Browse Source

Deleting files

rmusser01 3 years ago
91 changed files with 0 additions and 30987 deletions
  1. +0
  2. +0
  3. +0
  4. +0
  5. +0
  6. +0
  7. +0
  8. +0
  9. +0
  10. +0
  11. +0
  12. +0
  13. +0
  14. +0
  15. +0
  16. +0
  17. +0
  18. +0
  19. BIN
  20. BIN
  21. +0
  22. +0
  23. +0
  24. +0
  25. +0
  26. +0
  27. +0
  28. +0
  29. +0
  30. +0
  31. +0
  32. +0
  33. +0
  34. +0
  35. +0
  36. +0
  37. +0
  38. +0
  39. +0
  40. +0
  41. +0
  42. +0
  43. +0
  44. +0
  45. +0
  46. +0
  47. +0
  48. +0
  49. +0
  50. +0
  51. +0
  52. +0
  53. +0
  54. +0
  55. +0
  56. +0
  57. +0
  58. +0
  59. +0
  60. +0
  61. +0
  62. +0
  63. +0
  64. +0
  65. +0
  66. +0
  67. +0
  68. +0
  69. +0
  70. +0
  71. +0
  72. +0
  73. +0
  74. +0
  75. +0
  76. +0
  77. +0
  78. +0
  79. +0
  80. +0
  81. +0
  82. +0
  83. +0
  84. +0
  85. +0
  86. +0
  87. +0
  88. +0
  89. +0
  90. BIN
  91. BIN

+ 0
- 8
MobileApplication/.babelrc View File

@ -1,8 +0,0 @@
"presets": ["babel-preset-expo"],
"env": {
"development": {
"plugins": ["transform-react-jsx-source"]

+ 0
- 75
MobileApplication/.flowconfig View File

@ -1,75 +0,0 @@
; We fork some components by platform
; Ignore templates for 'react-native init'
; Ignore RN jest
; Ignore RNTester
; Ignore the website subdir
; Ignore the Dangerfile
; Ignore Fbemitter
; Ignore "BUCK" generated dirs
; Ignore unexpected extra "@providesModule"
; Ignore polyfills
; Ignore various node_modules
module.name_mapper='^[./a-zA-Z0-9$_-]+\.\(bmp\|gif\|jpg\|jpeg\|png\|psd\|svg\|webp\|m4v\|mov\|mp4\|mpeg\|mpg\|webm\|aac\|aiff\|caf\|m4a\|mp3\|wav\|html\|pdf\)$' -> 'RelativeImageStub'
suppress_comment=\\(.\\|\n\\)*\\$FlowFixMe\\($\\|[^(]\\|(\\(>=0\\.\\(5[0-6]\\|[1-4][0-9]\\|[0-9]\\).[0-9]\\)? *\\(site=[a-z,_]*react_native_oss[a-z,_]*\\)?)\\)
suppress_comment=\\(.\\|\n\\)*\\$FlowIssue\\((\\(>=0\\.\\(5[0-6]\\|[1-4][0-9]\\|[0-9]\\).[0-9]\\)? *\\(site=[a-z,_]*react_native_oss[a-z,_]*\\)?)\\)?:? #[0-9]+

+ 0
- 17
MobileApplication/.gitignore View File

@ -1,17 +0,0 @@
# See for more about ignoring files.
# expo
# dependencies
# misc

+ 0
- 1
MobileApplication/.watchmanconfig View File

@ -1 +0,0 @@

+ 0
- 17
MobileApplication/App.js View File

@ -1,17 +0,0 @@
import React from 'react';
import { WebView, StyleSheet, Text, View } from 'react-native';
export default class App extends React.Component {
render() {
return (
source={{uri: ''}}
style={{marginTop: 20}}
const styles = StyleSheet.create({

+ 0
- 9
MobileApplication/App.test.js View File

@ -1,9 +0,0 @@
import React from 'react';
import App from './App';
import renderer from 'react-test-renderer';
it('renders without crashing', () => {
const rendered = renderer.create(<App />).toJSON();

