, bruteforcing, scanning or R&D testing and validation
* [canspy](https://github.com/manux81/canspy)
* * Very simple tool for users who need to interface with a device based on CAN (CAN/CANopen/J1939/NMEA2000/DeviceNet) such as motors, sensors and many other devices.
* [CBM - The Bicho](https://github.com/UnaPibaGeek/CBM)
* For the first time, a hardware backdoor tool is presented having several advanced features, such as: remote control via SMS commands, automated launch of attack payloads at a GPS location or when a specific car status is reached; and a configuration interface that allows users to create attack payloads in an easy manner. Have you ever imagined the possibility of your car being automatically attacked based on its GPS coordinates, its current speed or any other set of parameters? Now it's possible :-)
#### Hardware Tools
[CBM - The Bicho](https://github.com/UnaPibaGeek/CBM)
* For the first time, a hardware backdoor tool is presented having several advanced features, such as: remote control via SMS commands, automated launch of attack payloads at a GPS location or when a specific car status is reached; and a configuration interface that allows users to create attack payloads in an easy manner. Have you ever imagined the possibility of your car being automatically attacked based on its GPS coordinates, its current speed or any other set of parameters? Now it's possible :-)
* [CBM - The Bicho](https://github.com/UnaPibaGeek/CBM)
* For the first time, a hardware backdoor tool is presented having several advanced features, such as: remote control via SMS commands, automated launch of attack payloads at a GPS location or when a specific car status is reached; and a configuration interface that allows users to create attack payloads in an easy manner. Have you ever imagined the possibility of your car being automatically attacked based on its GPS coordinates, its current speed or any other set of parameters? Now it's possible :-)
@ -101,9 +75,7 @@ Seriously check this first ---> [Awesome Vehicle Security List(github awesome li
## <a name="papers"></a>Papers
[Remote Exploitation of an Unaltered Passenger Vehicle](http://illmatics.com/Remote%20Car%20Hacking.pdf)
* [Remote Exploitation of an Unaltered Passenger Vehicle](http://illmatics.com/Remote%20Car%20Hacking.pdf)
## Miscellaneous


+ 5
- 10
Draft/Conferences.md View File

@ -10,10 +10,10 @@
* [A talk about (info-sec) talks - Haroon Meer ](https://www.youtube.com/watch?v=BlVjdUkrSFY)
* Last year there was an Information Security conference taking place for almost every day of the year. This translates to about 15 information security talks per day, every day. The question is, is this a bad thing? Even niche areas of the info-sec landscape have their own dedicated conference these days. Is this a good thing?
* [List of Conferences](https://infosec-conferences.com/)
* [InfoCon - Archive of Con papers/slides](https://infocon.org/)
-----
### Archives of Talks
### Archives of Recorded Talks
* [IronGeek - Chances are he has it archived here](https://www.irongeek.com/)
* [31st Chaos Communication Congress Archive](http://cdn.media.ccc.de/congress/31C3/)
* [Shmoocon 2015 Videos](https://archive.org/details/shmoocon-2015-videos-playlist)
@ -27,14 +27,9 @@
-----
### Conferences/Events
-----
### Slides/PDFs
* [CanSecWest Vancouver 2015 Slides](https://cansecwest.com/csw15archive.html)
* [SyScan2015 Slides](https://www.syscan.org/index.php/download)
* [List of Conferences](https://infosec-conferences.com/)
* [InfoCon - Archive of Con papers/slides](https://infocon.org/)
* [CFP Time](https://cfptime.org/)

+ 2
- 0
Draft/Darknets.md View File

@ -26,6 +26,8 @@ General
* General
* [Site list: (NO CP)](http://belsec.skynetblogs.be/deepnet-the-tor-onion-directory-of-things-that-work-today.html)
* [Deep Dot Web](http://www.deepdotweb.co/)
* [ProjectX](https://github.com/CHEF-KOCH/ProjectX)
* DarkWeb pages overview (yet another one) is designed to show Deep Web specific pages, software and other related information.
* Markets
* [Market Discussions](https://www.reddit.com/r/DarkNetMarkets)
* Tools


