Browse Source

Fixed ToC for exploitDev - it's nicer now.

pull/8/head
root 6 years ago
parent
commit
201411f9ec
8 changed files with 45 additions and 11 deletions
  1. +5
    -5
      Draft/Anonymity Opsec Privacy -.md
  2. +4
    -0
      Draft/Fuzzing Bug Hunting.md
  3. +1
    -0
      Draft/How_To_Suck_at_Information_Security.md
  4. +0
    -4
      Draft/Malware.md
  5. +3
    -0
      Draft/Password Bruting and Hashcracking.md
  6. +29
    -0
      Draft/System Internals Windows and Linux Internals Reference.md
  7. +1
    -1
      Draft/Threat-Hunting.md
  8. +2
    -1
      Draft/things-added.md

+ 5
- 5
Draft/Anonymity Opsec Privacy -.md View File

@ -20,12 +20,7 @@
[Wifi Tracking: Collecting the (probe) Breadcrumbs - David Switzer](https://www.youtube.com/watch?v=HzQHWUM8cNo)
* Wifi probes have provided giggles via Karma and Wifi Pineapples for years, but is there more fun to be had? Like going from sitting next to someone on a bus, to knowing where they live and hang out? Why try to MITM someone’s wireless device in an enterprise environment where they may notice — when getting them at their favorite burger joint is much easier. In this talk we will review ways of collecting and analyzing probes. We’ll use the resulting data to figure out where people live, their daily habits, and discuss uses (some nice, some not so nice) for this information. We’ll also dicuss how to make yourself a little less easy to track using these methods. Stingrays are price prohibitive, but for just tracking people’s movements.. this is cheap and easy.
[How Tor Users Got Caught - Defcon 22](https://www.youtube.com/watch?v=7G1LjQSYM5Q)
* [Part 2](https://www.youtube.com/watch?v=TQ2bk9kMneI)
* [Article - How Tor Users Got Caught by Government Agencies](http://se.azinstall.net/2015/11/how-tor-users-got-caught.html)
#### end cull
@ -157,7 +152,12 @@
[What Happens Next Will Amaze You](http://idlewords.com/talks/what_happens_next_will_amaze_you.htm#six_fixes)
[Wifi Tracking: Collecting the (probe) Breadcrumbs - David Switzer](https://www.youtube.com/watch?v=HzQHWUM8cNo)
* Wifi probes have provided giggles via Karma and Wifi Pineapples for years, but is there more fun to be had? Like going from sitting next to someone on a bus, to knowing where they live and hang out? Why try to MITM someone’s wireless device in an enterprise environment where they may notice — when getting them at their favorite burger joint is much easier. In this talk we will review ways of collecting and analyzing probes. We’ll use the resulting data to figure out where people live, their daily habits, and discuss uses (some nice, some not so nice) for this information. We’ll also dicuss how to make yourself a little less easy to track using these methods. Stingrays are price prohibitive, but for just tracking people’s movements.. this is cheap and easy.
[How Tor Users Got Caught - Defcon 22](https://www.youtube.com/watch?v=7G1LjQSYM5Q)
* [Part 2](https://www.youtube.com/watch?v=TQ2bk9kMneI)
* [Article - How Tor Users Got Caught by Government Agencies](http://se.azinstall.net/2015/11/how-tor-users-got-caught.html)


+ 4
- 0
Draft/Fuzzing Bug Hunting.md View File

@ -24,6 +24,10 @@ https://raw.githubusercontent.com/secfigo/Awesome-Fuzzing/master/README.md
[Fuzzing for MS15-010](http://blog.beyondtrust.com/fuzzing-for-ms15-010)
* This past Patch Tuesday Microsoft released MS15-010: Vulnerabilities in Windows Kernel-Mode Driver Could Allow Remote Code Execution. This patch addressed multiple privately reported vulnerabilities in win32k.sys and one publicly disclosed vulnerability in cng.sys. This post goes through identifying the patched vulnerability.
[0-day streams: pdfcrack](https://www.youtube.com/watch?v=8VLNPIIgKbQ&app=desktop)
#### end sort
##### To Do
* Add Descriptions/generals to types of fuzzing


+ 1
- 0
Draft/How_To_Suck_at_Information_Security.md View File

@ -0,0 +1 @@
How To Suck at Information Security

+ 0
- 4
Draft/Malware.md View File

@ -53,10 +53,6 @@ https://archive.is/Nol3S
[VirtualBox Detection Via WQL Queries](http://waleedassar.blogspot.com/)
[Bypassing VirtualBox Process Hardening on Windows](https://googleprojectzero.blogspot.com/2017/08/bypassing-virtualbox-process-hardening.html)
* This blog post will describe the implementation of Oracle’s VirtualBox protected process and detail three different, but now fixed, ways of bypassing the protection and injecting arbitrary code into the process. The techniques I’ll present can equally be applied to similar implementations of “protected” processes in other applications.