+ 0
- 220
MobileApplication/ View File

@ -1,220 +0,0 @@
This project was bootstrapped with [Create React Native App](
Below you'll find information about performing common tasks. The most recent version of this guide is available [here](
## Table of Contents
* [Updating to New Releases](#updating-to-new-releases)
* [Available Scripts](#available-scripts)
* [npm start](#npm-start)
* [npm test](#npm-test)
* [npm run ios](#npm-run-ios)
* [npm run android](#npm-run-android)
* [npm run eject](#npm-run-eject)
* [Writing and Running Tests](#writing-and-running-tests)
* [Environment Variables](#environment-variables)
* [Configuring Packager IP Address](#configuring-packager-ip-address)
* [Adding Flow](#adding-flow)
* [Customizing App Display Name and Icon](#customizing-app-display-name-and-icon)
* [Sharing and Deployment](#sharing-and-deployment)
* [Publishing to Expo's React Native Community](#publishing-to-expos-react-native-community)
* [Building an Expo "standalone" app](#building-an-expo-standalone-app)
* [Ejecting from Create React Native App](#ejecting-from-create-react-native-app)
* [Build Dependencies (Xcode & Android Studio)](#build-dependencies-xcode-android-studio)
* [Should I Use ExpoKit?](#should-i-use-expokit)
* [Troubleshooting](#troubleshooting)
* [Networking](#networking)
* [iOS Simulator won't open](#ios-simulator-wont-open)
* [QR Code does not scan](#qr-code-does-not-scan)
## Updating to New Releases
You should only need to update the global installation of `create-react-native-app` very rarely, ideally never.
Updating the `react-native-scripts` dependency of your app should be as simple as bumping the version number in `package.json` and reinstalling your project's dependencies.
Upgrading to a new version of React Native requires updating the `react-native`, `react`, and `expo` package versions, and setting the correct `sdkVersion` in `app.json`. See the [versioning guide]( for up-to-date information about package version compatibility.
## Available Scripts
If Yarn was installed when the project was initialized, then dependencies will have been installed via Yarn, and you should probably use it to run these commands as well. Unlike dependency installation, command running syntax is identical for Yarn and NPM at the time of this writing.
### `npm start`
Runs your app in development mode.
Open it in the [Expo app]( on your phone to view it. It will reload if you save edits to your files, and you will see build errors and logs in the terminal.
Sometimes you may need to reset or clear the React Native packager's cache. To do so, you can pass the `--reset-cache` flag to the start script:
npm start -- --reset-cache
# or
yarn start -- --reset-cache
#### `npm test`
Runs the [jest]( test runner on your tests.
#### `npm run ios`
Like `npm start`, but also attempts to open your app in the iOS Simulator if you're on a Mac and have it installed.
#### `npm run android`
Like `npm start`, but also attempts to open your app on a connected Android device or emulator. Requires an installation of Android build tools (see [React Native docs]( for detailed setup). We also recommend installing Genymotion as your Android emulator. Once you've finished setting up the native build environment, there are two options for making the right copy of `adb` available to Create React Native App:
##### Using Android Studio's `adb`
1. Make sure that you can run adb from your terminal.
2. Open Genymotion and navigate to `Settings -> ADB`. Select “Use custom Android SDK tools” and update with your [Android SDK directory](
##### Using Genymotion's `adb`
1. Find Genymotion’s copy of adb. On macOS for example, this is normally `/Applications/`.
2. Add the Genymotion tools directory to your path (instructions for [Mac](, [Linux](, and [Windows](
3. Make sure that you can run adb from your terminal.
#### `npm run eject`
This will start the process of "ejecting" from Create React Native App's build scripts. You'll be asked a couple of questions about how you'd like to build your project.
**Warning:** Running eject is a permanent action (aside from whatever version control system you use). An ejected app will require you to have an [Xcode and/or Android Studio environment]( set up.
## Customizing App Display Name and Icon
You can edit `app.json` to include [configuration keys]( under the `expo` key.
To change your app's display name, set the `` key in `app.json` to an appropriate string.
To set an app icon, set the `expo.icon` key in `app.json` to be either a local path or a URL. It's recommended that you use a 512x512 png file with transparency.
## Writing and Running Tests
This project is set up to use [jest]( for tests. You can configure whatever testing strategy you like, but jest works out of the box. Create test files in directories called `__tests__` or with the `.test` extension to have the files loaded by jest. See the [the template project]( for an example test. The [jest documentation]( is also a wonderful resource, as is the [React Native testing tutorial](
## Environment Variables
You can configure some of Create React Native App's behavior using environment variables.
### Configuring Packager IP Address
When starting your project, you'll see something like this for your project URL:
The "manifest" at that URL tells the Expo app how to retrieve and load your app's JavaScript bundle, so even if you load it in the app via a URL like `exp://localhost:19000`, the Expo client app will still try to retrieve your app at the IP address that the start script provides.
In some cases, this is less than ideal. This might be the case if you need to run your project inside of a virtual machine and you have to access the packager via a different IP address than the one which prints by default. In order to override the IP address or hostname that is detected by Create React Native App, you can specify your own hostname via the `REACT_NATIVE_PACKAGER_HOSTNAME` environment variable:
Mac and Linux:
REACT_NATIVE_PACKAGER_HOSTNAME='my-custom-ip-address-or-hostname' npm start
set REACT_NATIVE_PACKAGER_HOSTNAME='my-custom-ip-address-or-hostname'
npm start
The above example would cause the development server to listen on `exp://my-custom-ip-address-or-hostname:19000`.
## Adding Flow
Flow is a static type checker that helps you write code with fewer bugs. Check out this [introduction to using static types in JavaScript]( if you are new to this concept.
React Native works with [Flow]( out of the box, as long as your Flow version matches the one used in the version of React Native.
To add a local dependency to the correct Flow version to a Create React Native App project, follow these steps:
1. Find the Flow `[version]` at the bottom of the included [.flowconfig](.flowconfig)
2. Run `npm install --save-dev flow-bin@x.y.z` (or `yarn add --dev flow-bin@x.y.z`), where `x.y.z` is the .flowconfig version number.
3. Add `"flow": "flow"` to the `scripts` section of your `package.json`.
4. Add `// @flow` to any files you want to type check (for example, to `App.js`).
Now you can run `npm run flow` (or `yarn flow`) to check the files for type errors.
You can optionally use a [plugin for your IDE or editor]( for a better integrated experience.
To learn more about Flow, check out [its documentation](
## Sharing and Deployment
Create React Native App does a lot of work to make app setup and development simple and straightforward, but it's very difficult to do the same for deploying to Apple's App Store or Google's Play Store without relying on a hosted service.
### Publishing to Expo's React Native Community
Expo provides free hosting for the JS-only apps created by CRNA, allowing you to share your app through the Expo client app. This requires registration for an Expo account.
Install the `exp` command-line tool, and run the publish command:
$ npm i -g exp
$ exp publish
### Building an Expo "standalone" app
You can also use a service like [Expo's standalone builds]( if you want to get an IPA/APK for distribution without having to build the native code yourself.
### Ejecting from Create React Native App
If you want to build and deploy your app yourself, you'll need to eject from CRNA and use Xcode and Android Studio.
This is usually as simple as running `npm run eject` in your project, which will walk you through the process. Make sure to install `react-native-cli` and follow the [native code getting started guide for React Native](
#### Should I Use ExpoKit?
If you have made use of Expo APIs while working on your project, then those API calls will stop working if you eject to a regular React Native project. If you want to continue using those APIs, you can eject to "React Native + ExpoKit" which will still allow you to build your own native code and continue using the Expo APIs. See the [ejecting guide]( for more details about this option.
## Troubleshooting
### Networking
If you're unable to load your app on your phone due to a network timeout or a refused connection, a good first step is to verify that your phone and computer are on the same network and that they can reach each other. Create React Native App needs access to ports 19000 and 19001 so ensure that your network and firewall settings allow access from your device to your computer on both of these ports.
Try opening a web browser on your phone and opening the URL that the packager script prints, replacing `exp://` with `http://`. So, for example, if underneath the QR code in your terminal you see:
Try opening Safari or Chrome on your phone and loading
If this works, but you're still unable to load your app by scanning the QR code, please open an issue on the [Create React Native App repository]( with details about these steps and any other error messages you may have received.
If you're not able to load the `http` URL in your phone's web browser, try using the tethering/mobile hotspot feature on your phone (beware of data usage, though), connecting your computer to that WiFi network, and restarting the packager.
### iOS Simulator won't open
If you're on a Mac, there are a few errors that users sometimes see when attempting to `npm run ios`:
* "non-zero exit code: 107"
* "You may need to install Xcode" but it is already installed
* and others
There are a few steps you may want to take to troubleshoot these kinds of errors:
1. Make sure Xcode is installed and open it to accept the license agreement if it prompts you. You can install it from the Mac App Store.
2. Open Xcode's Preferences, the Locations tab, and make sure that the `Command Line Tools` menu option is set to something. Sometimes when the CLI tools are first installed by Homebrew this option is left blank, which can prevent Apple utilities from finding the simulator. Make sure to re-run `npm/yarn run ios` after doing so.
3. If that doesn't work, open the Simulator, and under the app menu select `Reset Contents and Settings...`. After that has finished, quit the Simulator, and re-run `npm/yarn run ios`.
### QR Code does not scan
If you're not able to scan the QR code, make sure your phone's camera is focusing correctly, and also make sure that the contrast on the two colors in your terminal is high enough. For example, WebStorm's default themes may [not have enough contrast]( for terminal QR codes to be scannable with the system barcode scanners that the Expo app uses.
If this causes problems for you, you may want to try changing your terminal's color theme to have more contrast, or running Create React Native App from a different terminal. You can also manually enter the URL printed by the packager script in the Expo app's search bar to load it manually.

+ 0
- 5
MobileApplication/app.json View File

@ -1,5 +0,0 @@
"expo": {
"sdkVersion": "23.0.0"

+ 0
- 27
MobileApplication/package.json View File

@ -1,27 +0,0 @@
"name": "MobileApplication",
"version": "0.1.0",
"private": true,
"devDependencies": {
"jest-expo": "23.0.0",
"react-native-scripts": "1.8.1",
"react-test-renderer": "16.0.0"
"main": "./node_modules/react-native-scripts/build/bin/crna-entry.js",
"scripts": {
"start": "react-native-scripts start",
"eject": "react-native-scripts eject",
"android": "react-native-scripts android",
"ios": "react-native-scripts ios",
"test": "node node_modules/jest/bin/jest.js --watch"
"jest": {
"preset": "jest-expo"
"dependencies": {
"expo": "^23.0.4",
"react": "16.0.0",
"react-native": "0.50.3",
"watchman": "^1.0.0"

+ 0
- 6127
File diff suppressed because it is too large
View File

+ 0
- 2
Sphinx/ View File

@ -1,2 +0,0 @@
If you wish to contribute, simply fork the project, add your links/information/pages and make a pull request.
As long as the links are non-malicious, I'll probably accept your pull request. Any help/contributions are welcomed.