+ 203
- 184
Draft/Defense.md View File

@ -7,251 +7,270 @@
#### In Progress
https://adsecurity.org/?p=3782
### Sort
* [limacharlie](https://github.com/refractionpoint/limacharlie)
* Endpoint monitoring stack.
* [ESA-Process-Maturity](https://github.com/Brockway/ESA-Process-Maturity)
* Tools to measure the maturity of Enterprise Security Architecture processes
[Userline](https://github.com/THIBER-ORG/userline)
* This tool automates the process of creating logon relations from MS Windows Security Events by showing a graphical relation among users domains, source and destination logons as well as session duration.
* [Second section good resource for hardening windows](http://labs.bitdefender.com/2014/11/do-your-bit-to-limit-cryptowall/)
* [Windows ISV Software Security Defenses - msdn](https://msdn.microsoft.com/en-us/library/bb430720.aspx)
https://github.com/KurtDeGreeff/awesome-windows-domain-hardening
* [SMB Packet Signing](https://technet.microsoft.com/en-us/library/cc180803.aspx)
https://github.com/k4m4/kickthemout
* [Common misconfigurations that lead to a breach - Justin Tharpe](https://www.youtube.com/watch?v=fI3mycr5cPg)
https://github.com/iadgov/Secure-Host-Baseline
* [Securi-Tay 2017 - Advanced Attack Detection](https://www.youtube.com/watch?v=ihElrBBJQo8)
[git-secrets](https://github.com/awslabs/git-secrets)
* Prevents you from committing passwords and other sensitive information to a git repository.
* [Assimilator](https://github.com/videlanicolas/assimilator)
* Automatic firewall rule orchestator.
[keynuker](https://github.com/tleyden/keynuker)
* KeyNuker scans public activity across all Github users in your Github organization(s) and proactively deletes any AWS keys that are accidentally leaked. It gets the list of AWS keys to scan by directly connecting to the AWS API.
https://github.com/gfoss/PSRecon
[Securing Windows with Group Policy Josh Rickard - Derbycon7](https://www.youtube.com/watch?v=Upeaa2rgozk&index=66&list=PLNhlcxQZJSm-PKUZTYe1C94ymf0omysM3)
*
https://github.com/silverhack/voyeur
https://github.com/intrigueio/intrigue-core
https://github.com/nbs-system/naxsi
https://github.com/ernw/hardening
https://www.youtube.com/watch?v=7XnkDsOZM3Y&index=16&list=PLNhlcxQZJSm-PKUZTYe1C94ymf0omysM3
https://www.malwarearchaeology.com/logging/
https://github.com/iadgov/Secure-Host-Baseline
https://technet.microsoft.com/library/security/4053440
https://criticalinformatics.com/how-i-learned-to-trust-my-shell-microsoft-powershell/?t=1&cn=ZmxleGlibGVfcmVjcw%3D%3D&refsrc=email&iid=7832f4ea811a4bc7b33409dacf81eb7f&uid=150127534&nid=244+281088008
https://github.com/palantir/osquery-configuration/blob/master/README.md
https://github.com/refractionpoint/limacharlie
https://cert.europa.eu/static/WhitePapers/CERT-EU-SWP_14_07_PassTheGolden_Ticket_v1_1.pdf
https://www.blackhillsinfosec.com/build-super-secure-active-directory-infrastructure/
https://www.blackhillsinfosec.com/the-creddefense-toolkit/
[Simple WMI Trace Viewer in PowerShell](https://chentiangemalc.wordpress.com/2017/03/24/simple-wmi-trace-viewer-in-powershell/)
[ESA-Process-Maturity](https://github.com/Brockway/ESA-Process-Maturity)
* Tools to measure the maturity of Enterprise Security Architecture processes
* https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
[Active Directory: Real Defense for Domain Admins](https://www.irongeek.com/i.php?page=videos/derbycon4/t213-active-directory-real-defense-for-domain-admins-jason-lang)
* Did your AD recently get owned on a pentest? It’s always fun to see an unknown entry show up in your Domain Admins group (#fail). Come learn how to truly protect your organization’s IT crown jewels from some of the most popular AD attacks. If you’re stuck trying to figure out what to do with null sessions, pass the hash techniques, or protecting your Domain Admins, then you will want to be here.
[Active Directory Design Best Practices](https://krva.blogspot.com/2008/04/ad-design-best-practices.html)
[Application Whitelisting Using Microsoft AppLocker](https://www.iad.gov/iad/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm)
[Just Enough Administration Samples and Resources](https://github.com/PowerShell/JEA)
* Just Enough Administration (JEA) is a PowerShell security technology that provides a role based access control platform for anything that can be managed with PowerShell. It enables authorized users to run specific commands in an elevated context on a remote machine, complete with full PowerShell transcription and logging. JEA is included in PowerShell version 5 and higher on Windows 10 and Windows Server 2016, and older OSes with the Windows Management Framework updates.
[Detecting DLL Hijackingon Windows](http://digital-forensics.sans.org/blog/2015/03/25/detecting-dll-hijacking-on-windows/)
[Second section good resource for hardening windows](http://labs.bitdefender.com/2014/11/do-your-bit-to-limit-cryptowall/)
[GPO Best Policies](http://www.grouppolicy.biz/best-practices/)
http://www.scriptjunkie.us/2013/06/fixing-pass-the-hash-and-other-problems/
[Analyzing Malicious Documents Cheat Sheet](https://zeltser.com/analyzing-malicious-documents/)
https://www.dsinternals.com/en/
[Monit](https://mmonit.com/monit/)
* Monit is a small Open Source utility for managing and monitoring Unix systems. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.
[Mitigating Kerberos Golden Tickets:](http://cert.europa.eu/static/WhitePapers/CERT-EU-SWP_14_07_PassTheGolden_Ticket_v1_1.pdf)
https://sysforensics.org/2014/01/know-your-windows-processes.html
https://media.blackhat.com/us-13/US-13-Duckwall-Pass-the-Hash-Slides.pdf
* Protecting against Pass-The-Hash and other techniques
http://www.grouppolicy.biz/2011/06/best-practices-group-policy-for-wsus/
[Decryptonite](https://github.com/DecryptoniteTeam/Decryptonite)
* Decryptonite is a tool that uses heuristics and behavioural analysis to monitor for and stop ransomware.
[BEAMGUN](https://github.com/JLospinoso/beamgun)
* A rogue-USB-device defeat program for Windows.
[Defending against mimikatz](https://jimshaver.net/2016/02/14/defending-against-mimikatz/)
[Mitigating Pass-the-Hash Attacks and other credential Theft-version2](http://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating-Pass-the-Hash-Attacks-and-Other-Credential-Theft-Version-2.pdf)
* Official MS paper.
[Windows Firewall Hook Enumeration](https://www.nccgroup.com/en/blog/2015/01/windows-firewall-hook-enumeration/)
* We’re going to look in detail at Microsoft Windows Firewall Hook drivers from Windows 2000, XP and 2003. This functionality was leveraged by the Derusbi family of malicious code to implement port-knocking like functionality. We’re going to discuss the problem we faced, the required reverse engineering to understand how these hooks could be identified and finally how the enumeration tool was developed.
[Windows ISV Software Security Defenses](https://msdn.microsoft.com/en-us/library/bb430720.aspx)
[Harden windows IP Stack](https://www.reddit.com/r/netsec/comments/2sg80a/how_to_harden_windowsiis_ssltls_configuration/)
[The 10 Windows group policy settings you need to get right](http://www.infoworld.com/article/2609578/security/the-10-windows-group-policy-settings-you-need-to-get-right.html?page=2)
[Windows Performance Toolkit Reference](http://msdn.microsoft.com/en-us/library/windows/hardware/hh162945.aspx)
[Powershell Security at Enterprise Customers](https://blogs.msdn.microsoft.com/daviddasneves/2017/05/25/powershell-security-at-enterprise-customers/)
[AIL framework - Analysis Information Leak framework](https://github.com/CIRCL/AIL-framework)
* AIL is a modular framework to analyse potential information leaks from unstructured data sources like pastes from Pastebin or similar services or unstructured data streams. AIL framework is flexible and can be extended to support other functionalities to mine sensitive information.
[Linux workstation security checklist](https://github.com/lfit/itpol/blob/master/linux-workstation-security.md)
[Uproot](https://github.com/Invoke-IR/Uproot)
* Uproot is a Host Based Intrusion Detection System (HIDS) that leverages Permanent Windows Management Instrumentation (WMI) Event Susbcriptions to detect malicious activity on a network. For more details on WMI Event Subscriptions please see the WMIEventing Module
[What would a real hacker do to your Active Directory](https://www.youtube.com/watch?v=DH3v8bO-NCs)
[Secure SMB Connections](http://techgenix.com/secure-smb-connections/)
* [Microsoft Security Advisory: Update to improve credentials protection and management: May 13, 2014](https://support.microsoft.com/en-us/help/2871997/microsoft-security-advisory-update-to-improve-credentials-protection-a)
### End Sort
[Mozilla's OpenSSH Configuration guide](https://wiki.mozilla.org/Security/Guidelines/OpenSSH)
Use Invoke-HoneyCreds to distribute fake cred throughout environment as "legit" service account and monitor for use of creds
[SMB Packet Signing](https://technet.microsoft.com/en-us/library/cc180803.aspx)
### Amazon S3
* [Amazon S3 Bucket Public Access Considerations](https://aws.amazon.com/articles/5050)
[Public:Windows Event Log Zero 2 Hero Slides](https://docs.google.com/presentation/d/1dkrldTTlN3La-OjWtkWJBb4hVk6vfsSMBFBERs6R8zA/edit#slide=id.g21acf94f3f_2_27)
### Application Whitelisting
* [Guide to Application Whitelisting - NIST Special Publication 800 - 167](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-167.pdf)
* [Script Rules in AppLocker - technet](https://technet.microsoft.com/en-us/library/ee460958.aspx)
* [DLL Rules in AppLocker](https://technet.microsoft.com/en-us/library/ee460947.aspx)
* [Application Whitelisting Using Microsoft AppLocker](https://www.iad.gov/iad/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm)
[Blocking Remote Use of Local Accounts](https://blogs.technet.microsoft.com/secguide/2014/09/02/blocking-remote-use-of-local-accounts/)
http://www.leeholmes.com/blog/2016/10/22/more-detecting-obfuscated-powershell/
### Appsec
* [OWASP Application Security Verification Standard](https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project)
* [What I learned from doing 1000 code reviews](https://hackernoon.com/what-i-learned-from-doing-1000-code-reviews-fe28d4d11c71)
The Hitchhiker's Guide to SQL Injection prevention - https://phpdelusions.net/sql_injection
[Amazon S3 Bucket Public Access Considerations](https://aws.amazon.com/articles/5050)
[Filenames and Pathnames in Shell: How to do it Correctly](https://www.dwheeler.com/essays/filenames-in-shell.html)
### Attack Surface Analysis/Reduction
* General
* [Intrigue-core](https://github.com/intrigueio/intrigue-core)
* Intrigue-core is a framework for automated attack surface discovery.
[Threats and Countermeasures Guide: Security Settings in Windows Server 2008 R2 and Windows 7 - technet](https://technet.microsoft.com/en-us/library/hh125921.aspx)
[Securi-Tay 2017 - Advanced Attack Detection](https://www.youtube.com/watch?v=ihElrBBJQo8)
*
[Common misconfigurations that lead to a breach - Justin Tharpe](https://www.youtube.com/watch?v=fI3mycr5cPg)
### Auditing Account Passwords/Privileges
* [Account lockout threshold - technet](https://technet.microsoft.com/en-us/library/hh994574.aspx)
* [Password Policy - technet](https://technet.microsoft.com/en-us/library/hh994572.aspx)
* [AccessChk](https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk)
* As a part of ensuring that they've created a secure environment Windows administrators often need to know what kind of accesses specific users or groups have to resources including files, directories, Registry keys, global objects and Windows services. AccessChk quickly answers these questions with an intuitive interface and output.
[Securing Windows Workstations: Developing a Secure Baseline](https://adsecurity.org/?p=3299)
[PowerShell Security at Enterprise Customers - msdn](https://blogs.msdn.microsoft.com/daviddasneves/2017/05/25/powershell-security-at-enterprise-customers/)
[Assimilator](https://github.com/videlanicolas/assimilator)
* Automatic firewall rule orchestator.
[Uproot](https://github.com/Invoke-IR/Uproot)
* Uproot is a Host Based Intrusion Detection System (HIDS) that leverages Permanent Windows Management Instrumentation (WMI) Event Susbcriptions to detect malicious activity on a network. For more details on WMI Event Subscriptions please see the WMIEventing Module
### Auditing Processes
* [Know your Windows Processes or Die Trying - sysforensics](https://sysforensics.org/2014/01/know-your-windows-processes/)
* [TaskExplorer](https://objective-see.com/products/taskexplorer.html)
* Explore all the tasks (processes) running on your Mac with TaskExplorer.
[WMIEvent](https://github.com/Invoke-IR/WMIEvent)
* A PowerShell module to abstract the complexities of Permanent WMI Event Subscriptions
[LUNAR](https://github.com/lateralblast/lunar)
* A UNIX security auditing tool based on several security frameworks
[OverSight](https://objective-see.com/products/oversight.html)
* OverSight monitors a mac's mic and webcam, alerting the user when the internal mic is activated, or whenever a process accesses the webcam.
### Baselining
[Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory](http://adsecurity.org/?p=1515)
* [Measure Boot Performance with the Windows Assessment and Deployment Toolkit](https://blogs.technet.microsoft.com/mspfe/2012/09/19/measure-boot-performance-with-the-windows-assessment-and-deployment-toolkit/)
* [Securing Windows Workstations: Developing a Secure Baseline](https://adsecurity.org/?p=3299)
* [Evaluate Fast Startup Using the Assessment Toolkit](https://docs.microsoft.com/en-us/windows-hardware/test/wpt/optimizing-performance-and-responsiveness-exercise-1)
* [Windows Performance Toolkit Reference](http://msdn.microsoft.com/en-us/library/windows/hardware/hh162945.aspx)
* [The Malware Management Framework](https://www.malwarearchaeology.com/mmf/)
[How to Efficiently Protect AD from Credential Theft & Compromise - Friedwart Kuhn - Troopers15](https://www.youtube.com/watch?v=I4mb0UciqlY)
### Hardening
* [ERNW Repository of Hardening Guides](https://github.com/ernw/hardening)
* [OWASP Secure Configuration Guide](https://www.owasp.org/index.php/Secure_Configuration_Guide)
* [PHP Secure Configuration Checker](https://github.com/sektioneins/pcc)
* [Security + DevOps Automatic Server Hardening - dev-sec.io](http://dev-sec.io/)
* Open Source Automated Hardening Framework
* [Mozilla's OpenSSH Configuration guide](https://wiki.mozilla.org/Security/Guidelines/OpenSSH)
* [Harden windows IP Stack](https://www.reddit.com/r/netsec/comments/2sg80a/how_to_harden_windowsiis_ssltls_configuration/)
* [Linux workstation security checklist](https://github.com/lfit/itpol/blob/master/linux-workstation-security.md)
* [Secure Host Baseline](https://github.com/iadgov/Secure-Host-Baseline)
* Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. iadgov
* [OS X Hardening: Securing a Large Global Mac Fleet - Greg Castle](https://www.usenix.org/conference/lisa13/os-x-hardening-securing-large-global-mac-fleet)
[Defending the Enterprise Against Network Infrastructure Attacks - Paul Coggin - Troopers15](https://www.youtube.com/watch?v=K0X3RDf5XK8)
[Kerberos Golden Ticket: Mitigating pass the ticket on Active Directory](http://cert.europa.eu/static/WhitePapers/CERT-EU-SWP_14_07_PassTheGolden_Ticket_v1_1.pdf)
[TaskExplorer](https://objective-see.com/products/taskexplorer.html)
* Explore all the tasks (processes) running on your Mac with TaskExplorer.
### Leaks
* General
* [AIL framework - Analysis Information Leak framework](https://github.com/CIRCL/AIL-framework)
* AIL is a modular framework to analyse potential information leaks from unstructured data sources like pastes from Pastebin or similar services or unstructured data streams. AIL framework is flexible and can be extended to support other functionalities to mine sensitive information.
* [git-secrets](https://github.com/awslabs/git-secrets)
* Prevents you from committing passwords and other sensitive information to a git repository.
* [keynuker](https://github.com/tleyden/keynuker)
* KeyNuker scans public activity across all Github users in your Github organization(s) and proactively deletes any AWS keys that are accidentally leaked. It gets the list of AWS keys to scan by directly connecting to the AWS API.
[Password Policy - technet](https://technet.microsoft.com/en-us/library/hh994572.aspx)
### Linux/Unix
[Account lockout threshold - technet](https://technet.microsoft.com/en-us/library/hh994574.aspx)
* [LUNAR](https://github.com/lateralblast/lunar)
* A UNIX security auditing tool based on several security frameworks
* [Filenames and Pathnames in Shell: How to do it Correctly](https://www.dwheeler.com/essays/filenames-in-shell.html)
* [Monit](https://mmonit.com/monit/)
* Monit is a small Open Source utility for managing and monitoring Unix systems. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.
[Guide to Application Whitelisting - NIST Special Publication 800 - 167](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-167.pdf)
[Script Rules in AppLocker - technet](https://technet.microsoft.com/en-us/library/ee460958.aspx)
[DLL Rules in AppLocker](https://technet.microsoft.com/en-us/library/ee460947.aspx)
[Microsoft Security Advisory 2871997](https://technet.microsoft.com/library/security/2871997)
* [Microsoft Security Advisory: Update to improve credentials protection and management: May 13, 2014](https://support.microsoft.com/en-us/help/2871997/microsoft-security-advisory-update-to-improve-credentials-protection-a)
[Windows Defender Device Guard deployment guide - docs ms](https://docs.microsoft.com/en-us/windows/device-security/device-guard/device-guard-deployment-guide)
### Malicious USBs
* [BEAMGUN](https://github.com/JLospinoso/beamgun)
* A rogue-USB-device defeat program for Windows.
### Network
* [Defending the Enterprise Against Network Infrastructure Attacks - Paul Coggin - Troopers15](https://www.youtube.com/watch?v=K0X3RDf5XK8)
### Active Directory
### OS X
### Baselining
[Measure Boot Performance with the Windows Assessment and Deployment Toolkit](https://blogs.technet.microsoft.com/mspfe/2012/09/19/measure-boot-performance-with-the-windows-assessment-and-deployment-toolkit/)
* [netman](https://github.com/iadgov/netman)
* A userland network manager with monitoring and limiting capabilities for macOS.
* [netfil](https://github.com/iadgov/netfil)
* A kernel network manager with monitoring and limiting capabilities for macOS.
* [OverSight](https://objective-see.com/products/oversight.html)
* OverSight monitors a mac's mic and webcam, alerting the user when the internal mic is activated, or whenever a process accesses the webcam.
### Ransomware
* [Decryptonite](https://github.com/DecryptoniteTeam/Decryptonite)
* Decryptonite is a tool that uses heuristics and behavioural analysis to monitor for and stop ransomware.
### Web
* [The Hitchhiker's Guide to SQL Injection prevention](https://phpdelusions.net/sql_injection)
#### WAF
* NAXSI
* [naxsi](https://github.com/nbs-system/naxsi)
* NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
* [naxsi wiki](https://github.com/nbs-system/naxsi/wiki)
* ModSecurity
* [ModSecurity](https://www.modsecurity.org/)
* [ModSecurity Reference Manual](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual)
### Windows
* General
* [Windows Firewall Hook Enumeration](https://www.nccgroup.com/en/blog/2015/01/windows-firewall-hook-enumeration/)
* We’re going to look in detail at Microsoft Windows Firewall Hook drivers from Windows 2000, XP and 2003. This functionality was leveraged by the Derusbi family of malicious code to implement port-knocking like functionality. We’re going to discuss the problem we faced, the required reverse engineering to understand how these hooks could be identified and finally how the enumeration tool was developed.
* [Detecting DLL Hijackingon Windows](http://digital-forensics.sans.org/blog/2015/03/25/detecting-dll-hijacking-on-windows/)
* [The Effectiveness of Tools in Detecting the 'Maleficent Seven' Privileges in the Windows Environment](https://www.sans.org/reading-room/whitepapers/sysadmin/effectiveness-tools-detecting-039-maleficent-seven-039-privileges-windows-environment-38220)
* Account Credentials
* General
* [Blocking Remote Use of Local Accounts](https://blogs.technet.microsoft.com/secguide/2014/09/02/blocking-remote-use-of-local-accounts/)
* [MS Security Advisory 2871997](https://technet.microsoft.com/library/security/2871997)
* Update to Improve Credentials Protection and Management
* [Invoke-HoneyCreds - Ben0xA](https://github.com/Ben0xA/PowerShellDefense)
* Use Invoke-HoneyCreds to distribute fake cred throughout environment as "legit" service account and monitor for use of creds
* [The CredDefense Toolkit - BlackHills](https://www.blackhillsinfosec.com/the-creddefense-toolkit/)
* Credential and Red Teaming Defense for Windows Environments
* Golden/Silver Tickets
* [Defending against mimikatz](https://jimshaver.net/2016/02/14/defending-against-mimikatz/)
* [Kerberos Golden Ticket: Mitigating pass the ticket on Active Directory](http://cert.europa.eu/static/WhitePapers/CERT-EU-SWP_14_07_PassTheGolden_Ticket_v1_1.pdf)
* [Mitigating Kerberos Golden Tickets:](http://cert.europa.eu/static/WhitePapers/CERT-EU-SWP_14_07_PassTheGolden_Ticket_v1_1.pdf)
* [Protection from Kerberos Golden Ticket: Mitigating pass the ticket on Active Directory CERT-EU 2014](https://cert.europa.eu/static/WhitePapers/CERT-EU-SWP_14_07_PassTheGolden_Ticket_v1_1.pdf)
* Pass the Hash
* [Mitigating Pass-the-Hash Attacks and other credential Theft-version2](http://download.microsoft.com/download/7/7/A/77ABC5BD-8320-41AF-863C-6ECFB10CB4B9/Mitigating-Pass-the-Hash-Attacks-and-Other-Credential-Theft-Version-2.pdf)
* Official MS paper.
* [Pass-the-Hash II: Admin’s Revenge - Skip Duckwall & Chris Campbell](https://media.blackhat.com/us-13/US-13-Duckwall-Pass-the-Hash-Slides.pdf)
* Protecting against Pass-The-Hash and other techniques
* [Fixing Pass the Hash and Other Problems](http://www.scriptjunkie.us/2013/06/fixing-pass-the-hash-and-other-problems/)
* Active Directory
* [What would a real hacker do to your Active Directory](https://www.youtube.com/watch?v=DH3v8bO-NCs)
* [Active Directory: Real Defense for Domain Admins](https://www.irongeek.com/i.php?page=videos/derbycon4/t213-active-directory-real-defense-for-domain-admins-jason-lang)
* Did your AD recently get owned on a pentest? It’s always fun to see an unknown entry show up in your Domain Admins group (#fail). Come learn how to truly protect your organization’s IT crown jewels from some of the most popular AD attacks. If you’re stuck trying to figure out what to do with null sessions, pass the hash techniques, or protecting your Domain Admins, then you will want to be here.
* [Active Directory Design Best Practices](https://krva.blogspot.com/2008/04/ad-design-best-practices.html)
* [How to Build Super Secure Active Directory Infrastructure* - BlackHills](https://www.blackhillsinfosec.com/build-super-secure-active-directory-infrastructure/)
* [Securing Microsoft Active Directory Federation Server (ADFS)](https://adsecurity.org/?p=3782)
* Credential/Device Guard
* [Protect derived domain credentials with Windows Defender Credential Guard - docs.ms](https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard)
* [Windows Defender Device Guard deployment guide - docs ms](https://docs.microsoft.com/en-us/windows/device-security/device-guard/device-guard-deployment-guide)
* [Windows Defender Credential Guard: Requirements - docs.ms](https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard-requirements)
* [Windows 10 Device Guard and Credential Guard Demystified - blogs.technet](https://blogs.technet.microsoft.com/ash/2016/03/02/windows-10-device-guard-and-credential-guard-demystified/)
* [Manage Windows Defender Credential Guard - docs.ms](https://docs.microsoft.com/en-us/windows/access-protection/credential-guard/credential-guard-manage)
* [Busy Admin’s Guide to Device Guard and Credential Guard - adaptiva](https://insights.adaptiva.com/2017/busy-admins-guide-device-guard-credential-guard/)
* Event Log
* General
* [Windows Event Logs Zero to Hero Nate Guagenti Adam Swan - Bloomcon2017](https://www.youtube.com/watch?v=H3t_kHQG1Js)
* Group Policy
* [The 10 Windows group policy settings you need to get right](http://www.infoworld.com/article/2609578/security/the-10-windows-group-policy-settings-you-need-to-get-right.html?page=2)
* [Group Policy for WSUS - grouppolicy.biz](http://www.grouppolicy.biz/2011/06/best-practices-group-policy-for-wsus/)
* [GPO Best Policies - grouppolicy.biz](http://www.grouppolicy.biz/best-practices/)
* [Securing Windows with Group Policy Josh - Rickard - Derbycon7](https://www.youtube.com/watch?v=Upeaa2rgozk&index=66&list=PLNhlcxQZJSm-PKUZTYe1C94ymf0omysM3)
* Hardening
* [Awesome Windows Domain Hardening](https://github.com/PaulSec/awesome-windows-domain-hardening)
* A curated list of awesome Security Hardening techniques for Windows.
* [Threats and Countermeasures Guide: Security Settings in Windows Server 2008 R2 and Windows 7 - technet](https://technet.microsoft.com/en-us/library/hh125921.aspx)
* Just Enough Administration (JEA)
* [Just Enough Administration - docs.ms](https://docs.microsoft.com/en-us/powershell/jea/overview)
* [Just Enough Administration: Windows PowerShell security controls help protect enterprise data - msdn](https://msdn.microsoft.com/en-us/library/dn896648.aspx)
* [JEA Pre-requisites](https://docs.microsoft.com/en-us/powershell/jea/prerequisites)
* [JEA Role Capabilities](https://docs.microsoft.com/en-us/powershell/jea/role-capabilities)
* [JEA Session Configurations](https://docs.microsoft.com/en-us/powershell/jea/session-configurations)
* [Registering JEA Configurations](https://docs.microsoft.com/en-us/powershell/jea/register-jea)
* [Using JEA](https://docs.microsoft.com/en-us/powershell/jea/using-jea)
* [JEA Security Considerations](https://docs.microsoft.com/en-us/powershell/jea/security-considerations)
* [Auditing and Reporting on JEA](https://docs.microsoft.com/en-us/powershell/jea/audit-and-report)
* [Just Enough Administration Samples and Resources](https://github.com/PowerShell/JEA)
* Just Enough Administration (JEA) is a PowerShell security technology that provides a role based access control platform for anything that can be managed with PowerShell. It enables authorized users to run specific commands in an elevated context on a remote machine, complete with full PowerShell transcription and logging. JEA is included in PowerShell version 5 and higher on Windows 10 and Windows Server 2016, and older OSes with the Windows Management Framework updates.
* Local Administrator Password Solution
* [Microsoft security advisory: Local Administrator Password Solution](https://support.microsoft.com/en-us/help/3062591/microsoft-security-advisory-local-administrator-password-solution-laps)
* [Local Administrator Password Solution - technet](https://technet.microsoft.com/en-us/mt227395.aspx)
* The "Local Administrator Password Solution" (LAPS) provides a centralized storage of secrets/passwords in Active Directory (AD) - without additional computers. Each organization’s domain administrators determine which users, such as helpdesk admins, are authorized to read the passwords.
* [Introduction to Microsoft LAPS (Local Administrator Password Solution)](https://4sysops.com/archives/introduction-to-microsoft-laps-local-administrator-password-solution/)
* [Set up Microsoft LAPS (Local Administrator Password Solution) in Active Directory](Introduction to Microsoft LAPS (Local Administrator Password Solution) - 4sysops)(https://4sysops.com/archives/set-up-microsoft-laps-local-administrator-password-solution-in-active-directory/)
* [FAQs for Microsoft Local Administrator Password Solution (LAPS) - Part 1 - 4sysops](https://4sysops.com/archives/faqs-for-microsoft-local-administrator-password-solution-laps/)
* [FAQs for Microsoft Local Administrator Password Solution (LAPS) - Part 2 - 4sysops](https://4sysops.com/archives/part-2-faqs-for-microsoft-local-administrator-password-solution-laps/)
* Office Documents
* [Securely opening Microsoft Office documents that contain Dynamic Data Exchange (DDE) fields](https://technet.microsoft.com/library/security/4053440)
* Visualization/Tracking/Reporting
* General
* [Userline](https://github.com/THIBER-ORG/userline)
* This tool automates the process of creating logon relations from MS Windows Security Events by showing a graphical relation among users domains, source and destination logons as well as session duration.
* [VOYEUR](https://github.com/silverhack/voyeur)
* VOYEUR's main purpose is to automate several tasks of an Active Directory build review or security assessment. Also, the tool is able to create a fast (and pretty) Active Directory report. The tool is developed entirely in PowerShell (a powerful scripting language) without dependencies like Microsoft Remote Administration tools. (Just .Net Framework 2.0 and Office Excel if you want a useful and pretty report). The generated report is a perfect starting point for well-established forensic, incident response team, security consultants or security researchers who want to quickly analyze threats in Active Directory Services.
* WMI
* General
* [Uproot](https://github.com/Invoke-IR/Uproot)
* Uproot is a Host Based Intrusion Detection System (HIDS) that leverages Permanent Windows Management Instrumentation (WMI) Event Susbcriptions to detect malicious activity on a network. For more details on WMI Event Subscriptions please see the WMIEventing Module
* [WMIEvent](https://github.com/Invoke-IR/WMIEvent)
* A PowerShell module to abstract the complexities of Permanent WMI Event Subscriptions
* [Managing WMI security - technet](https://technet.microsoft.com/en-us/library/cc731011(v=ws.11).aspx)
* [Maintaining WMI Security - msdn](https://msdn.microsoft.com/en-us/library/aa392291(v=vs.85).aspx)
* [Simple WMI Trace Viewer in PowerShell](https://chentiangemalc.wordpress.com/2017/03/24/simple-wmi-trace-viewer-in-powershell/)
* [An Insider’s Guide to Using WMI Events and PowerShell](https://blogs.technet.microsoft.com/heyscriptingguy/2012/06/08/an-insiders-guide-to-using-wmi-events-and-powershell/)
#### PowerShell
* General
* [Powershell Security at Enterprise Customers - blogs.msdn](https://blogs.msdn.microsoft.com/daviddasneves/2017/05/25/powershell-security-at-enterprise-customers/)
* [More Detecting Obfuscated PowerShell](http://www.leeholmes.com/blog/2016/10/22/more-detecting-obfuscated-powershell/)
* [Revoke-Obfuscation - tool](https://github.com/danielbohannon/Revoke-Obfuscation)
* PowerShell v3.0+ compatible PowerShell obfuscation detection framework.
* [Revoke Obfuscation PowerShell Obfuscation Detection And Evasion Using Science Lee Holmes Daniel - Derbycon7 - talk](https://www.youtube.com/watch?v=7XnkDsOZM3Y&index=16&list=PLNhlcxQZJSm-PKUZTYe1C94ymf0omysM3)
* [PSRecon](https://github.com/gfoss/PSRecon/)
* 🚀 PSRecon gathers data from a remote Windows host using PowerShell (v2 or later), organizes the data into folders, hashes all extracted data, hashes PowerShell and various system properties, and sends the data off to the security team. The data can be pushed to a share, sent over email, or retained locally.
[Evaluate Fast Startup Using the Assessment Toolkit](https://docs.microsoft.com/en-us/windows-hardware/test/wpt/optimizing-performance-and-responsiveness-exercise-1)
### OS X
[netman](https://github.com/iadgov/netman)
* A userland network manager with monitoring and limiting capabilities for macOS.
[netfil](https://github.com/iadgov/netfil)
* A kernel network manager with monitoring and limiting capabilities for macOS.