+ 3
- 0
Draft/Password Bruting and Hashcracking.md View File

@ -25,6 +25,9 @@ http://blog.erratasec.com/2011/06/password-cracking-mining-and-gpus.html#.VG3xsp
http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/
[Gladius](https://github.com/praetorian-inc/gladius)
* Automated Responder/secretsdump.py cracking. Gladius provides an automated method for cracking credentials from various sources during an engagement. We currently crack hashes from Responder, secretsdump.py, and smart_hashdump.
* Wordlists sorted by popularity originally created for password generation and testing
### End cull


+ 29
- 0
Draft/System Internals Windows and Linux Internals Reference.md View File

@ -22,6 +22,35 @@
#### Sort
Waitfor - tehcnet](https://technet.microsoft.com/en-us/library/cc731613(v=ws.11).aspx?t=1&cn=ZmxleGlibGVfcmVjcw%3D%3D&iid=22f4306f9238443891cea105281cfd3f&uid=150127534&nid=244+289476616)
[Windows Interactive Logon Architecture - technet](https://technet.microsoft.com/en-us/library/ff404303(v=ws.10))
[Credential Providers in Windows 10 - msdn](https://msdn.microsoft.com/en-us/library/windows/desktop/mt158211(v=vs.85).aspx)
[Registering Network Providers and Credential Managers - msdn](https://msdn.microsoft.com/en-us/library/windows/desktop/aa379389(v=vs.85).aspx)
[Authentication Registry Keys - msdn](https://msdn.microsoft.com/en-us/library/windows/desktop/aa374737(v=vs.85).aspx)
* When it installs a network provider, your application should create the registry keys and values described in this topic. These keys and values provide information to the MPR about the network providers installed on the system. The MPR checks these keys when it starts and loads the network provider DLLs that it finds.
[ICredentialProvider interface - msdn](https://msdn.microsoft.com/en-us/library/bb776042(v=vs.85).aspx)
* Exposes methods used in the setup and manipulation of a credential provider. All credential providers must implement this interface.
[Custom Credential Provider for Password Reset - blogs.technet](https://blogs.technet.microsoft.com/aho/2009/11/14/custom-credential-provider-for-password-reset/)
[](http://archive.msdn.microsoft.com/ShellRevealed/Release/ProjectReleases.aspx?ReleaseId=2871)
[V2 Credential Provider Sample - code.msdn](https://code.msdn.microsoft.com/windowsapps/V2-Credential-Provider-7549a730)
* Demonstrates how to build a v2 credential provider that makes use of the new capabilities introduced to credential provider framework in Windows 8 and Windows 8.1.
[Starting to build your own Credential Provider](https://blogs.msmvps.com/alunj/2011/02/21/starting-to-build-your-own-credential-provider/)
* If you’re starting to work on a Credential Provider (CredProv or CP, for short) for Windows Vista, Windows Server 2008, Windows Server 2008 R2 or Windows 7, there are a few steps I would strongly recommend you take, because it will make life easier for you.
[BCDEdit /dbgsettings - msdn](https://msdn.microsoft.com/en-us/library/windows/hardware/ff542187(v=vs.85).aspx)
[Winlogon and Credential Providers](https://msdn.microsoft.com/en-us/library/windows/desktop/bb648647(v=vs.85).aspx)
* Winlogon is the Windows module that performs interactive logon for a logon session. Winlogon behavior can be customized by implementing and registering a Credential Provider.
#### End Sort


+ 1
- 1
Draft/Threat-Hunting.md View File

@ -30,7 +30,7 @@ https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framewo
[Taking Hunting to the Next Level Hunting in Memory - Jared Atkinson 2017](https://www.youtube.com/watch?v=3RUMShnJq_I)
[Global Adversarial Capability Modeling](https://www.youtube.com/watch?v=56T3JN09SrY#t=41)


+ 2
- 1
Draft/things-added.md View File

@ -405,7 +405,8 @@
[How to find 56 potential vulnerabilities in FreeBSD code in one evening](https://www.viva64.com/en/b/0496/)
[Static analysis tools for PHP](https://github.com/exakat/php-static-analysis-tools)
* A reviewed list of useful PHP static analysis tools


Loading…
Cancel
Save