+ 0
- 21
Sphinx/LICENSE View File

@ -1,21 +0,0 @@
MIT License
Copyright (c) 2017 Robert
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

+ 0
- 20
Sphinx/Makefile View File

@ -1,20 +0,0 @@
# Minimal makefile for Sphinx documentation
# You can set these variables from the command line.
SPHINXBUILD = sphinx-build
SPHINXPROJ = InfosecReference
SOURCEDIR = source
BUILDDIR = build
# Put it first so that "make" without argument is like "make help".
.PHONY: help Makefile
# Catch-all target: route all unknown targets to Sphinx using the new
# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS).
%: Makefile

+ 0
- 198
Sphinx/ View File

@ -1,198 +0,0 @@
# Infosec_Reference
An Information Security Reference That Doesn't Suck
#### Goal:
* Be an awesome Information Security Reference
* List of techinques, tools and tactics to learn from/reference.
* Something like a "Yellow Pages" in the sense of you know something exists, but what was it called....
* End goal: Rich resource of infosec knowledge for anyone to browse through as a jumping off point for various niches OR as a reference/recall method for stuff.
* 'if you give a man a fish he is hungry again in an hour. If you teach him to catch a fish you do him a good turn.'
* Something oppposite to the [MITRE ATT&CK Framework]( (eventually; As in, "I want to do priv esc on OS X/windows/linux, what methods are there?" or, "I need to do X under Y situation". Focus is on attacks and how they're done vs how attacks are done with a focus on defense.
* Always accepting more links/stuff. Feel free to contribue or suggest something.
#### Why Do *I* Care?
* No idea. I do this as a resource for myself(to teach others from) and offer it publicly as a way of giving back to the general community.
* To be clear, these aren't personal notes. I keep this repo maintained as a way of having pointers to information that I feel help build someone's skillset or increase understanding of attacks/methods/defenses.
#### Why Do *You* Care?
* Don't have to constantly google for tools/reminder.
* Easily browsable list of tools, techniques, papers, and research in all sorts of areas.
* Want to read some good info.
##### This page
* This page is terrible on mobile. Use [](]) for better mobile formatting.
* At some point I will sort the sections into a grid alphabetically.
* For latest content updates, check here: [Things added since last update](
* This will have all links added to the other pages sorted according to topic, making it easier to see new stuff.
* All links on this page should work. Last tested 11/26
* Contributions are welcome, format is pretty simple/easy to pick up, add anything not already in it that fits.
### Index - Table of Contents
#### ATT&CK(Def3nse?) Stuff
* [Windows Collection](
* [Windows Command and Control](
* [Windows Credential Access](
* [Windows Defense Evasion](
* [Windows Discovery](
* [Windows Execution](
* [Windows Exfiltration](
* [Windows Lateral Movement](
* [Windows Persistence](
* [Windows Privilege Escalation](
* [Linux Collection](
* [Linux Command and Control](
* [Linux Credential Access](
* [Linux Defense Evasion](
* [Linux Discovery](
* [Linux Execution](
* [Linux Exfiltration](
* [Linux Lateral Movement](
* [Linux Persistence](
* [Linux Privilege Escalation](
Mac/OS X
* [OS X Collection]
* [OS X Command and Control]
* [OS X Credential Access]
* [OS X Defense Evasion]
* [OS X Discovery]
* [OS X Execution]
* [OS X Exfiltration]
* [OS X Lateral Movement]
* [OS X Persistence]
* [OS X Privilege Escalation]
#### Categories
* [Anonymity/OpSec/Privacy](
* [Basic Security Information](
* [BIOS/UEFI/Firmware Attacks/Defense](
* [Building a PenTest Lab](
* [Car hacking](
* [Cheat Sheets](
* [CTFs & Wargames](
* [Conferences/Recordings](
* [Counter Surveillance](
* [Courses & Training](
* [Cryptography & Encryption](
* [CryptoCurrencies](
* [Darknets](
* [Data Anaylsis & Visualization](
* [Disclosure](
* [Disinformation](
* [Documentation & Reporting](
* [Embedded Device Security](
* [Exfiltration](
* [Exploit Development](
* [Forensics & Incident Response](
* [Fuzzing & Bug Hunting](
* [Gamma Group Hack Writeup](
* [Hacking Team Writeup](
* [Home Security](
* [Honeypots](
* [Interesting Things & Useful Information](
* [Malware](
* [Network Attacks & Defense](
* [Network Security Monitoring & Logging](
* [Open Source Intelligence Gathering - OSINT](
* [Opsec Rant #1 - alpraking](
* [Opsec rant #2 - nachash](
* [Passwords](
* [Phishing](
* [Physical Security](
* [Privilege Escalation and Post-Exploitation](
* [Programming Stuff](
* [Red Teaming](
* [Reverse Engineering](
* [REMATH Reverse Engineering](
* [Rootkits](
* [Social Engineering](
* [System Internals (Linux/Windows) - NOT THE TOOLSET](
* [Threat Modeling](
* [Threat Hunting](
* [UI/UX Design](
* [Web](
* [Wireless Networks and RF Devices](
* [Insurance Data Security Model Law]( |
* [NIST Cyber Security Framework 02/12/2014]( |
* [PCI-DSS V3.2](|
## Installation
-* Python 3
-* Run the terminal command `pip install -r requirements.txt` to install the dependencies for Sphinx
-* Install `yarn`
-* Run the `yarn` to install the dependencies for `prettier`
-## Website Build Commands
-To render the Markdown and reStructuredText into HTML, run the terminal command `make html` from the `sphinx/` folder.
-This will render and output the website to the `build/html/` folder.
-To lint your Markdown run `yarn run pretty`. At the moment, this only lints single files. You can lint entire directories using a command like this `find ./src/**/*.js | xargs prettier --write --print-width 80 --single-quote --trailing-comma es5`. More information can be [found here](
-## Website Settings
-To edit the settings, change the `source/` file.
-## Mobile Development
-The Android version of this application is built using `react-native`. To get started, run the following commands:
-1. `npm install -g create-react-native-app`
-2. `cd MobileApplication`
-3. `npm start`
-4. Scan the QR code in the `Expo` app
-5. Start developing!
-A more detailed set of instructions for setting up can be found on the [React-Native website](
-To be able to view the application on your phone while you're developing, you must use the Expo client.
-* Android client can be found here [here](
-* iOS client can be found [here](
-## Structure
-Helpful notes:
-* Use two spaces for indentation
-* Use # for the page title
-Pages should have the following structure:
-# <title>
-## <table of contents>
-## <section header>
-* bullet point
-* bullet point
- * sub-bullet point
-* bullet point
-Normal text looks like this
-[Link title](the actual link goes here)
-![image alt text](image link)
## Seeing the latest updates
* For latest content updates, [check the reposity](

+ 0
- 0
Sphinx/_static/.gitsave View File

+ 0
- 36
Sphinx/make.bat View File

@ -1,36 +0,0 @@
pushd %~dp0
REM Command file for Sphinx documentation
if "%SPHINXBUILD%" == "" (
set SPHINXBUILD=sphinx-build
set SOURCEDIR=source
set BUILDDIR=build
set SPHINXPROJ=InfosecReference
if "%1" == "" goto help
if errorlevel 9009 (
echo.The 'sphinx-build' command was not found. Make sure you have Sphinx
echo.installed, then set the SPHINXBUILD environment variable to point the full path of the 'sphinx-build' executable. Alternatively you
echo.may add the Sphinx directory to PATH.
echo.If you don't have Sphinx installed, grab it from
exit /b 1
goto end

+ 0
- 53
Sphinx/package-lock.json View File

@ -1,53 +0,0 @@
"requires": true,
"lockfileVersion": 1,
"dependencies": {
"mdast-comment-marker": {
"version": "1.0.2",
"resolved": "",
"integrity": "sha1-Hd8O+BH7UkOQF8jSwLkiA18rp0o="
"remark-lint": {
"version": "6.0.1",
"resolved": "",
"integrity": "sha512-wvTTuB5O5pF8SxqahQjjrU3dtuhygYjaGcOZTw+4ACgSE4RBINDlNqN46HjcV3X0ib5GmObJUt5a2mmhtmuTqw==",
"requires": {
"remark-message-control": "4.0.1"
"remark-message-control": {
"version": "4.0.1",
"resolved": "",
"integrity": "sha1-KRPNYLMW2fnzkKp/NGOdIM9VmW0=",
"requires": {
"mdast-comment-marker": "1.0.2",
"trim": "0.0.1",
"unist-util-visit": "1.2.0",
"vfile-location": "2.0.2"
"trim": {
"version": "0.0.1",
"resolved": "",
"integrity": "sha1-WFhUf2spB1fulczMZm+1AITEYN0="
"unist-util-is": {
"version": "2.1.1",
"resolved": "",
"integrity": "sha1-DDEmKeP5YMZukx6BLT2A53AQlHs="
"unist-util-visit": {
"version": "1.2.0",
"resolved": "",
"integrity": "sha512-lI+jyPlDztHZ2CJhUchcRMQ7MNc0yASgYFxwRTxs0EZ+9HbYFBLVGDJ2FchTBy+pra0O1LVEn0Wkgf19mDVDzw==",
"requires": {
"unist-util-is": "2.1.1"
"vfile-location": {
"version": "2.0.2",
"resolved": "",
"integrity": "sha1-02dcWch3SY5JK0dW/2Xkrxp1IlU="