+ 5
- 9
Draft/Disinformation.md View File

@ -1,15 +1,9 @@
## Disinformation
##### Cull
https://web.archive.org/web/20150921054800id_/http://fair.org/home/down-the-memory-hole-nyt-erases-cias-efforts-to-overthrow-syrias-government/
https://meduza.io/en/feature/2015/02/02/a-man-who-s-seen-society-s-black-underbelly
###### End cull
-----
### <a name="talks">
General
### <a name="talks">General
**General**
* [25 Rules of Disinformation](http://vigilantcitizen.com/latestnews/the-25-rules-of-disinformation/)
* [8 Traits of the Disinformationalist](https://calloutjoe.wordpress.com/psyop/eight-traits-of-the-disinformationalist/)
* [Governments and UFOs: A Historical Analysis of Disinformation and Deception - Richard Thieme](http://www.irongeek.com/i.php?page=videos/bsideslasvegas2013/1-2-7-governments-and-ufos-a-historical-analysis-of-disinformation-and-deception-richard-thieme)
@ -22,4 +16,6 @@ General
* [A Digital World Full of Ghost Armies](http://www.cigtr.info/2015/02/a-digital-world-full-of-ghost-armies.html)
* Not very related to infosec per say, but the general idea/takeaway is very applicable.
* [Russia Convention on International Information Security](http://cryptome.org/2014/05/ru-international-infosec.htm)
* [IRA Code Words Spell Real Threat](articles.latimes.com/1997-04-19/news/mn-50393_1_code-words)
* [‘A man who’s seen society's black underbelly’ Meduza meets ‘Anonymous International’](https://meduza.io/en/feature/2015/02/02/a-man-who-s-seen-society-s-black-underbelly)
* [Down the Memory Hole: NYT Erases CIA’s Efforts to Overthrow Syria’s Government](https://web.archive.org/web/20150921054800id_/http://fair.org/home/down-the-memory-hole-nyt-erases-cias-efforts-to-overthrow-syrias-government/)

+ 8
- 0
Draft/Documentation & Reports -.md View File

@ -106,3 +106,11 @@ Other Materials:
* [How I read a research paper](https://muratbuffalo.blogspot.com/2013/07/how-i-read-research-paper.html?m=1)
------
### De/Briefing
* General
* [kap](https://github.com/wulkano/kap)
* An open-source screen recorder built with web technology
* [Debriefing: A Simple Tool to Help Your Team Tackle Tough Problems](https://hbr.org/2015/07/debriefing-a-simple-tool-to-help-your-team-tackle-tough-problems)
* [Sample Debriefing Statement - Albion College](https://www.albion.edu/academics/student-research/institutional-review-board/submitting-a-proposal/sample-debriefing-statement)
* [A Project Post Mortem Template](http://brolik.com/blog/project-post-mortem-template/)

+ 7
- 4
Draft/Exfiltration.md View File

@ -13,7 +13,6 @@
##### Sort
##### End Sort
@ -99,8 +98,12 @@ General
* This server listens on all TCP ports, allowing you to test any outbound TCP port.
* [CloakifyFactory](https://github.com/TryCatchHCF/Cloakify)
* CloakifyFactory & the Cloakify Toolset - Data Exfiltration & Infiltration In Plain Sight; Evade DLP/MLS Devices; Social Engineering of Analysts; Defeat Data Whitelisting Controls; Evade AV Detection. Text-based steganography usings lists. Convert any file type (e.g. executables, Office, Zip, images) into a list of everyday strings. Very simple tools, powerful concept, limited only by your imagination.
* [QRCode-Video-Data-Exfiltration](https://github.com/Neohapsis/QRCode-Video-Data-Exfiltration)
* Exfiltrate data with QR code videos generated from files by HTML5/JS.
* [DNSExfiltrator](https://github.com/Arno0x/DNSExfiltrator)
* DNSExfiltrator allows for transfering (exfiltrate) a file over a DNS request covert channel. This is basically a data leak testing tool allowing to exfiltrate data over a covert channel.
* [system-bus-radio](https://github.com/fulldecent/system-bus-radio)
* Transmits AM radio on computers without radio transmitting hardware.
@ -113,4 +116,4 @@ General
### <a name="papers"></a>Papers
* [Self-Exfiltration: The Dangers of Browser-Enforced Information Flow Control](http://ericchen.me/self_exfiltration.pdf)
* Abstract —Since the early days of Netscape, browser vendors and web security researchers have restricted out-going data based on its destination. The security argument accompanying these mechanisms is that they prevent sensitive user data from being sent to the attacker’s domain. However, in this paper, we show that regulating web information flow based on its destination server is an inherently flawed security practice. It is vulnerable to self-exfiltration attacks, where an adversary stashes stolen information in the database of a whitelisted site, then later independently connects to the whitelisted site to retrieve the information. We describe eight existing browser security mechanisms that are vulnerable to these “self-exfiltration” attacks. Furthermore, we discovered at least one exfiltration channel for each of the Alexa top 100 websites. None of the existing information flow control mechanisms we surveyed are sufficient to protect data from being leaked to the attacker. Our goal is to prevent browser vendors and researchers from falling into this trap by designing more systems that are vulnerable to self-exfiltration.
* [GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies](https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-guri-update.pdf)

+ 24
- 20
Draft/Exploit Development.md View File

@ -11,13 +11,13 @@ Talks
* [Practice Exploit Dev/Structured Learning](#practice)
* [Exploit Dev Papers](#expapers)
* [bof](#bof)
* [ROP](ROP)
* [ROP](#ROP)
* BlindROP
* SignalROP
* JumpROP
* [Heap](#heap)
* [Format String](#fs)
* [Integer Overflows](into)
* [Integer Overflows](#into)
* [Null Ptr Dereference](#nullptr)
* [JIT-Spray](#jit)
* [ASLR](#aslr)
@ -70,31 +70,31 @@ Talks
#### Sort:
[BISC: Borrowed Instructions Synthetic Computation](https://github.com/trailofbits/bisc)
* BISC is a Ruby library for demonstrating how to build borrowed-instruction programs. BISC aims to be simple, analogous to a traditional assembler, minimize behind-the-scenes magic, and let users write simple macros. BISC was developed by Dino Dai Zovi for Practical Return-oriented Programming at Blackhat USA 2010 and was used for the Assured Exploitation course.
* [BISC: Borrowed Instructions Synthetic Computation](https://github.com/trailofbits/bisc)
* BISC is a Ruby library for demonstrating how to build borrowed-instruction programs. BISC aims to be simple, analogous to a traditional assembler, minimize behind-the-scenes magic, and let users write simple macros. BISC was developed by Dino Dai Zovi for Practical Return-oriented Programming at Blackhat USA 2010 and was used for the Assured Exploitation course.
* [Offset-DB](http://offset-db.com/)
* This website provide you a list of useful offset that you can use for your exploit.
* [Example of a DLL Hijack Exploit - Winamp 5.581](https://www.exploit-db.com/exploits/14789/)
* This website provide you a list of useful offset that you can use for your exploit.
* [Build a database of libc offsets to simplify exploitation](https://github.com/niklasb/libc-database)
* Eternal Blue
* [MS17-010: EternalBlue’s Large Non-Paged Pool Overflow in SRV Driver - blog.trendmicro](http://blog.trendmicro.com/trendlabs-security-intelligence/ms17-010-eternalblue/)
* [MS17-010 worawit](https://github.com/worawit/MS17-010)
* [Return Oriented Programming Tutorial](https://github.com/akayn/demos/blob/master/Tutorials/README.md)
* [Ropper](https://github.com/sashs/ropper)
* You can use ropper to display information about binary files in different file formats and you can search for gadgets to build rop chains for different architectures (x86/X86_64, ARM/ARM64, MIPS/MIPS64, PowerPC). For disassembly ropper uses the awesome Capstone Framework.
* [Loading a DLL from memory](https://www.joachim-bauch.de/tutorials/loading-a-dll-from-memory/)
Understanding the Heap
* [Syscalls used by malloc](https://sploitfun.wordpress.com/2015/02/11/syscalls-used-by-malloc/)
* [Understanding glibc malloc](https://sploitfun.wordpress.com/2015/02/10/understanding-glibc-malloc/)
* [Understanding the heap by breaking it](https://www.blackhat.com/presentations/bh-usa-07/Ferguson/Whitepaper/bh-usa-07-ferguson-WP.pdf)
* [MS17-010: EternalBlue’s Large Non-Paged Pool Overflow in SRV Driver - blog.trendmicro](http://blog.trendmicro.com/trendlabs-security-intelligence/ms17-010-eternalblue/)
* [NotQuite0DayFriday](https://github.com/grimm-co/NotQuite0DayFriday)
* This repository documents real bugs in real software. At the time of disclosure the most recent versions were patched. Seeing mistakes that were made in the past can be a useful tool for seeing trends of bugs which make it past all the quality control processes. Understanding what happened, is the first step to figuring out how to detect these issues in other software. The repo is organized by the release date. In each folder you will find instructions on how to trigger the bug, versions affected, and a stack trace at the time of the crash. It'll also contain any notes on the bug which might include things like references to specific lines of source code.
* [MS17-010 worawit](https://github.com/worawit/MS17-010)
* [Ropper](https://github.com/sashs/ropper)
* You can use ropper to display information about binary files in different file formats and you can search for gadgets to build rop chains for different architectures (x86/X86_64, ARM/ARM64, MIPS/MIPS64, PowerPC). For disassembly ropper uses the awesome Capstone Framework.
Understanding the Heap
* [Syscalls used by malloc](https://sploitfun.wordpress.com/2015/02/11/syscalls-used-by-malloc/)
* [Understanding glibc malloc](https://sploitfun.wordpress.com/2015/02/10/understanding-glibc-malloc/)
* [Understanding the heap by breaking it](https://www.blackhat.com/presentations/bh-usa-07/Ferguson/Whitepaper/bh-usa-07-ferguson-WP.pdf)
@ -137,7 +137,8 @@ Understanding the Heap
* [Art of Picking Intel Registers](http://www.swansontec.com/sregisters.html)
* [Trampolines in x64](http://www.ragestorm.net/blogs/?p=107)
* [Playing with canaries](https://www.elttam.com.au/blog/playing-with-canaries/)
* [pop-nedry](https://github.com/zznop/pop-nedry)
* Why pop calc, when you can pop Nedry!? This repository contains an x86-64 payload that recreates the Jurassic Park scene in which Dennis Nedry locks Ray Arnold out of his terminal.
@ -326,7 +327,7 @@ Understanding the Heap
### <a name="aslr"> ASLR:</a>
* [Exploit writing tutorial part 6 : Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR](https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/)
* [Aslr Smack and Laugh Reference](http://www-users.rwth-aachen.de/Tilo.Mueller/ASLRpaper.pdf)
* [Advanced Buffer Overflow Methods](http:/www.cs.tau.ac.il/tausec/lectures/Advanced_Buffer_Overflow_Methods.ppt)
* [Advanced Buffer Overflow Methods](http://www.cs.tau.ac.il/tausec/lectures/Advanced_Buffer_Overflow_Methods.ppt)
* [Smack the Stack](http://www.sts.synflood.de/dump/doc/smackthestack.txt)
* [Exploiting the random number generator to bypass ASLR](https://www.blackhat.com/presentations/bh-europe-09/Fritsch/Blackhat-Europe-2009-Fritsch-Bypassing-aslr-whitepaper.pdf)
* [Wikipedia on ASLR](https://www.en.wikipedia.org/wiki/Address_space_layout_randomization)
@ -700,7 +701,10 @@ Sensepost Series on Linux Heap Exploitation (Intro level)
#### General
* [Writing Exploits for Win32 Systems from Scratch](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/june/writing-exploits-for-win32-systems-from-scratch/)
* [Windows DLL-Injection basics](http://blog.opensecurityresearch.com/2013/01/windows-dll-injection-basics.html)
* DLL
* [Windows DLL-Injection basics](http://blog.opensecurityresearch.com/2013/01/windows-dll-injection-basics.html)
* [Example of a DLL Hijack Exploit - Winamp 5.581](https://www.exploit-db.com/exploits/14789/)
* [Loading a DLL from memory](https://www.joachim-bauch.de/tutorials/loading-a-dll-from-memory/)
* [Writing Exploits for Win32 Systems from Scratch](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/june/writing-exploits-for-win32-systems-from-scratch/)
* [Portable Executable Injection For Beginners](http://www.malwaretech.com/2013/11/portable-executable-injection-for.html)
* [ActiveX - Active Exploitation](http://uninformed.org/?v=all&a=41&t=sumry)