+ 0
- 8
Sphinx/package.json View File

@ -1,8 +0,0 @@
"scripts": {
"prettier": "prettier --write ./source/"
"devDependencies": {
"prettier": "^1.8.2"

Sphinx/readme-img/landing.png View File

Before After
Width: 1908  |  Height: 966  |  Size: 253 KiB

Sphinx/readme-img/page.png View File

Before After
Width: 1908  |  Height: 923  |  Size: 196 KiB

+ 0
- 20
Sphinx/requirements.txt View File

@ -1,20 +0,0 @@

+ 0
- 453
Sphinx/source/ View File

@ -1,453 +0,0 @@
## Anonymity, Opsec & Privacy
#### Table of Contents
* [Cull](#cull)
* [General](#general)
* [Blogposts](#blog)
* [Articles](#Articles)
* [How-Tos](#howtos)
* [Papers](#Papers)
* [Talks/Videos](#talks)
* [Tools](#Tools)
* [Miscellaneous](#misc)
#### Cull
* [Technical analysis of client identification mechanisms](
* [Client Identification Mechanisms](
#### General
* [OS X Security and Privacy Guide](
* [Bugger - Adam Curtis](
* Maybe the real state secret is that spies aren't very good at their jobs and
don't know much about the world
* [Mobile Phone Data lookup](
#### Blogposts
* [De-Anonymizing Alt.Anonymous.Messages](
* [Defeating and Detecting Browser Spoofing - Browserprint](
* [Invasion of Privacy - HackerFactor](
* [Trawling Tor Hidden Service – Mapping the DHT](
* [China travel laptop setup](
* [Operational Security and the Real World - The Grugq](
* [CIA Vault7 Development Tradecraft DOs and DON'Ts](
* [Dutch-Russian cyber crime case reveals how police tap the internet - ElectroSpaces](
* [Deanonymizing Windows users and capturing Microsoft and VPN accounts](
* [The Paranoid's Bible: An anti-dox effort.](
* [Debian-Privacy-Server-Guide](
* This is a step-by-step guide to configuring and managing a domain, remote
server and hosted services, such as VPN, a private and obfuscated Tor
bridge, and encrypted chat, using the Debian GNU/Linux operating system and
other free software.
* [Reminder: Oh, Won't You Please Shut Up? - USA](
#### Articles
* [De-anonymizing facebook users through CSP](
* [Anonymous’s Guide to OpSec](
* [Cat Videos and the Death of Clear Text](
* [How to Spot a SpoCTok](
* [China travel laptop setup](
* [Operational Security and the Real World - The Grugq](
* [Protecting Your Sources When Releasing Sensitive Documents](
* [Bugger - Adam Curtis](
* Maybe the real state secret is that spies aren't very good at their jobs and
don't know much about the world
* [Detect Tor Exit doing sniffing by passively detecting unique DNS query (via HTML & PCAP parsing/viewing)](
* [Managing Pseudonyms with Compartmentalization: Identity Management of Personas](
* [Data release: list of websites that have third-party “session replay” scripts ](
* [No boundaries: Exfiltration of personal data by session-replay scripts](
#### How-Tos
* [How to stop Firefox from making automatic connections](
#### Papers
* [Protocol Misidentification Made Easy with Format-Transforming Encryption](
* Deep packet inspection DPI technologies provide much- needed visibility and
control of network traffic using port- independent protocol identification,
where a network ow is labeled with its application-layer protocol based on
packet contents. In this paper, we provide the most comprehensive evaluation
of a large set of DPI systems from the point of view of protocol
misidentification attacks, in which adver- saries on the network attempt to
force the DPI to mislabel connections. Our approach uses a new cryptographic
primitive called format-transforming encryption FTE, which extends
conventional symmetric encryption with the ability to transform the
ciphertext into a format of our choosing. We design an FTE-based record
layer that can encrypt arbi- trary application-layer traffic, and we
experimentally show that this forces misidentification for all of the
evaluated DPI systems. This set includes a proprietary, enterprise-class DPI
system used by large corporations and nation-states. We also show that using
FTE as a proxy system incurs no latency overhead and as little as 16%
bandwidth overhead compared to standard SSH tunnels. Finally, we integrate
our FTE proxy into the Tor anonymity network and demonstrate that it evades
real-world censorship by the Great Firewall of China.
* ['I've Got Nothing to Hide' and Other Misunderstandings of Privacy](
* We live in a surveillance state. Law enforcement and intelligence agencies
have access to a huge amount of data about us, enabling them to learn
intimate, private details about our lives. In part, the ease with which they
can obtain such information reflects the fact that our laws have failed to
keep up with advances in technology. However, privacy enhancing technologies
can offer real protections even when the law does not. That intelligence
agencies like the NSA are able to collect records about every telephone call
made in the United States, or engage in the bulk surveillance of Internet
communications is only possible because so much of our data is transmitted
in the clear. The privacy enhancing technologies required to make bulk
surveillance impossible and targeted surveillance more difficult already
exist. We just need to start using them.
* [Masquerade: How a Helpful Man-in-the-Middle Can Help You Evade Monitoring\** - Defcon22](
* Sometimes, hiding the existence of a communication is as important as hiding
the contents of that communication. While simple network tunneling such as
Tor or a VPN can keep the contents of communications confidential, under
active network monitoring or a restrictive IDS such tunnels are red flags
which can subject the user to extreme scrutiny. Format-Transforming
Encryption FTE can be used to tunnel traffic within otherwise innocuous
protocols, keeping both the contents and existence of the sensitive traffic
hidden. However, more advanced automated intrusion detection, or moderately
sophisticated manual inspection, raise other red flags when a host reporting
to be a laser printer starts browsing the web or opening IM sessions, or
when a machine which appears to be a Mac laptop sends network traffic using
Windows-specific network settings. We present Masquerade: a system which
combines FTE and host OS profile selection to allow the user to emulate a
user-selected operating system and application-set in network traffic and
settings, evading both automated detection and frustrating after-the-fact
* [Slides](
* [The NSA: Capabilities and Countermeasures\** - Bruce Schneier - ShmooCon 2014](
* Edward Snowden has given us an unprecedented window into the NSA's
surveillance activities. Drawing from both the Snowden documents and
revelations from previous whistleblowers, I will describe the sorts of
surveillance the NSA does and how it does it. The emphasis is on the
technical capabilities of the NSA, not the politics of their actions. This
includes how it conducts Internet surveillance on the backbone, but is
primarily focused on their offensive capabilities: packet injection attacks
from the Internet backbone, exploits against endpoint computers and implants
to exfiltrate information, fingerprinting computers through cookies and
other means, and so on. I will then talk about what sorts of countermeasures
are likely to frustrate the NSA. Basically, these are techniques to raise
the cost of wholesale surveillance in favor of targeted surveillance:
encryption, target hardening, dispersal, and so on.
* [You're Leaking Trade Secrets - Defcon22 Michael Schrenk](
* Networks don't need to be hacked for information to be compromised. This is
particularly true for organizations that are trying to keep trade secrets.
While we hear a lot about personal privacy, little is said in regard to
organizational privacy. Organizations, in fact, leak information at a much
greater rate than individuals, and usually do so with little fanfare. There
are greater consequences for organizations when information is leaked
because the secrets often fall into the hands of competitors. This talk uses
a variety of real world examples to show how trade secrets are leaked
online, and how organizational privacy is compromised by seemingly innocent
use of The Internet.
* [Deep-Spying: Spying using Smartwatch and Deep Learning - Tony Beltramelli](