+ 42
- 27
Draft/Forensics Incident Response.md View File

@ -1,7 +1,7 @@
##Forensics & Incident Response
## Forensics & Incident Response
#####TOC
##### Table of Contents
* General
* Tools
* [Presentations/Talks](#talks)
@ -21,31 +21,14 @@
#### Sort
https://forensiccontrol.com/resources/free-software/
Forensics wiki
* [dotNET_WinDBG](https://github.com/Cisco-Talos/dotNET_WinDBG)
* This python script is designed to automate .NET analysis with WinDBG. It can be used to analyse a PowerShell script or to unpack a binary packed using a .NET packer.
* Sort sections alphabetically
* Update ToC
[Unravelling .NET with the Help of WinDBG - TALOS](http://blog.talosintelligence.com/2017/07/unravelling-net-with-help-of-windbg.html)
* This article describes:
* How to analyse PowerShell scripts by inserting a breakpoint in the .NET API.
* How to easily create a script to automatically unpack .NET samples following analysis of the packer logic.
https://forensiccontrol.com/resources/free-software/
[Pac4Mac](https://github.com/sud0man/pac4mac)
* Pac4Mac (Plug And Check for Mac OS X) is a portable Forensics framework (to launch from USB storage) allowing extraction and analysis session informations in highlighting the real risks in term of information leak (history, passwords, technical secrets, business secrets, ...). Pac4Mac can be used to check security of your Mac OS X system or to help you during forensics investigation.
* [ViperMonkey](https://github.com/decalage2/ViperMonkey)
* ViperMonkey is a VBA Emulation engine written in Python, designed to analyze and deobfuscate malicious VBA Macros contained in Microsoft Office files (Word, Excel, PowerPoint, Publisher, etc).
[LogonTracer](https://github.com/JPCERTCC/LogonTracer)
* Investigate malicious Windows logon by visualizing and analyzing Windows event log
[How to Perform a Physical Acquisition in Android Forensics?](https://infosecaddicts.com/perform-physical-acquisition-android-forensics/)
* [Knock Knock](https://github.com/synack/knockknock)
* KnockKnock displays persistent items (scripts, commands, binaries, etc.), that are set to execute automatically on OS X
* [LogonTracer](https://github.com/JPCERTCC/LogonTracer)
* Investigate malicious Windows logon by visualizing and analyzing Windows event log
#### End Sort
@ -186,6 +169,10 @@ http://windowsir.blogspot.com/2013/11/sniper-forensics-memory-analysis-and.html
* Recovers the master password of key3.db files, i.e. Thunderbird, Firefox
--------------
### Chrome Book Forensics
* [Chromebook Forensics](http://www.dataforensics.org/google-chromebook-forensics/)
--------------
### <a name="memory"></a>Memory Forensics
@ -267,6 +254,9 @@ http://windowsir.blogspot.com/2013/11/sniper-forensics-memory-analysis-and.html
* This class serves as a foundation for mobile digital forensics, forensics of Android operating systems, and penetration testing of Android applications.
* [Androick](https://github.com/Flo354/Androick)
* Androick is a python tool to help in forensics analysis on android. Put the package name, some options and the program will download automatically apk, datas, files permissions, manifest, databases and logs. It is easy to use and avoid all repetitive tasks!
* [How to Perform a Physical Acquisition in Android Forensics?](https://infosecaddicts.com/perform-physical-acquisition-android-forensics/)
--------------
####<a name="ios">iOS Forensics</a>
@ -281,12 +271,27 @@ http://www.iosresearch.org/
* [The art of iOS and iCloud forensics](https://blog.elcomsoft.com/2017/11/the-art-of-ios-and-icloud-forensics/)
------------
### .NET Forensics
* [dotNET_WinDBG](https://github.com/Cisco-Talos/dotNET_WinDBG)
* This python script is designed to automate .NET analysis with WinDBG. It can be used to analyse a PowerShell script or to unpack a binary packed using a .NET packer.
* [Unravelling .NET with the Help of WinDBG - TALOS](http://blog.talosintelligence.com/2017/07/unravelling-net-with-help-of-windbg.html)
* This article describes: How to analyse PowerShell scripts by inserting a breakpoint in the .NET API; How to easily create a script to automatically unpack .NET samples following analysis of the packer logic.
--------------
### <a name="pdf">PDF Forensics</a>
http://countuponsecurity.com/2014/09/22/malicious-documents-pdf-analysis-in-5-steps/
* [Didier Stevens Blog](https://blog.didierstevens.com/)
* [PDF Forensics](http://countuponsecurity.com/2014/09/22/malicious-documents-pdf-analysis-in-5-steps/)
* [Analyzing Malicious Documents Cheat Sheet](https://zeltser.com/analyzing-malicious-documents/)
--------------
@ -294,6 +299,14 @@ http://countuponsecurity.com/2014/09/22/malicious-documents-pdf-analysis-in-5-st
* [jhead](http://www.sentex.net/~mwandel/jhead/)
* Exif Jpeg header manipulation tool
--------------------
### VBA Analysis
* [ViperMonkey](https://github.com/decalage2/ViperMonkey)
* ViperMonkey is a VBA Emulation engine written in Python, designed to analyze and deobfuscate malicious VBA Macros contained in Microsoft Office files (Word, Excel, PowerPoint, Publisher, etc).
--------------
### <a name="tools">Tools:</a>
@ -370,6 +383,10 @@ database of Microsoft Active Directory (NTDS.DIT).
* OS X Auditor is a free Mac OS X computer forensics tool.
* [OS X Forensics Generals](https://davidkoepi.wordpress.com/category/os-x-forensics-10-8/)
* [OSX Lion User Interface Preservation Analysis](https://digital-forensics.sans.org/blog/2011/10/03/osx-lion-user-interface-preservation-analysis#)
* [Knock Knock](https://github.com/synack/knockknock)
* KnockKnock displays persistent items (scripts, commands, binaries, etc.), that are set to execute automatically on OS X
* [Pac4Mac](https://github.com/sud0man/pac4mac)
* Pac4Mac (Plug And Check for Mac OS X) is a portable Forensics framework (to launch from USB storage) allowing extraction and analysis session informations in highlighting the real risks in term of information leak (history, passwords, technical secrets, business secrets, ...). Pac4Mac can be used to check security of your Mac OS X system or to help you during forensics investigation.
@ -379,9 +396,7 @@ database of Microsoft Active Directory (NTDS.DIT).
* [Part 2](http://www.malwaretech.com/2015/03/bootkit-disk-forensics-part-2.html)
--------------
### Chrome Book Forensics
* [Chromebook Forensics](http://www.dataforensics.org/google-chromebook-forensics/)


+ 1
- 1
Draft/Fuzzing Bug Hunting.md View File

@ -89,7 +89,7 @@ https://raw.githubusercontent.com/secfigo/Awesome-Fuzzing/master/README.md
* Virtual Appliances have become very prevalent these days as virtualization is ubiquitous and hypervisors commonplace. More and more of the major vendors are providing literally virtual clones for many of their once physical-only products. Like IoT and the CAN bus, it's early in the game and vendors are late as usual. One thing that it catching these vendors off guard is the huge additional attack surface, ripe with vulnerabilities, added in the process. Also, many vendors see software appliances as an opportunity for the customer to easily evaluate the product before buying the physical one, making these editions more accessible and debuggable by utilizing features of the platform on which it runs. During this talk, I will provide real case studies for various vulnerabilities created by mistakes that many of the major players made when shipping their appliances. You'll learn how to find these bugs yourself and how the vendors went about fixing them, if at all. By the end of this talk, you should have a firm grasp of how one goes about getting remotes on these appliances.
* [Fuzzing for MS15-010](http://blog.beyondtrust.com/fuzzing-for-ms15-010)
* This past Patch Tuesday Microsoft released MS15-010: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution. This patch addressed multiple privately reported vulnerabilities in win32k.sys and one publicly disclosed vulnerability in cng.sys. This post goes through identifying the patched vulnerability.
* [Fuzzing proprietary protocols with Scapy, radamsa and a handful of PCAPs](https://blog.blazeinfosec.com/fuzzing-proprietary-protocols-with-scapy-radamsa-and-a-handful-of-pcaps/)