* [HORNET: High-speed Onion Routing at the Network Layer](
* [Decoy Routing: Toward Unblockable Internet Communication](
* We present decoy routing, a mechanism capable of cir- cumventing common
network filtering strategies. Unlike other circumvention techniques, decoy
routing does not require a client to connect to a specific IP address (which
is easily blocked) in order to provide circumvention. We show that if it is
possible for a client to connect to any unblocked host/service, then decoy
routing could be used to connect them to a blocked destination without coop-
eration from the host. This is accomplished by placing the circumvention
service in the network itself – where a single device could proxy traffic
between a significant fraction of hosts – instead of at the edge.
* [obfs4 (The obfourscator)](
* This is a protocol obfuscation layer for TCP protocols. Its purpose is to
keep a third party from telling what protocol is in use based on message
contents. Unlike obfs3, obfs4 attempts to provide authentication and data
integrity, though it is still designed primarily around providing a layer of
obfuscation for an existing authenticated protocol like SSH or TLS.
* [obfs3 (The Threebfuscator)](
* This is a protocol obfuscation layer for TCP protocols. Its purpose is to
keep a third party from telling what protocol is in use based on message
contents. Like obfs2, it does not provide authentication or data integrity.
It does not hide data lengths. It is more suitable for providing a layer of
obfuscation for an existing authenticated protocol, like SSH or TLS.
* [StegoTorus: A Camouflage Proxy for the Tor Anonymity System](
* Internet censorship by governments is an increasingly common practice
worldwide. Internet users and censors are locked in an arms race: as users
find ways to evade censorship schemes, the censors develop countermeasures
for the evasion tactics. One of the most popular and effective circumvention
tools, Tor, must regularly adjust its network traffic signature to remain
usable. We present StegoTorus, a tool that comprehensively disguises Tor
from protocol analysis. To foil analysis of packet contents, Tor’s traffic
is steganographed to resemble an innocuous cover protocol, such as HTTP. To
foil analysis at the transport level, the Tor circuit is distributed over
many shorter-lived connections with per-packet characteristics that mimic
cover-protocol traffic. Our evaluation demonstrates that StegoTorus improves
the resilience of Tor to fingerprinting attacks and delivers usable
* [SkypeMorph: Protocol Obfuscation for Tor Bridges](
* The Tor network is designed to provide users with low- latency anonymous
communications. Tor clients build circuits with publicly listed relays to
anonymously reach their destinations. However, since the relays are publicly
listed, they can be easily blocked by censoring adversaries. Consequently,
the Tor project envisioned the possibility of unlisted entry points to the
Tor network, commonly known as bridges. We address the issue of preventing
censors from detecting the bridges by observing the communications between
them and nodes in their network. We propose a model in which the client
obfuscates its messages to the bridge in a widely used protocol over the
Inter- net. We investigate using Skype video calls as our target protocol
and our goal is to make it difficult for the censor- ing adversary to
distinguish between the obfuscated bridge connections and actual Skype calls
using statistical compar- isons. We have implemented our model as a
proof-of-concept pluggable transport for Tor, which is available under an
open-source licence. Using this implementation we observed the obfuscated
bridge communications and compared it with those of Skype calls and
presented the results.
* [Protocol Misidentification Made Easy with Format-Transforming Encryption](
* Deep packet inspection (DPI) technologies provide much needed visibility and
control of network traffic using port- independent protocol identification,
where a network flow is labeled with its application-layer protocol based on
packet contents. In this paper, we provide the first comprehensive
evaluation of a large set of DPI systems from the point of view of protocol
misidentification attacks, in which adver- saries on the network attempt to
force the DPI to mislabel connections. Our approach uses a new cryptographic
prim- itive called format-transforming encryption (FTE), which extends
conventional symmetric encryption with the ability to transform the
ciphertext into a format of our choosing. We design an FTE-based record
layer that can encrypt arbitrary application-layer traffic, and we
experimentally show that this forces misidentification for all of the
evaluated DPI systems. This set includes a proprietary, enterprise-class DPI
system used by large corporations and nation-states. We also show that using
FTE as a proxy system incurs no latency overhead and as little as 16%
bandwidth overhead compared to standard SSH tunnels. Finally, we integrate
our FTE proxy into the Tor anonymity network and demon- strate that it
evades real-world censorship by the Great Fire- wall of China
* [Cirripede: Circumvention Infrastructure using Router Redirection with Plausible Deniability](
* Many users face surveillance of their Internet communications and a
significant fraction suffer from outright blocking of certain destinations.
Anonymous communication systems allow users to conceal the destinations they
communicate with, but do not hide the fact that the users are using them.
The mere use of such systems may invite suspicion, or access to them may be
blocked. We therefore propose Cirripede, a system that can be used for
unobservable communication with Internet destinations. Cirripede is designed
to be deployed by ISPs; it intercepts connections from clients to
innocent-looking desti- nations and redirects them to the true destination
requested by the client. The communication is encoded in a way that is
indistinguishable from normal communications to anyone without the master
secret key, while public-key cryptogra- phy is used to eliminate the need
for any secret information that must be shared with Cirripede users.
Cirripede is designed to work scalably with routers that handle large
volumes of traffic while imposing minimal over- head on ISPs and not
disrupting existing traffic. This allows Cirripede proxies to be
strategically deployed at central lo- cations, making access to Cirripede
very difficult to block. We built a proof-of-concept implementation of
Cirripede and performed a testbed evaluation of its performance proper- ties
* [TapDance: End-to-Middle Anticensorship without Flow Blocking](
* In response to increasingly sophisticated state-sponsored Internet
censorship, recent work has proposed a new ap- proach to censorship
resistance: end-to-middle proxying. This concept, developed in systems such
as Telex, Decoy Routing, and Cirripede, moves anticensorship technology into
the core of the network, at large ISPs outside the censoring country. In
this paper, we focus on two technical obstacles to the deployment of certain
end-to-middle schemes: the need to selectively block flows and the need to
observe both directions of a connection. We propose a new construction,
TapDance, that removes these require- ments. TapDance employs a novel
TCP-level technique that allows the anticensorship station at an ISP to
function as a passive network tap, without an inline blocking com- ponent.
We also apply a novel steganographic encoding to embed control messages in
TLS ciphertext, allowing us to operate on HTTPS connections even under
asymmetric routing. We implement and evaluate a TapDance proto- type that
demonstrates how the system could function with minimal impact on an ISP’s
network operations.
* [Chipping Away at Censorship Firewalls with User-Generated Content](
* Oppressive regimes and even democratic governments restrict Internet access.
Existing anti-censorship systems often require users to connect through
proxies, but these systems are relatively easy for a censor to discover and