+ 335
- 385
Draft/Interesting Things Useful stuff.md View File

@ -28,186 +28,175 @@
#### To Sort
* sort and break into policy/high level/ vs interesting things
http://spth.virii.lu/articles.htm
* [Virtualization Based Security - Part 2: kernel communications](http://blog.amossys.fr/virtualization-based-security-part2.html)
* [Binary SMS - The old backdoor to your new thing](https://www.contextis.com/resources/blog/binary-sms-old-backdoor-your-new-thing/)
* [A Sysadmin's Unixersal Translator (ROSETTA STONE)](http://bhami.com/rosetta.html)
* [Windows Firewall Control - Managing Windows Firewall is now easier than ever](https://www.binisoft.org/wfc.php)
[OSX for Hackers (Mavericks/Yosemite)](https://gist.github.com/matthewmueller/e22d9840f9ea2fee4716)
[What Colour are your bits?](http://ansuz.sooke.bc.ca/entry/23)
* [OSX for Hackers (Mavericks/Yosemite)](https://gist.github.com/matthewmueller/e22d9840f9ea2fee4716)
#### End Sort
* [Hacker Scripts](https://github.com/NARKOZ/hacker-scripts)
* Based on a true story
* [statistically-likely-usernames](https://github.com/insidetrust/statistically-likely-usernames)
* This resource contains wordlists for creating statistically likely usernames for use in username-enumeration, simulated password-attacks and other security testing tasks.
#### End Sort
----------------------
### <a name="general"></a>General Articles
* This is why we can't have nice things -> [VBScript Injection via GNOME Thumbnailer - On Linux](http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html)
* [Hamming - You and your research](https://www.youtube.com/watch?v=a1zDuOPkMSw)
* [Your Project from Idea to Reality](http://www.slideshare.net/maltman23/your-project-from-idea-to-reality)
* [Windows Commands Abused by Attackers](http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html)
* [The Distribution of Users’ Computer Skills: Worse Than You Think](https://www.nngroup.com/articles/computer-skill-levels/)
* [Infosec Podcasts](http://www.getmon.com/)
* [THE BASIC LAWS OF HUMAN STUPIDITY - Carlo M. Cipolia](http://harmful.cat-v.org/people/basic-laws-of-human-stupidity/)
Airplanes
* [NTSB Aviation Accident Database & Synopses](https://www.ntsb.gov/_layouts/ntsb.aviation/index.aspx)
* [The Aviation Herald](https://avherald.com/)
* [radar - securitywizardy](http://www.securitywizardry.com/radar.htm)
* [Real-life experiences in avionics security assessment (A. Barisani)](https://www.youtube.com/watch?v=xtSmPgXw34I&feature=youtu.be&app=desktop)
Attacking
[It’s all about the timing. . . Blackhat talk](https://www.blackhat.com/presentations/bh-usa-07/Meer_and_Slaviero/Whitepaper/bh-usa-07-meer_and_slaviero-WP.pdf)
* Description: This paper is broken up into several distinct parts, all related loosely to timing and its role in information se- curity today. While timing has long been recognized as an important component in the crypt-analysts arse- nal, it has not featured very prominently in the domain of Application Security Testing. This paper aims at highlighting some of the areas in which timing can be used with great effect, where traditional avenues fail. In this paper, a brief overview of previous timing attacks is provided, the use of timing as a covert channel is examined and the effectiveness of careful timing during traditional web application and SQL injection attacks is demonstrated. The use of Cross Site Timing in bypass- ing the Same Origin policy is explored as we believe the technique has interesting possibilities for turning innocent browsers into bot-nets aimed at, for instance, brute-force attacks against third party web-sites
* [A Look In the Mirror: Attacks on Package Managers](https://isis.poly.edu/~jcappos/papers/cappos_mirror_ccs_08.pdf)
* [VM as injection payload ](http://infiltratecon.com/downloads/python_deflowered.pdf)
* [Thousands of MongoDB installations on the net unprotected](http://cispa.saarland/wp-content/uploads/2015/02/MongoDB_documentation.pdf)
* [Exploiting the DRAM rowhammer bug to gain kernel privileges](http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html)
* "Rowhammer” is a problem with some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. We tested a selection of laptops and found that a subset of them exhibited the problem. We built two working privilege escalation exploits that use this effect. One exploit uses rowhammer-induced bit flips to gain kernel privileges on x86-64 Linux when run as an unprivileged userland process. When run on a machine vulnerable to the rowhammer problem, the process was able to induce bit flips in page table entries (PTEs). It was able to use this to gain write access to its own page table, and hence gain read-write access to all of physical memory.
* [Program for testing for the DRAM "rowhammer" problem](https://github.com/google/rowhammer-test)
* [DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks](https://arxiv.org/abs/1511.08756)
* [Breaking IPMI/BMC](http://fish2.com/ipmi/how-to-break-stuff.html)
* [The Evolution of Protected Processes Part 1: Pass-the-Hash Mitigations in Windows 8.1](http://www.alex-ionescu.com/?p=97)
* [The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)](https://cseweb.ucsd.edu/~hovav/dist/geometry.pdf)
* We present new techniques that allow a return-into-libc attack to be mounted on x86 executables that calls no functions at all. Our attack combines a large number of short instruction sequences to build gadgets that allow arbitrary computation. We show how to discover such instruction sequences by means of static analysis. We make use, in an essential way, of the properties of the x86 instruction set.
* [Ultimate beginners guide to phreaking v3.2 - 1999](http://web.textfiles.com/phreak/phreaking.txt)
Attribution
* [Cyber Attack Attribution Report](http://whohackedus.com/)
* [NSARCHIVE - The Cyber Vault](http://nsarchive.gwu.edu/cybervault/)
* An online resource documenting cyber activities of the U.S. and foreign governments as well as international organizations.
* [IPew Attack Map](http://ocularwarfare.com/ipew/)
Barcodes
* [Simplifying the Business Bar Coded Boarding Pass Implementation Guide](http://www.iata.org/whatwedo/stb/documents/bcbp_implementation_guidev4_jun2009.pdf)
* [What’s contained in a boarding pass barcode?](https://shaun.net/posts/whats-contained-in-a-boarding-pass-barcode)
* [QR Code interesting](http://datagenetics.com/blog/november12013/index.html)
* [ClearImage Free Online Barcode Reader / Decoder](http://online-barcode-reader.inliteresearch.com/)
[Decoding Small QR-Codes by hand](http://blog.qartis.com/decoding-small-qr-codes-by-hand/)
* [QR Inception: Barcode-in-Barcode Attacks](https://www.sba-research.org/wp-content/uploads/publications/qrinception.pdf)
* 2D barcodes offer many benefits compared to 1D barcodes, such as high information density and robustness. Before their introduction to the mobile phone ecosystem, they have been widely used in specific applications, such as logistics or ticketing. However, there are multiple competing standards with different benefits and drawbacks. Therefore, reader applications as well as dedicated devices have to support multiple standards. In this paper, we present novel attacks based on deliberately caused ambiguities when especially crafted barcodes conform to multiple standards. Implementation details decide which standard the decoder locks on. This way, two users scanning the same barcode with different phones or apps will receive different content. This potentially opens way for multiple problems related to security. We describe how embedding one barcode symbology into another can be used to perform phishing attacks as well as targeted exploits. In addition, we evaluate the extent to which popular 2D barcode reader applications on smartphones are susceptible to these barcode-in-barcode attacks. We furthermore discuss mitigation techniques against this type of attack.
----------------------
### <a name="general"></a>General Articles
* **General**
* [List of Data Breaches - privacyrights.org](https://www.privacyrights.org/data-breaches)
* This is why we can't have nice things -> [VBScript Injection via GNOME Thumbnailer - On Linux](http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html)
* [Hamming - You and your research](https://www.youtube.com/watch?v=a1zDuOPkMSw)
* [Your Project from Idea to Reality](http://www.slideshare.net/maltman23/your-project-from-idea-to-reality)
* [Windows Commands Abused by Attackers](http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html)
* [The Distribution of Users’ Computer Skills: Worse Than You Think](https://www.nngroup.com/articles/computer-skill-levels/)
* [Infosec Podcasts](http://www.getmon.com/)
* [THE BASIC LAWS OF HUMAN STUPIDITY - Carlo M. Cipolia](http://harmful.cat-v.org/people/basic-laws-of-human-stupidity/)
* **Airplanes**
* [NTSB Aviation Accident Database & Synopses](https://www.ntsb.gov/_layouts/ntsb.aviation/index.aspx)
* [The Aviation Herald](https://avherald.com/)
* [radar - securitywizardy](http://www.securitywizardry.com/radar.htm)
* [Real-life experiences in avionics security assessment (A. Barisani)](https://www.youtube.com/watch?v=xtSmPgXw34I&feature=youtu.be&app=desktop)
* **Attacking**
* [It’s all about the timing. . . Blackhat talk](https://www.blackhat.com/presentations/bh-usa-07/Meer_and_Slaviero/Whitepaper/bh-usa-07-meer_and_slaviero-WP.pdf)
* Description: This paper is broken up into several distinct parts, all related loosely to timing and its role in information se- curity today. While timing has long been recognized as an important component in the crypt-analysts arse- nal, it has not featured very prominently in the domain of Application Security Testing. This paper aims at highlighting some of the areas in which timing can be used with great effect, where traditional avenues fail. In this paper, a brief overview of previous timing attacks is provided, the use of timing as a covert channel is examined and the effectiveness of careful timing during traditional web application and SQL injection attacks is demonstrated. The use of Cross Site Timing in bypass- ing the Same Origin policy is explored as we believe the technique has interesting possibilities for turning innocent browsers into bot-nets aimed at, for instance, brute-force attacks against third party web-sites
* [A Look In the Mirror: Attacks on Package Managers](https://isis.poly.edu/~jcappos/papers/cappos_mirror_ccs_08.pdf)
* [VM as injection payload ](http://infiltratecon.com/downloads/python_deflowered.pdf)
* [Thousands of MongoDB installations on the net unprotected](http://cispa.saarland/wp-content/uploads/2015/02/MongoDB_documentation.pdf)
* [Exploiting the DRAM rowhammer bug to gain kernel privileges](http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html)
* "Rowhammer” is a problem with some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. We tested a selection of laptops and found that a subset of them exhibited the problem. We built two working privilege escalation exploits that use this effect. One exploit uses rowhammer-induced bit flips to gain kernel privileges on x86-64 Linux when run as an unprivileged userland process. When run on a machine vulnerable to the rowhammer problem, the process was able to induce bit flips in page table entries (PTEs). It was able to use this to gain write access to its own page table, and hence gain read-write access to all of physical memory.
* [Program for testing for the DRAM "rowhammer" problem](https://github.com/google/rowhammer-test)
* [DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks](https://arxiv.org/abs/1511.08756)
* [Breaking IPMI/BMC](http://fish2.com/ipmi/how-to-break-stuff.html)
* [The Evolution of Protected Processes Part 1: Pass-the-Hash Mitigations in Windows 8.1](http://www.alex-ionescu.com/?p=97)
* [The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)](https://cseweb.ucsd.edu/~hovav/dist/geometry.pdf)
* We present new techniques that allow a return-into-libc attack to be mounted on x86 executables that calls no functions at all. Our attack combines a large number of short instruction sequences to build gadgets that allow arbitrary computation. We show how to discover such instruction sequences by means of static analysis. We make use, in an essential way, of the properties of the x86 instruction set.
* [Ultimate beginners guide to phreaking v3.2 - 1999](http://web.textfiles.com/phreak/phreaking.txt)
Breaches
* [Alexsey’s TTPs](https://medium.com/@chrismcnab/alexseys-ttps-1204d9050551#.y2krgov7t)
* **Attribution**
* [Cyber Attack Attribution Report](http://whohackedus.com/)
* [NSARCHIVE - The Cyber Vault](http://nsarchive.gwu.edu/cybervault/)
* An online resource documenting cyber activities of the U.S. and foreign governments as well as international organizations.
* [IPew Attack Map](http://ocularwarfare.com/ipew/)
* **Barcodes**
* [Simplifying the Business Bar Coded Boarding Pass Implementation Guide](http://www.iata.org/whatwedo/stb/documents/bcbp_implementation_guidev4_jun2009.pdf)
* [What’s contained in a boarding pass barcode?](https://shaun.net/posts/whats-contained-in-a-boarding-pass-barcode)
* [QR Code interesting](http://datagenetics.com/blog/november12013/index.html)
* [ClearImage Free Online Barcode Reader / Decoder](http://online-barcode-reader.inliteresearch.com/)
* [Decoding Small QR-Codes by hand](http://blog.qartis.com/decoding-small-qr-codes-by-hand/)
* [QR Inception: Barcode-in-Barcode Attacks](https://www.sba-research.org/wp-content/uploads/publications/qrinception.pdf)
* 2D barcodes offer many benefits compared to 1D barcodes, such as high information density and robustness. Before their introduction to the mobile phone ecosystem, they have been widely used in specific applications, such as logistics or ticketing. However, there are multiple competing standards with different benefits and drawbacks. Therefore, reader applications as well as dedicated devices have to support multiple standards. In this paper, we present novel attacks based on deliberately caused ambiguities when especially crafted barcodes conform to multiple standards. Implementation details decide which standard the decoder locks on. This way, two users scanning the same barcode with different phones or apps will receive different content. This potentially opens way for multiple problems related to security. We describe how embedding one barcode symbology into another can be used to perform phishing attacks as well as targeted exploits. In addition, we evaluate the extent to which popular 2D barcode reader applications on smartphones are susceptible to these barcode-in-barcode attacks. We furthermore discuss mitigation techniques against this type of attack.
* **Breaches**
* [Alexsey’s TTPs](https://medium.com/@chrismcnab/alexseys-ttps-1204d9050551#.y2krgov7t)
* Short writeup on large breaches(Short: Shit ain't secure.)
*
Code Search Engines
* [symbolhound](http://symbolhound.com/)
* SymbolHound is a search engine that doesn't ignore special characters. This means you can easily search for symbols like &, %, and π. We hope SymbolHound will help programmers-------- find information about their chosen languages and frameworks more easily.
* [grokbit](https://grokbit.com/)
* Code search engine
Crypto
* [RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis](http://www.tau.ac.il/~tromer/acoustic/)
* Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.
* [Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks On PCs](http://www.tau.ac.il/~tromer/handsoff/)
* We demonstrated physical side-channel attacks on a popular software implementation of RSA and ElGamal, running on laptop computers. Our attacks use novel side channels and are based on the observation that the "ground" electric potential in many computers fluctuates in a computation-dependent way. An attacker can measure this signal by touching exposed metal on the computer's chassis with a plain wire, or even with a bare hand. The signal can also be measured at the remote end of Ethernet, VGA or USB cables. Through suitable cryptanalysis and signal processing, we have extracted 4096-bit RSA keys and 3072-bit ElGamal keys from laptops, via each of these channels, as well as via power analysis and electromagnetic probing. Despite the GHz-scale clock rate of the laptops and numerous noise sources, the full attacks require a few seconds of measurements using Medium Frequency signals (around 2 MHz), or one hour using Low Frequency signals (up to 40 kHz).
Databases
* [NIST National Vulnerability Database](https://nvd.nist.gov/ncp/repository)
* [List of disposable email domains](https://github.com/martenson/disposable-email-domains)
Educational
* [Underhanded C contest](http://underhanded-c.org/)
* [DIY Nukeproofing: A New Dig at “Data-Mining”](https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-3alarmlampscooter-DIY-Nukeproofing.pdf)
General Computation
* [Introduction to Resource Oriented Computing - Whitepaper](http://resources.1060research.com/docs/IntroductionToResourceOrientedComputing-1.pdf)
* [Detecting Automation of Twitter Accounts: Are You a Human, Bot, or Cyborg](http://www.cs.wm.edu/~hnw/paper/tdsc12b.pdf)
* [A Tale of Two Kernels: Towards Ending Kernel Hardening Wars with Split Kernel](http://split.kernel.build/papers/ccs14.pdf)
* Abstract: Software security practitioners are often torn between choosing per- formance or security. In particular, OS kernels are sensitive to the smallest performance regressions. This makes it difficult to develop innovative kernel hardening mechanisms: they may inevitably incur some run-time performance overhead. Here, we propose building each kernel function with and without hardening, within a single split kernel . In particular, this allows trusted processes to be run under unmodified kernel code, while system calls of untrusted pro- cesses are directed to the hardened kernel code. We show such trusted processes run with no overhead when compared to an un- modified kernel. This allows deferring the decision of making use of hardening to the run-time. This means kernel distributors, system administrators and users can selectively enable hardening accord- ing to their needs: we give examples of such cases. Although this approach cannot be directly applied to arbitrary kernel hardening mechanisms, we show cases where it can. Finally, our implementa- tion in the Linux kernel requires few changes to the kernel sources and no application source changes. Thus, it is both maintainable and easy to use
* [The Eavesdropper’s Dillemma](http://www.crypto.com/papers/internet-tap.pdf)
* [Mov is turing ocmplete](http://www.cl.cam.ac.uk/~sd601/papers/mov.pdf)
* [Towards Optimization-Safe Systems: Analyzing the Impact of Undefined Behavior](http://pdos.csail.mit.edu/~xi/papers/stack-sosp13.pdf)
* This paper studies an emerging class of software bugs called optimization-unstable code: code that is unexpectedly discarded by compiler optimizations due to undefined behavior in the program. Unstable code is present in many systems, including the Linux kernel and the Postgres database. The consequences of unstable code range from incorrect functionality to missing security checks. To reason about unstable code, this paper proposes a novel model, which views unstable code in terms of optimizations that leverage undefined behavior. Using this model, we introduce a new static checker called Stack that precisely identifies unstable code. Applying Stack to widely used systems has uncovered 160 new bugs that have been confirmed and fixed by developers
* [Annoyances Caused by Unsafe Assumptions](http://uninformed.org/?v=all&a=5&t=sumry)
* This installation of What Were They Thinking illustrates some of the annoyances that can be caused when developing software that has to inter-operate with third-party applications. Two such cases will be dissected and discussed in detail for the purpose of showing how third-party applications can fail when used in conjunction with software that performs certain tasks. The analysis of the two cases is meant to show how complex failure conditions can be analyzed and used to determine inter-operability problems.
* [Reflections on Trusting Trust](https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf)
* [Ceremony Design and Analysis](http://eprint.iacr.org/2007/399.pdf)
* Abstract: The concept of Ceremony is introduced as an extension of the concept of network protocol, with human nodes alongside computer nodes and with communication links that include UI, human-to-human communication and transfers of physical objects that carry data. What is out-of-band to a protocol is in-band to a ceremony, and therefore subject to design and analysis using variants of the same mature techniques used for the design and analysis of protocols. Ceremonies include all protocols, as well as all applications with a user interface, all workflow and all provisioning scenarios. A secure ceremony is secure against both normal attacks and social engineering. However, some secure protocols imply ceremonies that cannot be made secure.
Informational
* [Manuals Library](https://www.manualslib.com/)
* [IA Guidance - NSA](https://www.iad.gov/iad/library/ia-guidance/index.cfm)
* [Structured Text Tools](https://github.com/dbohdan/structured-text-tools)
* A list of command line tools for manipulating structured text data
* [What happens when…](https://github.com/alex/what-happens-when)
* An attempt to answer the age old interview question "What happens when you type google.com into your browser and press enter?"
* [Shakespeare in the Bush An American anthropologist set out to study the Tiv of West Africa and was taught the true meaning of Hamlet.](http://www.naturalhistorymag.com/picks-from-the-past/12476/shakespeare-in-the-bush)
* [China’s Great Cannon](https://citizenlab.org/2015/04/chinas-great-cannon/)
* This post describes our analysis of China’s “Great Cannon,” our term for an attack tool that we identify as separate from, but co-located with, the Great Firewall of China. The first known usage of the Great Cannon is in the recent large-scale novel DDoS attack on both GitHub and servers used by GreatFire.org.
Informational(non-serious-kinda)
* [Encyclopedia of things considered harmful](http://harmful.cat-v.org/)
* [“Considered Harmful” Essays Considered Harmful](http://meyerweb.com/eric/comment/chech.html)
Internet
* [chipmachine](https://github.com/sasq64/chipmachine)
* [Wars Within](http://uninformed.org/?v=all&a=26&t=sumry)
* In this paper I will uncover the information exchange of what may be classified as one of the highest money making schemes coordinated by 'organized crime'. I will elaborate on information gathered from a third party individual directly involved in all aspects of the scheme at play. I will provide a detailed explanation of this market's origin, followed by a brief description of some of the actions strategically performed by these individuals in order to ensure their success. Finally, I will elaborate on real world examples of how a single person can be labeled a spammer, malware author, cracker, and an entrepreneur gone thief. For the purposes of avoiding any legal matters, and unwanted media, I will refrain from mentioning the names of any individuals and corporations who are involved in the schemes described in this paper.
* [Seven Months’ Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse](https://lirias.kuleuven.be/bitstream/123456789/471369/3/typos-final.pdf)
* Abstract: Typosquatting is the act of purposefully registering a domain name that is a mistype of a popular domain name. It is a concept that has been known and studied for over 15 years, yet still thoroughly practiced up until this day. While previous typosquatting studies have always taken a snapshot of the typosquatting landscape or base their longitudinal results only on domain registration data, we present the first content- based , longitudinal study of typosquatting. We collected data about the typosquatting domains of the 500 most popular sites of the Internet every day, for a period of seven months, and we use this data to establish whether previously discovered typosquatting trends still hold today, and to provide new results and insights in the typosquatting landscape. In particular we reveal that, even though 95% of the popular domains we investigated are actively targeted by typosquatters, only few trademark owners protect themselves against this practice by proactively registering their own typosquatting domains. We take advantage of the longitudinal aspect of our study to show, among other results, that typosquatting domains change hands from typosquatters to legitimate owners and vice versa, and that typosquatters vary their monetization strategy by hosting different types of pages over time. Our study also reveals that a large fraction of typosquatting domains can be traced back to a small group of typosquatting page hosters and that certain top-level domains are much more prone to typosquatting than others
News
* [U.S. Department of Health and Human Services Office for Civil Rights Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information](https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf)
* [Medical Device Law: Compliance Issues, Best Practices and Trends - American Bar Association](https://www.americanbar.org/content/dam/aba/events/cle/2015/10/ce1510mdm/ce1510mdm_interactive.authcheckdam.pdf)
* [LeakedSource.ru](https://leakedsource.ru/)
Programs
* [No More Secrets](https://github.com/bartobri/no-more-secrets/blob/master/README.md)
* This project provides a command line tool called nms that recreates the famous data decryption effect seen on screen in the 1992 hacker movie Sneakers. For reference, you can see this effect at 0:35 in this movie clip.
Political
* [Drone Survival Guide](http://dronesurvivalguide.org)
* [They clapped](http://www.econlib.org/library/Columns/y2007/Mungergouging.html)
* [NSA's Legal Authorities](http://electrospaces.blogspot.com/2015/09/nsas-legal-authorities.html)
Random
* [what3words](https://what3words.com/about/)
* **Code Search Engines**
* [symbolhound](http://symbolhound.com/)
* SymbolHound is a search engine that doesn't ignore special characters. This means you can easily search for symbols like &, %, and π. We hope SymbolHound will help programmers-------- find information about their chosen languages and frameworks more easily.
* [grokbit](https://grokbit.com/)
* Code search engine
* **Crypto**
* [RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis](http://www.tau.ac.il/~tromer/acoustic/)
* Here, we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA. The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away.
* [Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks On PCs](http://www.tau.ac.il/~tromer/handsoff/)
* We demonstrated physical side-channel attacks on a popular software implementation of RSA and ElGamal, running on laptop computers. Our attacks use novel side channels and are based on the observation that the "ground" electric potential in many computers fluctuates in a computation-dependent way. An attacker can measure this signal by touching exposed metal on the computer's chassis with a plain wire, or even with a bare hand. The signal can also be measured at the remote end of Ethernet, VGA or USB cables. Through suitable cryptanalysis and signal processing, we have extracted 4096-bit RSA keys and 3072-bit ElGamal keys from laptops, via each of these channels, as well as via power analysis and electromagnetic probing. Despite the GHz-scale clock rate of the laptops and numerous noise sources, the full attacks require a few seconds of measurements using Medium Frequency signals (around 2 MHz), or one hour using Low Frequency signals (up to 40 kHz).
* **Databases**
* [NIST National Vulnerability Database](https://nvd.nist.gov/ncp/repository)
* [List of disposable email domains](https://github.com/martenson/disposable-email-domains)
* **Educational**
* [Underhanded C contest](http://underhanded-c.org/)
* [DIY Nukeproofing: A New Dig at “Data-Mining”](https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-3alarmlampscooter-DIY-Nukeproofing.pdf)
* **General Computation**
* [Introduction to Resource Oriented Computing - Whitepaper](http://resources.1060research.com/docs/IntroductionToResourceOrientedComputing-1.pdf)
* [Detecting Automation of Twitter Accounts: Are You a Human, Bot, or Cyborg](http://www.cs.wm.edu/~hnw/paper/tdsc12b.pdf)
* [A Tale of Two Kernels: Towards Ending Kernel Hardening Wars with Split Kernel](http://split.kernel.build/papers/ccs14.pdf)
* Abstract: Software security practitioners are often torn between choosing per- formance or security. In particular, OS kernels are sensitive to the smallest performance regressions. This makes it difficult to develop innovative kernel hardening mechanisms: they may inevitably incur some run-time performance overhead. Here, we propose building each kernel function with and without hardening, within a single split kernel . In particular, this allows trusted processes to be run under unmodified kernel code, while system calls of untrusted pro- cesses are directed to the hardened kernel code. We show such trusted processes run with no overhead when compared to an un- modified kernel. This allows deferring the decision of making use of hardening to the run-time. This means kernel distributors, system administrators and users can selectively enable hardening accord- ing to their needs: we give examples of such cases. Although this approach cannot be directly applied to arbitrary kernel hardening mechanisms, we show cases where it can. Finally, our implementa- tion in the Linux kernel requires few changes to the kernel sources and no application source changes. Thus, it is both maintainable and easy to use
* [The Eavesdropper’s Dillemma](http://www.crypto.com/papers/internet-tap.pdf)
* [Mov is turing ocmplete](http://www.cl.cam.ac.uk/~sd601/papers/mov.pdf)
* [Towards Optimization-Safe Systems: Analyzing the Impact of Undefined Behavior](http://pdos.csail.mit.edu/~xi/papers/stack-sosp13.pdf)
* This paper studies an emerging class of software bugs called optimization-unstable code: code that is unexpectedly discarded by compiler optimizations due to undefined behavior in the program. Unstable code is present in many systems, including the Linux kernel and the Postgres database. The consequences of unstable code range from incorrect functionality to missing security checks. To reason about unstable code, this paper proposes a novel model, which views unstable code in terms of optimizations that leverage undefined behavior. Using this model, we introduce a new static checker called Stack that precisely identifies unstable code. Applying Stack to widely used systems has uncovered 160 new bugs that have been confirmed and fixed by developers
* [Annoyances Caused by Unsafe Assumptions](http://uninformed.org/?v=all&a=5&t=sumry)
* This installation of What Were They Thinking illustrates some of the annoyances that can be caused when developing software that has to inter-operate with third-party applications. Two such cases will be dissected and discussed in detail for the purpose of showing how third-party applications can fail when used in conjunction with software that performs certain tasks. The analysis of the two cases is meant to show how complex failure conditions can be analyzed and used to determine inter-operability problems.
* [Reflections on Trusting Trust](https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf)
* [Ceremony Design and Analysis](http://eprint.iacr.org/2007/399.pdf)
* Abstract: The concept of Ceremony is introduced as an extension of the concept of network protocol, with human nodes alongside computer nodes and with communication links that include UI, human-to-human communication and transfers of physical objects that carry data. What is out-of-band to a protocol is in-band to a ceremony, and therefore subject to design and analysis using variants of the same mature techniques used for the design and analysis of protocols. Ceremonies include all protocols, as well as all applications with a user interface, all workflow and all provisioning scenarios. A secure ceremony is secure against both normal attacks and social engineering. However, some secure protocols imply ceremonies that cannot be made secure.
* [Lightweight Virtualization on Microkernel-based Systems](https://os.inf.tu-dresden.de/papers_ps/liebergeld-diplom.pdf)
* **Informational**
* [List of Data Breaches - privacyrights.org](https://www.privacyrights.org/data-breaches)
* [Manuals Library](https://www.manualslib.com/)
* [IA Guidance - NSA](https://www.iad.gov/iad/library/ia-guidance/index.cfm)
* [Structured Text Tools](https://github.com/dbohdan/structured-text-tools)
* A list of command line tools for manipulating structured text data
* [What happens when…](https://github.com/alex/what-happens-when)
* An attempt to answer the age old interview question "What happens when you type google.com into your browser and press enter?"
* [Shakespeare in the Bush An American anthropologist set out to study the Tiv of West Africa and was taught the true meaning of Hamlet.](http://www.naturalhistorymag.com/picks-from-the-past/12476/shakespeare-in-the-bush)
* [China’s Great Cannon](https://citizenlab.org/2015/04/chinas-great-cannon/)
* This post describes our analysis of China’s “Great Cannon,” our term for an attack tool that we identify as separate from, but co-located with, the Great Firewall of China. The first known usage of the Great Cannon is in the recent large-scale novel DDoS attack on both GitHub and servers used by GreatFire.org.
* **Informational(non-serious-kinda)**
* [Encyclopedia of things considered harmful](http://harmful.cat-v.org/)
* [“Considered Harmful” Essays Considered Harmful](http://meyerweb.com/eric/comment/chech.html)
* **Internet**
* [chipmachine](https://github.com/sasq64/chipmachine)
* [Wars Within](http://uninformed.org/?v=all&a=26&t=sumry)
* In this paper I will uncover the information exchange of what may be classified as one of the highest money making schemes coordinated by 'organized crime'. I will elaborate on information gathered from a third party individual directly involved in all aspects of the scheme at play. I will provide a detailed explanation of this market's origin, followed by a brief description of some of the actions strategically performed by these individuals in order to ensure their success. Finally, I will elaborate on real world examples of how a single person can be labeled a spammer, malware author, cracker, and an entrepreneur gone thief. For the purposes of avoiding any legal matters, and unwanted media, I will refrain from mentioning the names of any individuals and corporations who are involved in the schemes described in this paper.
* [Seven Months’ Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse](https://lirias.kuleuven.be/bitstream/123456789/471369/3/typos-final.pdf)
* Abstract: Typosquatting is the act of purposefully registering a domain name that is a mistype of a popular domain name. It is a concept that has been known and studied for over 15 years, yet still thoroughly practiced up until this day. While previous typosquatting studies have always taken a snapshot of the typosquatting landscape or base their longitudinal results only on domain registration data, we present the first content- based , longitudinal study of typosquatting. We collected data about the typosquatting domains of the 500 most popular sites of the Internet every day, for a period of seven months, and we use this data to establish whether previously discovered typosquatting trends still hold today, and to provide new results and insights in the typosquatting landscape. In particular we reveal that, even though 95% of the popular domains we investigated are actively targeted by typosquatters, only few trademark owners protect themselves against this practice by proactively registering their own typosquatting domains. We take advantage of the longitudinal aspect of our study to show, among other results, that typosquatting domains change hands from typosquatters to legitimate owners and vice versa, and that typosquatters vary their monetization strategy by hosting different types of pages over time. Our study also reveals that a large fraction of typosquatting domains can be traced back to a small group of typosquatting page hosters and that certain top-level domains are much more prone to typosquatting than others
* **News**
* [U.S. Department of Health and Human Services Office for Civil Rights Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information](https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf)
* [Medical Device Law: Compliance Issues, Best Practices and Trends - American Bar Association](https://www.americanbar.org/content/dam/aba/events/cle/2015/10/ce1510mdm/ce1510mdm_interactive.authcheckdam.pdf)
* [LeakedSource.ru](https://leakedsource.ru/)
* **Programs**
* [No More Secrets](https://github.com/bartobri/no-more-secrets/blob/master/README.md)
* This project provides a command line tool called nms that recreates the famous data decryption effect seen on screen in the 1992 hacker movie Sneakers. For reference, you can see this effect at 0:35 in this movie clip.
* **Political**
* [Drone Survival Guide](http://dronesurvivalguide.org)
* [They clapped](http://www.econlib.org/library/Columns/y2007/Mungergouging.html)
* [NSA's Legal Authorities](http://electrospaces.blogspot.com/2015/09/nsas-legal-authorities.html)
* [What Colour are your bits?](http://ansuz.sooke.bc.ca/entry/23)
* [The NSL Archive](https://nslarchive.org/)
* Tracking who has disclosed NSLs, how many, and when.
* **Random**
* [what3words](https://what3words.com/about/)
* what3words provides a precise and incredibly simple way to talk about location. We have divided the world into a grid of 3m x 3m squares and assigned each one a unique 3 word address.
* **Side Channel Attacks**
* [A Practical Methodology for Measuring the Side-Channel Signal Available to the Attacker for Instruction-Level Event](http://users.ece.gatech.edu/~az30/Downloads/Micro14.pdf)
* Abstract: This paper presents a new metric, which we call Signal Available to Attacker (SAVAT), that measures the side channel signal created by a specific single-instruction difference in program execution, i.e. the amount of signal made available to a potential attacker who wishes to decide whether the program has executed instruction/event A or instruction/event B. We also devise a practical methodology for measuring SAVAT in real systems using only user-level access permissions and common measurement equipment. Finally, we perform a case study where we measure electromagnetic (EM) emanations SAVAT among 11 different instructions for three different laptop systems. Our findings from these experiments confirm key intuitive expectations, e.g. that SAVAT between on-chip instructions and off-chip memory accesses tends to be higher than between two on-chip instructions. However, we find that particular instructions, such as integer divide, have much higher SAVAT than other instructions in the same general category (integer arithmetic), and that last-level-cache hits and misses have similar (high) SAVAT. Overall, we confirm that our new metric and methodology can help discover the most vulnerable aspects of a processor architecture or a program, and thus inform decision-making about how to best manage the overall side channel vulnerability of a processor, a program, or a system.
* [Palinopsia - Is your VirtualBox reading your E-Mail? Reconstruction of FrameBuffers from VRAM](https://hsmr.cc/palinopsia/)
Side Channel Attacks
* [A Practical Methodology for Measuring the Side-Channel Signal Available to the Attacker for Instruction-Level Event](http://users.ece.gatech.edu/~az30/Downloads/Micro14.pdf)
* Abstract: This paper presents a new metric, which we call Signal Available to Attacker (SAVAT), that measures the side channel signal created by a specific single-instruction difference in program execution, i.e. the amount of signal made available to a potential attacker who wishes to decide whether the program has executed instruction/event A or instruction/event B. We also devise a practical methodology for measuring SAVAT in real systems using only user-level access permissions and common measurement equipment. Finally, we perform a case study where we measure electromagnetic (EM) emanations SAVAT among 11 different instructions for three different laptop systems. Our findings from these experiments confirm key intuitive expectations, e.g. that SAVAT between on-chip instructions and off-chip memory accesses tends to be higher than between two on-chip instructions. However, we find that particular instructions, such as integer divide, have much higher SAVAT than other instructions in the same general category (integer arithmetic), and that last-level-cache hits and misses have similar (high) SAVAT. Overall, we confirm that our new metric and methodology can help discover the most vulnerable aspects of a processor architecture or a program, and thus inform decision-making about how to best manage the overall side channel vulnerability of a processor, a program, or a system.