block. This paper offers a possible next step in the cen- sorship arms race:
rather than relying on a single system or set of proxies to circumvent
censorship firewalls, we explore whether the vast deployment of sites that
host user-generated content can breach these firewalls. To explore this
possibility, we have developed Collage, which allows users to exchange
messages through hidden chan- nels in sites that host user-generated
content. Collage has two components: a message vector layer for embedding
content in cover traffic; and a rendezvous mechanism to allow parties to
publish and retrieve messages in the cover traffic. Collage uses
user-generated content (e.g. , photo-sharing sites) as “drop sites” for
hidden messages. To send a message, a user embeds it into cover traffic and
posts the content on some site, where receivers retrieve this content using
a sequence of tasks. Collage makes it difficult for a censor to monitor or
block these messages by exploiting the sheer number of sites where users can
exchange messages and the variety of ways that a mes- sage can be hidden.
Our evaluation of Collage shows that the performance overhead is acceptable
for sending small messages (e.g. , Web articles, email). We show how Collage
can be used to build two applications: a direct messaging application, and a
Web content delivery sys- tem
* [Unblocking the Internet: Social networks foil censors](
* Many countries and administrative domains exploit control over their
communication infrastructure to censor online content. This paper presents
the design, im plementation and evaluation of Kaleidoscope , a peer-to-peer
system of relays that enables users within a censored domain to access
blocked content. The main challenge facing Kaleidoscope is to resist the
cens or’s efforts to block the circumvention system itself. Kaleidoscope
achieves blocking-resilienc e using restricted service discovery that allows
each user to discover a small set of unblocked relays while only exposing a
small fraction of relays to the censor. To restrict service discovery,
Kaleidoscope leverages a trust network where links reflects real-world
social relationships among users and uses a limited advertisement protocol
based on random routes to disseminate relay addresses along the trust netwo
rk; the number of nodes reached by a relay advertisement should ideally be
inversely proportional to the maximum fraction of infiltration and is
independent of the network size. To increase service availa bility in large
networks with few exit relay nodes, Kaleidoscope forwards the actual data
traffic across multiple relay hops without risking exposure of exit relays.
Using detailed analysis and simulations, we show that Kalei doscope
provides > 90% service availability even under substantial infiltration
(close to 0.5% of edges) and when only 30% of the relay nodes are online. We
have implemented and deployed our system on a small scale serving over
100,000 requests to 40 censored users (relatively small user base to realize
Kaleidoscope’s anti-blocking guarantees) spread across different countries
and administrative domains over a 6-month period
* [A Technical Description of Psiphon](
* [Discovering Browser Extensions via Web Accessible Resources - Chalmers security lab](
#### Talks & Videos (& Presentations)
* [Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting](
* [Because Jail is for WUFTPD - Legendary talk, a must watch.](
* [The Gruqgs blog](
* [COMSEC: Beyond encryption](
* [DEFCON 20: Can You Track Me Now? Government And Corporate Surveillance Of Mobile Geo-Location Data](
* [Detecting and Defending Against a Surveillance State - DEFCON 22 - Robert Rowley](
* [Detecting and Defending Against a Surveillance State - Robert Rowley - DEF CON 22](
* [The NSA: Capabilities and Countermeasures - ShmooCon 2014](
* [Blinding The Surveillance State - Christopher Soghoian - DEF CON 22](
* [Client Identification Mechanisms](
* [Can you track me now? - Defcon20](
* [Phones and Privacy for Consumers - Matt Hoy (mattrix) and David Khudaverdyan (deltaflyer)](
* [Retail Surveillance / Retail Countersurveillance 50 most unwanted retail surveillance technologies / 50 most wanted countersurveillance technologies](
* [OPSEC Concerns in Using Crypto](
* [De-Anonymizing Alt.Anonymous. Messages - Defcon21 - Tom Ritter](
* [PISSED: Privacy In a Surveillance State Evading Detection - Joe Cicero - CYPHERCON11 ](
* [What Happens Next Will Amaze You](
* [Wifi Tracking: Collecting the (probe) Breadcrumbs - David Switzer](
* Wifi probes have provided giggles via Karma and Wifi Pineapples for years,
but is there more fun to be had? Like going from sitting next to someone on
a bus, to knowing where they live and hang out? Why try to MITM someone’s
wireless device in an enterprise environment where they may notice — when
getting them at their favorite burger joint is much easier. In this talk we
will review ways of collecting and analyzing probes. We’ll use the resulting
data to figure out where people live, their daily habits, and discuss uses
(some nice, some not so nice) for this information. We’ll also dicuss how to
make yourself a little less easy to track using these methods. Stingrays are
price prohibitive, but for just tracking people’s movements.. this is cheap
and easy.
* [How Tor Users Got Caught - Defcon 22]( \*
[Part 2](
* [Article - How Tor Users Got Caught by Government Agencies](
* [You Are Being Tracked: How License Plate Readers Are Being Used to Record Americans' Movements - ACLU](
* [Deep Dive Into Tor Onion Services - David Goulet](
* [Winning and Quitting the Privacy Game What it REALLY takes to have True Privacy in the 21st Century - Derbycon 7](
#### Tools
* [FakeNameGenerator](
* [MAT: Metadata Anonymisation Toolkit](
* MAT is a toolbox composed of a GUI application, a CLI application and a
* [fteproxy](
* fteproxy is fast, free, open source, and cross platform. It has been shown
to circumvent network monitoring software such as bro, YAF, nProbe,
l7-filter, and appid, as well as closed-source commercial DPI systems
* [Streisand](
* Streisand sets up a new server running L2TP/IPsec, OpenSSH, OpenVPN,
Shadowsocks, sslh, Stunnel, and a Tor bridge. It also generates custom
configuration instructions for all of these services. At the end of the run
you are given an HTML file with instructions that can be shared with
friends, family members, and fellow activists.
* [exitmap](
* Exitmap is a fast and modular Python-based scanner for Tor exit relays.
Exitmap modules implement tasks that are run over (a subset of) all exit
relays. If you have a background in functional programming, think of exitmap
as a map() interface for Tor exit relays. Modules can perform any TCP-based
networking task; fetching a web page, uploading a file, connecting to an SSH
server, or joining an IRC channel.
* [OnionCat - an Anonymous VPN adapter](
* [howmanypeoplearearound](
* Count the number of people around you 👨‍👨‍👦 by monitoring wifi signals 📡
* [Decentraleyes](
* Protects you against tracking through "free", centralized, content delivery.
It prevents a lot of requests from reaching networks like Google Hosted
Libraries, and serves local files to keep sites from breaking. Complements
regular content blockers.
* [Decentraleyes - Github](
* A web browser extension that emulates Content Delivery Networks to improve
your online privacy. It intercepts traffic, finds supported resources
locally, and injects them into the environment. All of this happens
automatically, so no prior configuration is required.
* [Destroy-Windows-10-Spying](
* Destroy Windows Spying tool
* [meek](
* meek is a blocking-resistant pluggable transport for Tor. It encodes a data
stream as a sequence of HTTPS requests and responses. Requests are reflected
through a hard-to-block third-party web server in order to avoid talking
directly to a Tor bridge. HTTPS encryption hides fingerprintable byte
patterns in Tor traffic.sek
* [HTTPLeaks](
* HTTPLeaks - All possible ways, a website can leak HTTP requests
#### Misc
* [.NET Github: .NET core should not SPY on users by default #3093](
* [.NET Github: Revisit Telemetry configuration #6086 ](