* [Palinopsia - Is your VirtualBox reading your E-Mail? Reconstruction of FrameBuffers from VRAM](https://hsmr.cc/palinopsia/)
Services
Timelines
* [Timeline/List of low-level attacks/persistence techniques. HIGHLY RECOMMENDED!](http://timeglider.com/timeline/5ca2daa6078caaf4)
* [Timeline of Software/Timing Attestation papers](http://timeglider.com/timeline/be11d685a7c4374d)
* [Internet Timeline](https://www.zakon.org/robert/internet/timeline/)
* **Timelines**
* [Timeline/List of low-level attacks/persistence techniques. HIGHLY RECOMMENDED!](http://timeglider.com/timeline/5ca2daa6078caaf4)
* [Timeline of Software/Timing Attestation papers](http://timeglider.com/timeline/be11d685a7c4374d)
* [Internet Timeline](https://www.zakon.org/robert/internet/timeline/)
--------
##### Regex for credit cards
@ -225,266 +214,227 @@ Timelines
-------------
### <a name="talks"></a>Interesting Talks/Videos
* [You and Your Research - Haroon Meer](https://www.youtube.com/watch?v=JoVx_-bM8Tg)
* What does it take to do quality research? What stops you from being a one-hit wonder? Is there an age limit to productive hackery? What are the key ingredients needed and how can you up your chances of doing great work? In a talk unabashedly stolen from far greater minds we hope to answer these questions and discuss their repercussions.
* [Bootstrapping A Security Research Project Andrew Hay](https://www.youtube.com/watch?v=gNU2J-IcK4E)
* It has become increasingly common to see a headline in the mainstream media talking about the latest car, television, or other IoT device being hacked (hopefully by a researcher). In each report, blog, or presentation, we learn about the alarming lack of security and privacy associated with the device's hardware, communications mechanisms, software/app, and hosting infrastructure in addition to how easy it might be for an attacker to take advantage of one, or multiple, threat vectors. The truth is, anyone can perform this kind of research if given the right guidance. To many security professionals, however, the act of researching something isn,t the problem...it's what to research, how to start, and when to stop. Academics think nothing of researching something until they feel it's "done" (or their funding/tenure runs out). Security professionals, however, often do not have that luxury. This session will discuss how to research, well, ANYTHING. Proven methods for starting, continuing, ending, leading, and collaborating on reproducible research will be discussed - taking into account real-world constraints such as time, money, and a personal life. We will also discuss how to generate data, design your experiments, analyze your results, and present (and in some cases defend) your research to the public.
* [A talk about (info-sec) talks - Haroon Meer ](https://www.youtube.com/watch?v=BlVjdUkrSFY)
* Last year there was an Information Security conference taking place for almost every day of the year. This translates to about 15 information security talks per day, every day. The question is, is this a bad thing? Even niche areas of the info-sec landscape have their own dedicated conference these days. Is this a good thing?
* [Take Charge of Your Infosec Career! - Glen Roberts - BSidesSLC2015](https://www.youtube.com/watch?v=QqlnB2FeODo)
* You spent $5,000, a plane trip, a hotel and a full workweek on your last infosec course but when was the last time you invested even just a few hours of your time exclusively to developing your infosec career in a truly meaningful way? This talk will challenge the way you view your career and give you actionable steps for taking charge of it so you can optimize the rewards and fulfillment you receive from your work. Glen will leverage the stories and best practices from dozens of information security professionals to help inspire your infosec career journey. This presentation will be engaging and speak to the soul in a way that instills ownership of your own career and generates a passion for finding and carving out your own authentic career path.
* [Con Video Rig Enhancements - IronGeek & SkyDog](https://www.youtube.com/watch?v=BVCFAqLxdtY)
Attacking/PenTester/RedTeam
* [I Will Kill You - Chris Rock](https://www.youtube.com/watch?feature=youtu.be&v=9FdHq3WfJgs&t=77&app=desktop)
* Have you ever wanted to kill someone? Do you want to get rid of your partner, your boss or your arch nemesis? Perhaps you want to enjoy your life insurance payout whilst you’re still alive. Do you have rich elderly parents that just won’t die quick enough? Or do you want a “Do Over” new identity. Then, this presentation is for you! I’ll provide you with the insight and techniques on how to “kill” someone and obtain a real death certificate and shutdown their lives. It focuses on the lack of security controls that allow any of us to virtually kill off anyone or any number of people. Forget the Dexter way of killing someone, I’ll show you how to avoid the messy clean up and focusing in on the digital aspects. You could be dead right now and not even know it.
* **Interesting Talks**
* [You and Your Research - Haroon Meer](https://www.youtube.com/watch?v=JoVx_-bM8Tg)
* What does it take to do quality research? What stops you from being a one-hit wonder? Is there an age limit to productive hackery? What are the key ingredients needed and how can you up your chances of doing great work? In a talk unabashedly stolen from far greater minds we hope to answer these questions and discuss their repercussions.
* [Bootstrapping A Security Research Project Andrew Hay](https://www.youtube.com/watch?v=gNU2J-IcK4E)
* It has become increasingly common to see a headline in the mainstream media talking about the latest car, television, or other IoT device being hacked (hopefully by a researcher). In each report, blog, or presentation, we learn about the alarming lack of security and privacy associated with the device's hardware, communications mechanisms, software/app, and hosting infrastructure in addition to how easy it might be for an attacker to take advantage of one, or multiple, threat vectors. The truth is, anyone can perform this kind of research if given the right guidance. To many security professionals, however, the act of researching something isn,t the problem...it's what to research, how to start, and when to stop. Academics think nothing of researching something until they feel it's "done" (or their funding/tenure runs out). Security professionals, however, often do not have that luxury. This session will discuss how to research, well, ANYTHING. Proven methods for starting, continuing, ending, leading, and collaborating on reproducible research will be discussed - taking into account real-world constraints such as time, money, and a personal life. We will also discuss how to generate data, design your experiments, analyze your results, and present (and in some cases defend) your research to the public.
* [A talk about (info-sec) talks - Haroon Meer ](https://www.youtube.com/watch?v=BlVjdUkrSFY)
* Last year there was an Information Security conference taking place for almost every day of the year. This translates to about 15 information security talks per day, every day. The question is, is this a bad thing? Even niche areas of the info-sec landscape have their own dedicated conference these days. Is this a good thing?
* [Take Charge of Your Infosec Career! - Glen Roberts - BSidesSLC2015](https://www.youtube.com/watch?v=QqlnB2FeODo)
* You spent $5,000, a plane trip, a hotel and a full workweek on your last infosec course but when was the last time you invested even just a few hours of your time exclusively to developing your infosec career in a truly meaningful way? This talk will challenge the way you view your career and give you actionable steps for taking charge of it so you can optimize the rewards and fulfillment you receive from your work. Glen will leverage the stories and best practices from dozens of information security professionals to help inspire your infosec career journey. This presentation will be engaging and speak to the soul in a way that instills ownership of your own career and generates a passion for finding and carving out your own authentic career path.
* [Con Video Rig Enhancements - IronGeek & SkyDog](https://www.youtube.com/watch?v=BVCFAqLxdtY)
* **Attacking/PenTester/RedTeam**
* [I Will Kill You - Chris Rock](https://www.youtube.com/watch?feature=youtu.be&v=9FdHq3WfJgs&t=77&app=desktop)
* Have you ever wanted to kill someone? Do you want to get rid of your partner, your boss or your arch nemesis? Perhaps you want to enjoy your life insurance payout whilst you’re still alive. Do you have rich elderly parents that just won’t die quick enough? Or do you want a “Do Over” new identity. Then, this presentation is for you! I’ll provide you with the insight and techniques on how to “kill” someone and obtain a real death certificate and shutdown their lives. It focuses on the lack of security controls that allow any of us to virtually kill off anyone or any number of people. Forget the Dexter way of killing someone, I’ll show you how to avoid the messy clean up and focusing in on the digital aspects. You could be dead right now and not even know it.
* [Kim Jong-il and Me: How to Build a Cyber Army to Defeat the U.S. - Charlie MIller](https://www.youtube.com/watch?v=4up0yTGlpaU)
* [Evaluating the APT Armor - Matthias Luft, Felix Wilhelm](https://www.youtube.com/watch?v=3vh2s9Pui0E)
* [How to Hack All the Transport Networks of a Country - Defcon20](https://www.youtube.com/watch?v=D6KEhdHFc9I)
* [How to safely conduct shenanigans EvilMog Renderman - Derbycon7](https://www.youtube.com/watch?v=Ca0DA9Dq1IA&index=61&list=PLNhlcxQZJSm-PKUZTYe1C94ymf0omysM3)
* [If it fits - it sniffs: Adventures in WarShipping](http://www.irongeek.com/i.php?page=videos/derbycon4/t104-if-it-fits-it-sniffs-adventures-in-warshipping-larry-pesce)
Educational
* [Con Video Rig Enhancements - IronGeek & SkyDog](https://www.youtube.com/watch?v=BVCFAqLxdtY)
* [How to Become an InfoSec Autodidact - Kelly Shortridge - Duo Tech Talk](https://www.youtube.com/watch?v=h92vmwg9Tyc)
* [Volatile Memory: Behavioral Game Theory in Defensive Security](https://www.slideshare.net/kshortridge/volatile-memory-behavioral-game-theory-in-defensive-security)
* [The Art of Explanation: Behavioral Models of InfoSec - Kelly Shortridge](https://www.youtube.com/embed/UdZDlt2dlqM?)
* [301 The Road to Hiring is Paved in Good Intentions Tim OBrien](https://www.youtube.com/watch?v=sdkf8SIj1rU)
* [Ermahgerd: Lawrs - Robert Heverly - Anycon17](http://www.irongeek.com/i.php?page=videos/anycon2017/305-ermahgerd-lawrs-prof-robert-heverly)
* When do you, and other coders, hackers, developers, and tinkerers, think or worry about the law? If your answer is, ?Not very often,? then this talk is for you. We all need to think about the law. And it's not just privacy, or computer fraud, or even anti-circumvention law, that we should think about. We need to think about law as a whole and how it can help us do or stop us from doing what we want to do. This talk will start with a broad overview of the ways in which we implicate law when we do what we do, and then will focus on what that means for us and the broader implications that can arise from our various activities. Do you think the law would stop you from doing what you want to do or punish you for doing it? It might, but it also might not. If you think it does, do you think you should be able to do what you want to do? If you do, then we need to hack the law, and to do that we?ll need to talk to the legal coders, those writers of our cultural software. This talk will tackle not only law and working with code, but also why it matters for us to be aware of the law and engaged in improving it.
* [The Impact of Dark Knowledge and Secrets on Security and Intelligence Professionals - Richard Thieme](https://www.youtube.com/watch?v=0MzcPBAj88A&list=PLuUtcRxSUZUpv2An-RNhjuZSJ5fjY7ghe)
* Dismissing or laughing off concerns about what it does to a person to know critical secrets does not lessen the impact on life, work, and relationships of building a different map of reality than “normal people” use. One has to calibrate narratives to what another believes. One has to live defensively, warily. This causes at the least cognitive dissonance which some manage by denial. But refusing to feel the pain does not make it go away. It just intensifies the consequences when they erupt. Philip K. Dick said, reality is that which, when you no longer believe in it, does not go away. When cognitive dissonance evolves into symptoms of traumatic stress, one ignores those symptoms at one’s peril. But the very constraints of one’s work often make it impossible to speak aloud about those symptoms, because that might threaten one’s clearances, work, and career. And whistle blower protection is often non-existent.
* [Weapons of Mass Distraction](http://conference.hitb.org/hitbsecconf2014kul/materials/D2T1%20-%20Haroon%20Meer%20Azhar%20Desai%20and%20Marco%20Slaviero%20-%20Weapons%20of%20Mass%20Distraction.pdf)
* In this talk, we aim to briefly cover the background of sock puppets (and related attacks) before moving on to real world demonstrations & “attacks“. Rigging polls, abusing Twitter, causing Reddit riots & targeting popular news organisations are some of the (many) attacks covered. In all these cases we discuss what we tried, what worked, what didn’t and what the implications are of the attacks. Where possible we will cover defences and solutions.
* [Youre stealing it wrong 30 years of inter pirate battles - Jason Scott - Defcon 18](https://www.youtube.com/watch?v=a5AceLYWE1Q&app=desktop)
* [[TROOPERS15] Andreas Lindh - Defender Economics](https://www.youtube.com/watch?v=mAP38Xy52X0)
Genuinely Interesting/Unusual
* [Achilles Heel of the American Banking System](http://www.irongeek.com/i.php?page=videos/derbycon4/the-achilles-heel-of-the-banking-system)
* [You're Leaking Trade Secrets - Defcon22 Michael Schrenk](https://www.youtube.com/watch?v=JTd5TL6_zgY)
* Networks don't need to be hacked for information to be compromised. This is particularly true for organizations that are trying to keep trade secrets. While we hear a lot about personal privacy, little is said in regard to organizational privacy. Organizations, in fact, leak information at a much greater rate than individuals, and usually do so with little fanfare. There are greater consequences for organizations when information is leaked because the secrets often fall into the hands of competitors. This talk uses a variety of real world examples to show how trade secrets are leaked online, and how organizational privacy is compromised by seemingly innocent use of The Internet.
* [Exploiting Network Surveillance Cameras Like a Hollywood Hacker - Black Hat 2013](https://www.youtube.com/watch?v=B8DjTcANBx0)
* [Paypals War on Terror - Chaos Communication Congress 31](http://ccc2.mirror.xt0.org/congress/2014/webm-hd/31c3-6377-en-de-Paypals_War_on_Terror_webm-hd.webm)
* [CompSci in the DPRK](http://us2.1und1.c3voc.de/congress/2014/webm-hd/31c3-6253-en-de-Computer_Science_in_the_DPRK_webm-hd.webm)
* [Disrupting an Adware-serving Skype Botnet](http://phishme.com/disrupting-an-adware-serving-skype-botnet/)
* Not crazy technical or anything, moreso an interesting tale that shows one person with a little bit of skill can disrupt malvertising campaigns with a little legwork.
* [Software Supply Chains and the Illusion of Control - Derek Weeks](http://www.irongeek.com/i.php?page=videos/bsidesnova2017/107-software-supply-chains-and-the-illusion-of-control-derek-weeks)
* In this presentation I am sharing the results of a three-year, industry-wide study on open source development and security practices across 3,000 organizations and 25,000. I will detail how these organizations are employing a vast community of open source component suppliers, warehouses, and development tools that take the form of software supply chains. Modern software development practices are now consuming BILLIONS of open source and third-party components. The tooling with package managers and build tools such as Maven, Gradle, npm, NuGet, RubyGems and others has promoted the usage of components to a convenient standard practice. As a result, 90% of a typical application is now composed of open source components. The good news: use of the components is improving developer productivity and accelerating time to market. However, using these components brings ownership and responsibility with it and this fact is largely overlooked. The unspoken truth: not all parts are created equal. For example, 1 in 16 components in use include known security vulnerabilities. Ugh. This session aims to enlighten development professionals by sharing results from the State of the Software Supply Chain reports from 2015 through 2017. The reports blend of public and proprietary data with expert research and analysis. Attendees in this session will learn: - What our analysis of 25,000 applications reveals about the quality and security of software built with open source components - How organizations like Mayo Clinic, Exxon, Capital One, the U.S. FDA and Intuit are utilizing the principles of software supply chain automation to improve application security - Why avoiding open source components over 3 years old might be a really good idea - How to balance the need for speed with quality and security -- early in the development lifecycle We will also discuss how you can best approach the effort for development teams to identify, track and replace components with known vulnerabilities, while getting more products and new features to market quickly. Attend this session and gain insight as to how your organization’s application development practices compare to others. I'll share the industry benchmarks to take back and discuss with your development, security, and open source governance teams.
* [Hacks, Lies, & Nation States - Mario DiNatale - ANYCON 2017](http://www.irongeek.com/i.php?page=videos/anycon2017/303-hacks-lies-nation-states-mario-dinatale)
* A hilarious and non-technical skewering of the current state of Cybersecurity, the Cybersecurity
* [Money Makes Money: How To Buy An ATM And What You Can Do With It by Leigh Ann Galloway - BSides Manchester2017](https://www.youtube.com/watch?v=0HbLQAGS6no&index=8&list=PLcgqQkap1lNrOBNCXqpPqpPAqckxv0XhP)
* [(In)Outsider Trading – Hacking stocks using public information and (influence) - Robert Len - BSides CapeTown16](https://www.youtube.com/watch?v=sfHeguTEkuE)
* This talk will take a look at how inadvertently leaked technical information from businesses, can be used to successfully trade stocks. This results in making huge profits. We look at different methods of influencing the stock market, such as DDOS attacks (at critical time periods) and simple techniques such as Phish-baiting CEO’s to acquire sensitive, relevant information that can be applied in the real world to make massive gains in profit. We will also take a look at historic trends. How previous hacks, breaches and DDOS attacks have affected stock prices and investor confidence over time. Specific reference will be made towards listed South African companies (Or a particular listed SA company) and a POC will hopefully be completed by the presentation date.
* [Pwning pwners like a n00b](https://www.youtube.com/watch?v=E8O8bB3I3i0)
* Cybercrime, blackhat hackers and some Ukrainians. If that doesn’t catch your attention, then stop reading. Follow the story of how stupid mistakes, OPSEC fails, and someone with a little too much time on his hands was able to completely dismantle a spamming and webshell enterprise using really simple skills and techniques you could pick up in a week. Did we mention that d0x were had as well? This talk will be an in-depth examination at the investigation and exploitation process involved.
* [Human Trafficking in the Digital Age](https://www.irongeek.com/i.php?page=videos/derbycon4/t516-human-trafficking-in-the-digital-age-chris-jenks)
Insider Threats
* [Combating the Insider Threat at the FBI: Real World Lessons Learned - BlackHat2013](https://www.youtube.com/watch?v=0stTS-G5FsE)
Policy
* [Just What The Doctor Ordered? - Scott Erven and Shawn Merdinger - DEF CON 22](https://www.youtube.com/watch?v=wTEMSBXtkAc)
* This discussion will also highlight the fallout from security standards not being a requirement for medical device manufacturers, and our experience in identifying and reporting vulnerabilities. We will provide our insight into what needs to be done for healthcare organizations to respond to the new threat of cyber-attack against medical devices. We are working towards a future where cyber security issues in medical devices are a thing of the past. We will discuss the recent success and traction we have gained with healthcare organizations, federal agencies and device manufacturers in addressing these security issues. The train is now moving, so please join us to find out how you can get involved and make a difference by ensuring patient safety.
* [Psychology of Security - Stefan Schumacher - Trooper14](https://www.youtube.com/watch?v=vZKAi4RAIvA)
* In this talk I will introduce the Institute’s research programme about the Psychology of Security. We are going to research the psychological basics of IT security, including: How do people experience IT security? How are they motivated? How do they learn? Why do people tend to make the same mistakes again and again (Buffer Overflow, anyone?)? What can we do to prevent security incidents? Which curricula should be taught about IT security?
* [Killing you softly Josh Bressers](http://www.irongeek.com/i.php?page=videos/circlecitycon2016/302-killing-you-softly-josh-bressers)
* The entire security industry has a serious skill problem. We,re technically able, but we have no soft skills. We can,t talk to normal people at all. We can barely even talk to each other, and it's killing our industry. Every successful industry relies on the transfer of skills from the experienced to the inexperienced. Security lacks this today. If I asked you how you learned what you know about security, what would your answer be? In most cases you learned everything you know on your own. There was minimal learning from someone else. This has left us with an industry full of magicians, but even worse it puts us in a place where there is no way to transfer skill and knowledge from one generation to the next. Magicians don,t scale. If we think about this in the context of how we engage non security people it's even worse! Most non security people have no idea what security is, what security does, or even why security is important. It's easy to laugh at the horrible security problems almost everything has today, but in reality we,re laughing at ourselves. Historically we,ve blamed everything else for this problem when in reality it's 100% our fault. One of the our great weaknesses is failing to get the regular people to understand security and why it's important. This isn,t a surprise if you think about how the industry communicates. We can barely talk to each other, how can we possibly talk to someone who doesn,t know anything about security? Normal people are confused and scared, they want to do the right thing but they have no idea what that is. The future leaders in security are going to have to be able to teach and talk to their security peers, but more importantly they will have to engage everyone else. Security is being paid attention to like never before, and yet we have nothing to say to anyone. What has changed in the last few years? If we don,t do our jobs, someone else will do them for us, and we,re not going to like the results. Security isn,t a technical problem, technical problems are easy, security is a communication problem. Communications problems are difficult. Let's figure out how we can fix that.
* [Bridging the Air Gap: Cross Domain Solutions - Patrick Orzechowski](https://www.irongeek.com/i.php?page=videos/bsideslasvegas2014/pg08-bridging-the-air-gap-cross-domain-solutions-patrick-orzechowski)
* For years the government has been using CDS to bridge networks with different classification levels. This talk will focus on what CDS systems are, how they’re built, and what kind of configurations are common in the wild. Furthermore, we’ll look at testing techniques to evaluate the security of these systems and potential ways to exploit holes in configuration and design. We’ll also look at the ways the commercial world might benefit from a data and type-driven firewall as well as some of the downfalls and negative aspects of implementing a cross-domain system.
Political
* [Coming War on General Computation](https://www.youtube.com/watch?v=HUEvRyemKSg)
* [Kinetic to Digital Terrorism in the Digital Age Kyle Wilhoit](https://www.youtube.com/watch?v=IsaUuCrjXu4&index=24&list=PLNhlcxQZJSm-PKUZTYe1C94ymf0omysM3)
* [Beyond Information Warfare: You aint seen nothing yet - Winn Scwartau](http://www.irongeek.com/i.php?page=videos/derbycon3/2206-beyond-information-warfare-you-ain-t-seen-nothing-yet-winn-schwartau)
* [When the Cops Come A-Knocking: Handling Technical Assistance Demands from Law Enforcement](https://www.youtube.com/watch?v=PX2RjJAfTYg)
* [New cache architecture on Intel I9 and Skylake server: An initial assessment](https://cyber.wtf/2017/07/18/new-cache-architecture-on-intel-i9-and-skylake-server-an-initial-assessment/)
* [How They Did It: An Analysis of Emission Defeat Devices in Modern Automobiles](https://www.ieee-security.org/TC/SP2017/papers/101.pdf)
Misc/Didn't Fit above
* [NSA USB Playset - ShmooCon201](https://www.youtube.com/watch?v=eTDBFpLYcGA)
* [Code Execution In Spite Of BitLocker](https://cryptoservices.github.io/fde/2014/12/08/code-execution-in-spite-of-bitlocker.html)
* [Locking Your Registry Keys for Fun and, Well, Just Fun I Guess](https://tyranidslair.blogspot.co.uk/2017/07/locking-your-registry-keys-for-fun-and.html)
* [If a prefix DROPs, does anyone listen?](http://threatshare.com/2013/05/if-a-prefix-drops-does-anyone-listen/)
* [Exploiting Android Users for Fun and Profit](http://www.codeword.xyz/2015/08/09/exploiting-android-users-for-fun-and-profit/)
* [Docker: Not Even a Linker](http://adamierymenko.com/docker-not-even-a-linker/)
* [Why Qubes doesn’t work on Windows.](http://www.invisiblethingslab.com/resources/2014/A%20crack%20on%20the%20glass.pdf)
* [A Practical Attack to De-Anonymize Social Network Users](https://www.iseclab.org/papers/sonda-TR.pdf)
* [Virtual Ghost: Protecting Applications from Hostile Operating Systems](http://sva.cs.illinois.edu/pubs/VirtualGhost-ASPLOS-2014.pdf)
* [moflow](https://github.com/vrtadmin/moflow)
* Release Branches for MoFlow
* [List of hacker sites](http://link-base.org/)
* **Educational**
* [Con Video Rig Enhancements - IronGeek & SkyDog](https://www.youtube.com/watch?v=BVCFAqLxdtY)
* [How to Become an InfoSec Autodidact - Kelly Shortridge - Duo Tech Talk](https://www.youtube.com/watch?v=h92vmwg9Tyc)
* [Volatile Memory: Behavioral Game Theory in Defensive Security](https://www.slideshare.net/kshortridge/volatile-memory-behavioral-game-theory-in-defensive-security)
* [The Art of Explanation: Behavioral Models of InfoSec - Kelly Shortridge](https://www.youtube.com/embed/UdZDlt2dlqM?)
* [301 The Road to Hiring is Paved in Good Intentions Tim OBrien](https://www.youtube.com/watch?v=sdkf8SIj1rU)
* [Ermahgerd: Lawrs - Robert Heverly - Anycon17](http://www.irongeek.com/i.php?page=videos/anycon2017/305-ermahgerd-lawrs-prof-robert-heverly)
* When do you, and other coders, hackers, developers, and tinkerers, think or worry about the law? If your answer is, ?Not very often,? then this talk is for you. We all need to think about the law. And it's not just privacy, or computer fraud, or even anti-circumvention law, that we should think about. We need to think about law as a whole and how it can help us do or stop us from doing what we want to do. This talk will start with a broad overview of the ways in which we implicate law when we do what we do, and then will focus on what that means for us and the broader implications that can arise from our various activities. Do you think the law would stop you from doing what you want to do or punish you for doing it? It might, but it also might not. If you think it does, do you think you should be able to do what you want to do? If you do, then we need to hack the law, and to do that we?ll need to talk to the legal coders, those writers of our cultural software. This talk will tackle not only law and working with code, but also why it matters for us to be aware of the law and engaged in improving it.
* [The Impact of Dark Knowledge and Secrets on Security and Intelligence Professionals - Richard Thieme](https://www.youtube.com/watch?v=0MzcPBAj88A&list=PLuUtcRxSUZUpv2An-RNhjuZSJ5fjY7ghe)
* Dismissing or laughing off concerns about what it does to a person to know critical secrets does not lessen the impact on life, work, and relationships of building a different map of reality than “normal people” use. One has to calibrate narratives to what another believes. One has to live defensively, warily. This causes at the least cognitive dissonance which some manage by denial. But refusing to feel the pain does not make it go away. It just intensifies the consequences when they erupt. Philip K. Dick said, reality is that which, when you no longer believe in it, does not go away. When cognitive dissonance evolves into symptoms of traumatic stress, one ignores those symptoms at one’s peril. But the very constraints of one’s work often make it impossible to speak aloud about those symptoms, because that might threaten one’s clearances, work, and career. And whistle blower protection is often non-existent.
* [Weapons of Mass Distraction](http://conference.hitb.org/hitbsecconf2014kul/materials/D2T1%20-%20Haroon%20Meer%20Azhar%20Desai%20and%20Marco%20Slaviero%20-%20Weapons%20of%20Mass%20Distraction.pdf)
* In this talk, we aim to briefly cover the background of sock puppets (and related attacks) before moving on to real world demonstrations & “attacks“. Rigging polls, abusing Twitter, causing Reddit riots & targeting popular news organisations are some of the (many) attacks covered. In all these cases we discuss what we tried, what worked, what didn’t and what the implications are of the attacks. Where possible we will cover defences and solutions.
* [Youre stealing it wrong 30 years of inter pirate battles - Jason Scott - Defcon 18](https://www.youtube.com/watch?v=a5AceLYWE1Q&app=desktop)
* [[TROOPERS15] Andreas Lindh - Defender Economics](https://www.youtube.com/watch?v=mAP38Xy52X0)
* **Genuinely Interesting/Unusual**
* [Achilles Heel of the American Banking System](http://www.irongeek.com/i.php?page=videos/derbycon4/the-achilles-heel-of-the-banking-system)
* [You're Leaking Trade Secrets - Defcon22 Michael Schrenk](https://www.youtube.com/watch?v=JTd5TL6_zgY)
* Networks don't need to be hacked for information to be compromised. This is particularly true for organizations that are trying to keep trade secrets. While we hear a lot about personal privacy, little is said in regard to organizational privacy. Organizations, in fact, leak information at a much greater rate than individuals, and usually do so with little fanfare. There are greater consequences for organizations when information is leaked because the secrets often fall into the hands of competitors. This talk uses a variety of real world examples to show how trade secrets are leaked online, and how organizational privacy is compromised by seemingly innocent use of The Internet.
* [Exploiting Network Surveillance Cameras Like a Hollywood Hacker - Black Hat 2013](https://www.youtube.com/watch?v=B8DjTcANBx0)
* [Paypals War on Terror - Chaos Communication Congress 31](http://ccc2.mirror.xt0.org/congress/2014/webm-hd/31c3-6377-en-de-Paypals_War_on_Terror_webm-hd.webm)
* [CompSci in the DPRK](http://us2.1und1.c3voc.de/congress/2014/webm-hd/31c3-6253-en-de-Computer_Science_in_the_DPRK_webm-hd.webm)
* [Disrupting an Adware-serving Skype Botnet](http://phishme.com/disrupting-an-adware-serving-skype-botnet/)
* Not crazy technical or anything, moreso an interesting tale that shows one person with a little bit of skill can disrupt malvertising campaigns with a little legwork.
* [Software Supply Chains and the Illusion of Control - Derek Weeks](http://www.irongeek.com/i.php?page=videos/bsidesnova2017/107-software-supply-chains-and-the-illusion-of-control-derek-weeks)
* In this presentation I am sharing the results of a three-year, industry-wide study on open source development and security practices across 3,000 organizations and 25,000. I will detail how these organizations are employing a vast community of open source component suppliers, warehouses, and development tools that take the form of software supply chains. Modern software development practices are now consuming BILLIONS of open source and third-party components. The tooling with package managers and build tools such as Maven, Gradle, npm, NuGet, RubyGems and others has promoted the usage of components to a convenient standard practice. As a result, 90% of a typical application is now composed of open source components. The good news: use of the components is improving developer productivity and accelerating time to market. However, using these components brings ownership and responsibility with it and this fact is largely overlooked. The unspoken truth: not all parts are created equal. For example, 1 in 16 components in use include known security vulnerabilities. Ugh. This session aims to enlighten development professionals by sharing results from the State of the Software Supply Chain reports from 2015 through 2017. The reports blend of public and proprietary data with expert research and analysis. Attendees in this session will learn: - What our analysis of 25,000 applications reveals about the quality and security of software built with open source components - How organizations like Mayo Clinic, Exxon, Capital One, the U.S. FDA and Intuit are utilizing the principles of software supply chain automation to improve application security - Why avoiding open source components over 3 years old might be a really good idea - How to balance the need for speed with quality and security -- early in the development lifecycle We will also discuss how you can best approach the effort for development teams to identify, track and replace components with known vulnerabilities, while getting more products and new features to market quickly. Attend this session and gain insight as to how your organization’s application development practices compare to others. I'll share the industry benchmarks to take back and discuss with your development, security, and open source governance teams.
* [Hacks, Lies, & Nation States - Mario DiNatale - ANYCON 2017](http://www.irongeek.com/i.php?page=videos/anycon2017/303-hacks-lies-nation-states-mario-dinatale)
* A hilarious and non-technical skewering of the current state of Cybersecurity, the Cybersecurity
* [Money Makes Money: How To Buy An ATM And What You Can Do With It by Leigh Ann Galloway - BSides Manchester2017](https://www.youtube.com/watch?v=0HbLQAGS6no&index=8&list=PLcgqQkap1lNrOBNCXqpPqpPAqckxv0XhP)
* [(In)Outsider Trading – Hacking stocks using public information and (influence) - Robert Len - BSides CapeTown16](https://www.youtube.com/watch?v=sfHeguTEkuE)
* This talk will take a look at how inadvertently leaked technical information from businesses, can be used to successfully trade stocks. This results in making huge profits. We look at different methods of influencing the stock market, such as DDOS attacks (at critical time periods) and simple techniques such as Phish-baiting CEO’s to acquire sensitive, relevant information that can be applied in the real world to make massive gains in profit. We will also take a look at historic trends. How previous hacks, breaches and DDOS attacks have affected stock prices and investor confidence over time. Specific reference will be made towards listed South African companies (Or a particular listed SA company) and a POC will hopefully be completed by the presentation date.
* [Pwning pwners like a n00b](https://www.youtube.com/watch?v=E8O8bB3I3i0)
* Cybercrime, blackhat hackers and some Ukrainians. If that doesn’t catch your attention, then stop reading. Follow the story of how stupid mistakes, OPSEC fails, and someone with a little too much time on his hands was able to completely dismantle a spamming and webshell enterprise using really simple skills and techniques you could pick up in a week. Did we mention that d0x were had as well? This talk will be an in-depth examination at the investigation and exploitation process involved.
* [Human Trafficking in the Digital Age](https://www.irongeek.com/i.php?page=videos/derbycon4/t516-human-trafficking-in-the-digital-age-chris-jenks)
* **Insider Threats**
* [Combating the Insider Threat at the FBI: Real World Lessons Learned - BlackHat2013](https://www.youtube.com/watch?v=0stTS-G5FsE)
* **Policy**
* [Just What The Doctor Ordered? - Scott Erven and Shawn Merdinger - DEF CON 22](https://www.youtube.com/watch?v=wTEMSBXtkAc)
* This discussion will also highlight the fallout from security standards not being a requirement for medical device manufacturers, and our experience in identifying and reporting vulnerabilities. We will provide our insight into what needs to be done for healthcare organizations to respond to the new threat of cyber-attack against medical devices. We are working towards a future where cyber security issues in medical devices are a thing of the past. We will discuss the recent success and traction we have gained with healthcare organizations, federal agencies and device manufacturers in addressing these security issues. The train is now moving, so please join us to find out how you can get involved and make a difference by ensuring patient safety.
* [Psychology of Security - Stefan Schumacher - Trooper14](https://www.youtube.com/watch?v=vZKAi4RAIvA)
* In this talk I will introduce the Institute’s research programme about the Psychology of Security. We are going to research the psychological basics of IT security, including: How do people experience IT security? How are they motivated? How do they learn? Why do people tend to make the same mistakes again and again (Buffer Overflow, anyone?)? What can we do to prevent security incidents? Which curricula should be taught about IT security?
* [Killing you softly Josh Bressers](http://www.irongeek.com/i.php?page=videos/circlecitycon2016/302-killing-you-softly-josh-bressers)
* The entire security industry has a serious skill problem. We,re technically able, but we have no soft skills. We can,t talk to normal people at all. We can barely even talk to each other, and it's killing our industry. Every successful industry relies on the transfer of skills from the experienced to the inexperienced. Security lacks this today. If I asked you how you learned what you know about security, what would your answer be? In most cases you learned everything you know on your own. There was minimal learning from someone else. This has left us with an industry full of magicians, but even worse it puts us in a place where there is no way to transfer skill and knowledge from one generation to the next. Magicians don,t scale. If we think about this in the context of how we engage non security people it's even worse! Most non security people have no idea what security is, what security does, or even why security is important. It's easy to laugh at the horrible security problems almost everything has today, but in reality we,re laughing at ourselves. Historically we,ve blamed everything else for this problem when in reality it's 100% our fault. One of the our great weaknesses is failing to get the regular people to understand security and why it's important. This isn,t a surprise if you think about how the industry communicates. We can barely talk to each other, how can we possibly talk to someone who doesn,t know anything about security? Normal people are confused and scared, they want to do the right thing but they have no idea what that is. The future leaders in security are going to have to be able to teach and talk to their security peers, but more importantly they will have to engage everyone else. Security is being paid attention to like never before, and yet we have nothing to say to anyone. What has changed in the last few years? If we don,t do our jobs, someone else will do them for us, and we,re not going to like the results. Security isn,t a technical problem, technical problems are easy, security is a communication problem. Communications problems are difficult. Let's figure out how we can fix that.