+ 0
- 744
Sphinx/source/ View File

@ -1,744 +0,0 @@
## Attacking Android Devices
### Table of Contents
* [Cull](#Cull)
* [Intro](#Intro)
* [Android Internals](#AInternals)
* [Securing Android](#SecAnd)
* [Android Apps](#Apps)
* [Vulnerabilities](#Vulns)
* [Exploits](#Exploits)
* [Device Analysis](#DAnalysis)
* [Application Analysis](#AppAnalysis)
* Dynamic Analysis
* Static Analysis
* [Online APK Analyzers](#OnlineAPK)
* [Attack Platforms](#APlatforms)
* [Android Malware](#Malware)
* [Reverse Engineering Android](#RE)
* [Interesting Papers](#Papers)
* [Write-ups](#Write)
* [Educational Materials](#Education)
* [Books](#Books)
* [Other](#Other)
#### Cull
* [When 'EFBFBD' and Friends Come Knocking: Observations of Byte Array to String Conversions](
* [Intercepting HTTPS traffic of Android Nougat Applications](
* TL;DR To intercept network traffic for Android 7.0 targeted applications,
introduce a res/xml/network_security_config.xml file.
* [Add Security Exception to APK](
* [DonkeyGuard](
* DonkeyGuard allows you a fine-grained tuning of access to your private data.
It currently supports 41 restrictions which can be applied for every
application. Specifically, it is a Privacy service provider which implements
a set of modifications to the Android Framework to allow you to interact
with applications which are trying to access your private data.
* [The Android boot process](
* [Miroslav Stampar - Android: Practical Introduction into the (In)Security](
* This presentation covers the user’s deadly sins of Android (In)Security,
together with implied system security problems. Each topic could potentially
introduce unrecoverable damage from security perspective. Both local and
remote attacks are covered, along with accompanying practical demo of most
interesting ones.
### General
* [Droidsec - Pretty much should be your first stop](
* [Hacking Your Way Up The Mobile Stack](
* [csploit](
* "The most complete and advanced IT security professional toolkit on
Android."(From their site)
* [Github Link](
* [Mobile Application Penetration Testing Cheat Sheet](
### Android Internals
* [Dalvik opcodes](
* [Dalvik Bytecode Format docs](
* [The Android boot process from power on](
* [Trusted Execution Environments and Android](
### Securing Android
* [Android (In)Security (Defcamp 2014)](
* [Android Forensics Class](
* Free - This class serves as a foundation for mobile digital forensics,
forensics of Android operating systems, and penetration testing of Android
* [Android Hardening Guide by the TOR developers](
* This blog post describes the installation and configuration of a prototype
of a secure, full-featured, Android telecommunications device with full Tor
support, individual application firewalling, true cell network baseband
isolation, and optional ZRTP encrypted voice and video support. ZRTP does
run over UDP which is not yet possible to send over Tor, but we are able to
send SIP account login and call setup over Tor independently. The SIP client
we recommend also supports dialing normal telephone numbers if you have a
SIP gateway that provides trunking service. Aside from a handful of binary
blobs to manage the device firmware and graphics acceleration, the entire
system can be assembled (and recompiled) using only FOSS components.
However, as an added bonus, we will describe how to handle the Google Play
store as well, to mitigate the two infamous Google Play Backdoors.
* [Android 4.0+ Hardening Guide/Checklist by University of Texas](
* [Mobile self-defense - Karsten Nohl](
#### Applications
* [Android Firewall(Requires Root)](
* Xprivacy - The Ultimate Android Privacy Manager(Requires Root
* [Github](
* [Google Play](
#### Backups
* [Titanium Backup](
* Personal favorite for making backups. Backups are stored locally or
automatically to various cloud services.
* [Helium Backup(Root Not Required)]( \*
* Backs up data locally or to various cloud services. Local client available
for backups directly to PC.
* [Stunneller](
* Android app for easy stunnel usage
### Encryption
* Check the Encryption section of the overall guide for more information.
* [Android Reverse Engineering Defenses](
#### Vulnerabilities
* [List of Android Vulnerabilities](
* [AndroBugs Framework](
* AndroBugs Framework is an Android vulnerability analysis system that helps
developers or hackers find potential security vulnerabilities in Android
#### Exploits
* [List of Android Exploits](
* [Android_Kernel_CVE_POC](
* [](
* Personal site of Scotty Bauer
### Device Analysis
* [android-cluster-toolkit](
* The Android Cluster Toolkit helps organize and manipulate a collection of
Android devices. It was designed to work with a collection of devices
connected to the same host machine, either directly or via one or more tiers
of powered USB hubs. The tools within can operate on single devices, a
selected subset, or all connected devices at once.
* [privmap - android](
* A tool for enumerating the effective privileges of processes on an Android
* [canhazaxs](
* A tool for enumerating the access to entries in the file system of an
Android device.
* [Android Device Testing Framework(DTF)](
* The Android Device Testing Framework ("dtf") is a data collection and
analysis framework to help individuals answer the question: "Where are the
vulnerabilities on this mobile device?" Dtf provides a modular approach and
built-in APIs that allows testers to quickly create scripts to interact with
their Android devices. The default download of dtf comes with multiple
modules that allow testers to obtain information from their Android device,
process this information into databases, and then start searching for
vulnerabilities (all without requiring root privileges). These modules help
you focus on changes made to AOSP components such as applications,
frameworks, system services, as well as lower-level components such as
binaries, libraries, and device drivers. In addition, you'll be able to
analyze new functionality implemented by the OEMs and other parties to find
* [drozer](
* drozer allows you to search for security vulnerabilities in apps and devices
by assuming the role of an app and interacting with the Dalvik VM, other
apps' IPC endpoints and the underlying OS.
### Application Analysis
* [APK Studio - Android Reverse Engineering](
* APK Studio is an IDE for decompiling/editing & then recompiling of android
application binaries. Unlike initial release being Windows exclusive & also
didn't support frameworks, this one is completely re-written using QT for
cross-platform support. You can now have multiple frameworks installed &
pick a particular one on a per project basis.
* [Smali Control-Flow-Graphs](
* [PID Cat](
* An update to Jeff Sharkey's excellent logcat color script which only shows
log entries for processes from a specific application package. During
application development you often want to only display log messages coming
from your app. Unfortunately, because the process ID changes every time you
deploy to the phone it becomes a challenge to grep for the right thing. This
script solves that problem by filtering by application package. Supply the
target package as the sole argument to the python script and enjoy a more
convenient development process.
* [AndBug - Scriptable Android Debugger](
* AndBug is a debugger targeting the Android platform's Dalvik virtual machine
intended for reverse engineers and developers. It uses the same interfaces
as Android's Eclipse debugging plugin, the Java Debug Wire Protocol (JDWP)
and Dalvik Debug Monitor (DDM) to permit users to hook Dalvik methods,
examine process state, and even perform changes.
* [android-lkms](
* Android Loadable Kernel Modules - mostly used for reversing and debugging on
controlled systems/emulators.
* [Simplify - Simple Android De-obfuscator](
* Simplify uses a virtual machine to understand what an app does. Then, it
applies optimizations to create code that behaves identically, but is easier
for a human to understand. Specifically, it takes Smali files as input and
outputs a Dex file with (hopefully) identical semantics but less complicated
* [Cuckoo-Droid]([danr1986/cuckoo-droid/blob/master/
* CuckooDroid is an extension of Cuckoo Sandbox the Open Source software for
automating analysis of suspicious files, CuckooDroid brigs to cuckoo the
capabilities of execution and analysis of android application.
* [elsim - Elements Similarities](
* Similarities/Differences of applications (aka rip-off indicator)
* This tool detects and reports: the identical methods; the similar methods;
the deleted methods; the new methods; the skipped methods.
### Dynamic Analysis
* [APKInspector](
* APKinspector is a powerful GUI tool for analysts to analyze the Android
* [DroidBox](
* DroidBox is developed to offer dynamic analysis of Android applications.
Additionally, two images are generated visualizing the behavior of the
package. One showing the temporal order of the operations and the other one
being a treemap that can be used to check similarity between analyzed
* [ddi - Dynamic Dalvik Instrumentation Toolkit](ttps://
* Simple and easy to use toolkit for dynamic instrumentation of Dalvik code.
Instrumentation is based on library injection and hooking method entry
points (in-line hooking). The actual instrumentation code is written using
the JNI interface. The DDI further supports loading additional dex classes
into a process. This enables instrumentation code to be partially written in
Java and thus simplifies interacting with the instrumented process and the
Android framework.
* [Hooker](
* Hooker is an opensource project for dynamic analyses of Android
applications. This project provides various tools and applications that can
be use to automaticaly intercept and modify any API calls made by a targeted
application. It leverages Android Substrate framework to intercept these
calls and aggregate all their contextual information (parameters, returned
values, ...). Collected information can either be stored in a distributed
database (e.g. ElasticSearch) or in json files. A set of python scripts is
also provided to automatize the execution of an analysis to collect any API
calls made by a set of applications.
* [Android-SSL-TrustKiller](
* Blackbox tool to bypass SSL certificate pinning for most applications
running on a device.
* [JustTrustMe - Cert Pinning using Xposed](
* An xposed module that disables SSL certificate checking. This is useful for
auditing an appplication which does certificate pinning. You can read about
the practice of cert pinning here(1). There also exists a nice framework
built by @moxie to aid in pinning certs in your app: certificate pinning
- [AndroidPinning](
* AndroidPinning is a standalone Android library project that facilitates
certificate pinning for SSL connections from Android apps, in order to
minimize dependence on Certificate Authorities.
- [AndBug - A Scriptable Android Debugger](
* AndBug is a debugger targeting the Android platform's Dalvik virtual machine
intended for reverse engineers and developers. It uses the same interfaces
as Android's Eclipse debugging plugin, the Java Debug Wire Protocol (JDWP)
and Dalvik Debug Monitor (DDM) to permit users to hook Dalvik methods,
examine process state, and even perform changes.
- [android-gdb](
* GDB fork targetting Android/Fennec development
- [How to avoid certificate pinning in the latest versions of Android](
### Static Analysis
* [Disect Android APKs like a Pro - Static code analysis](
* [Androguard](
* Androguard is mainly a tool written in python to play with: Dex/Odex (Dalvik
virtual machine) (.dex) (disassemble, decompilation), APK (Android
application) (.apk), Android's binary xml (.xml), Android Resources (.arsc).
Androguard is available for Linux/OSX/Windows (python powered).
* [Dexter](
* Dexter is a static android application analysis tool.\
- [Static Code Analysis of Major Android Web Browsers](
- [Androwarn](
* Androwarn is a tool whose main aim is to detect and warn the user about
potential malicious behaviours developped by an Android application. The
detection is performed with the static analysis of the application's Dalvik
bytecode, represented as Smali. This analysis leads to the generation of a
report, according to a technical detail level chosen from the user.
- [Thresher](
* Thresher is a static analysis tool that specializes in checking heap
reachability properties. Its secret sauce is using a coarse up-front
points-to analysis to focus a precise symbolic analysis on the alarms
reported by the points-to analysis.
* [[PAPER] Thresher: Precise Refutations for Heap Reachability](
* [lint - Static Analysis](
* The Android lint tool is a static code analysis tool that checks your
Android project source files for potential bugs and optimization
improvements for correctness, security, performance, usability,
accessibility, and internationalization.
* [Flow Droid - Taint Analysis](
* FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware
static taint analysis tool for Android applications.
* [[PAPER] FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps](
* In this work we thus present F LOW D ROID , a novel and highly precise
static taint analysis for Android applications. A precise model of
Android’s lifecycle allows the analysis to properly handle callbacks
invoked by the Android framework, while context, flow, field and
object-sensitivity allows the analysis to reduce the number of false
alarms. Novel on-demand algorithms help F LOW D ROID maintain high
efficiency and precision at the same time.
* [dedex](
* Is a command line tool for disassembling Android DEX files.
* [DexMac](
* Is a native OSX application for disassembling Android DEX files.
* [dexdissasembler](
* Is a GTK tool for disassembling Android DEX files.
* [dex.Net](
* A Mono/.NET library to parse Android DEX files. Its main purpose is to
support utilities for disassembling and presenting the contents of DEX
* [apk2gold](
* CLI tool for decompiling Android apps to Java. It does resources! It does
Java! Its real easy!
* [Android Unpacker presented at Defcon 22: Android Hacker Protection Level 0](
* [byte-code viewer](
* Bytecode Viewer is an Advanced Lightweight Java Bytecode Viewer, GUI Java
Decompiler, GUI Bytecode Editor, GUI Smali, GUI Baksmali, GUI APK Editor,
GUI Dex Editor, GUI APK Decompiler, GUI DEX Decompiler, GUI Procyon Java
Decompiler, GUI Krakatau, GUI CFR Java Decompiler, GUI FernFlower Java
Decompiler, GUI DEX2Jar, GUI Jar2DEX, GUI Jar-Jar, Hex Viewer, Code
Searcher, Debugger and more. It's written completely in Java, and it's open
sourced. It's currently being maintained and developed by Konloch.
* [Disect Android APKs like a Pro - Static code analysis](
### Online APK Analyzers
* [Mobile Sandbox](
* Provide an Android application file (apk-file) and the Mobile-Sandbox will
analyze the file for any malicious behaviour.
* [CopperDroid](
* Upload an .apk for static analysis
* [Andrototal](
* AndroTotal is a free service to scan suspicious APKs against multiple mobile
antivirus apps.
### Attack Platforms
* [drozer](
* drozer allows you to search for security vulnerabilities in apps and devices
by assuming the role of an app and interacting with the Dalvik VM, other
apps' IPC endpoints and the underlying OS.
* [Android Tamer](
* Android Tamer is a one stop tool required to perform any kind of operations
on Android devices / applications / network VM
### Android Malware
* [Rundown of Android Packers](
* [APK File Infection on an Android System](]
* [Manifesto](
* PoC framework for APK obfuscation, used to demonstrate some of the
obfuscation examples from It supports plugins
(located in processing directory) that can do different obfuscation
techniques. Main gist is that you run manifesto on the APK file and it
produces an obfuscated APK file.
* [Android Hacker Protection Level 0](
* DEF CON 22 - Tim Strazzere and Jon Sawyer - Obfuscator here, packer there -
the Android ecosystem is becoming a bit cramped with different protectors
for developers to choose. With such limited resources online about attacking
these protectors, what is a new reverse engineer to do? Have no fear, after
drinking all the cheap wine two Android hackers have attacked all the
protectors currently available for everyones enjoyment! Whether you've never
reversed Android before or are a hardened veteran there will be something
for you, along with all the glorious PoC tools and plugins for your little
heart could ever desire.
* [kwetza](
* Python script to inject existing Android applications with a Meterpreter
### Reverse Engineering Android
* [APK Studio - Android Reverse Engineering](
* APK Studio is an IDE for decompiling/editing & then recompiling of android
application binaries. Unlike initial release being Windows exclusive & also
didn't support frameworks, this one is completely re-written using QT for
cross-platform support. You can now have multiple frameworks installed &
pick a particular one on a per project basis.
* [Android apk-tool](
* It is a tool for reverse engineering 3rd party, closed, binary Android apps.
It can decode resources to nearly original form and rebuild them after
making some modifications; it makes possible to debug smali code step by
step. Also it makes working with app easier because of project-like files
structure and automation of some repetitive tasks like building apk, etc.
* [Reversing and Auditing Android’s Proprietary bits](
* [Smali](
* smali/baksmali is an assembler/disassembler for the dex format used by
dalvik, Android's Java VM implementation. The syntax is loosely based on
Jasmin's/dedexer's syntax, and supports the full functionality of the dex
format (annotations, debug info, line info, etc.)
* [APKinpsector](
* APKinspector is a powerful GUI tool for analysts to analyze the Android
* [Dexter](
* Dexter is a static android application analysis tool.
* [Reversing Android Apps Slides](
* [AndroChef](
* AndroChef Java Decompiler is Windows XP, Windows 2003, Windows Vista,
Windows 7, Windows 8, 8.1 decompiler for Java that reconstructs the original
source code from the compiled binary CLASS files. AndroChef Java Decompiler
is able to decompile the most complex Java 6 applets and binaries, producing
accurate source code. AndroChef successfully decompiles obfuscated Java 6
and Java 7 .class and .jar files. Support Java language features like
generics, enums and annotations. According to some studies, AndroChef Java
Decompiler is able to decompile 98.04% of Java applications generated with
traditional Java compilers- a very high recovery rate. It is simple but
powerful tool that allows you to decompile Java and Dalvik bytecode (DEX,
APK) into readable Java source. Easy to use.
* [Instrumenting Android Applications with Frida](
* [smali_emulator](
* This software will emulate a smali source file generated by apktool.
* [ARE - Virtual Machine for Android Reverse Engineering](
* [Android Applications Reversing 101](
* [Android Crackmes](
* [Hacking Android apps with FRIDA I](
* [Want to break some Android apps? - Android Crackmes- Carnal0wnage](
* [Dex Education 201 - Anti-Emulation.pdf](
* [List of Android Crackmes](