Browse Source

Small update

Small update. Letting people know this isn't dead. More updates coming
soon. (tm)
pull/4/merge
Robert 7 years ago
parent
commit
58f1077f2a
12 changed files with 414 additions and 18 deletions
  1. +13
    -0
      Draft/Draft/Attacking Defending Android -.md
  2. +2
    -0
      Draft/Draft/Cheat sheets reference pages Checklists -.md
  3. +2
    -0
      Draft/Draft/Disinformation -.md
  4. +15
    -0
      Draft/Draft/Documentation & Reports -.md
  5. +1
    -1
      Draft/Draft/Exfiltration.md
  6. +54
    -3
      Draft/Draft/Exploit Development.md
  7. +2
    -0
      Draft/Draft/Forensics Incident Response.md
  8. +4
    -0
      Draft/Draft/Interesting Things Useful stuff.md
  9. +2
    -2
      Draft/Draft/Network Attacks & Defenses.md
  10. +3
    -2
      Draft/Draft/Steal Everything Kill Everyone Profit.md
  11. +18
    -0
      Draft/Draft/System Internals Windows and Linux Internals Reference.md
  12. +298
    -10
      Draft/Draft/To Do/add cull -3.txt

+ 13
- 0
Draft/Draft/Attacking Defending Android -.md View File

@ -42,9 +42,22 @@ Cull
### Cull/Sort
fdroidcl
https://github.com/mvdan/fdroidcl#advantages-over-the-android-clientx
F-Droid desktop client.
[AndBug - A Scriptable Android Debugger](https://github.com/swdunlop/AndBug)
* AndBug is a debugger targeting the Android platform's Dalvik virtual machine intended for reverse engineers and developers. It uses the same interfaces as Android's Eclipse debugging plugin, the Java Debug Wire Protocol (JDWP) and Dalvik Debug Monitor (DDM) to permit users to hook Dalvik methods, examine process state, and even perform changes.
AndroBugs Framework
https://github.com/AndroBugs/AndroBugs_Framework
AndroBugs Framework is an Android vulnerability analysis system that helps developers or hackers find potential security vulnerabilities in Android applications
https://blog.gdssecurity.com/labs/2015/2/18/when-efbfbd-and-friends-come-knocking-observations-of-byte-a.html
[AndroChef](http://androiddecompiler.com/)
* AndroChef Java Decompiler is Windows XP, Windows 2003, Windows Vista, Windows 7, Windows 8, 8.1 decompiler for Java that reconstructs the original source code from the compiled binary CLASS files. AndroChef Java Decompiler is able to decompile the most complex Java 6 applets and binaries, producing accurate source code. AndroChef successfully decompiles obfuscated Java 6 and Java 7 .class and .jar files. Support Java language features like generics, enums and annotations. According to some studies, AndroChef Java Decompiler is able to decompile 98.04% of Java applications generated with traditional Java compilers- a very high recovery rate. It is simple but powerful tool that allows you to decompile Java and Dalvik bytecode (DEX, APK) into readable Java source. Easy to use.


+ 2
- 0
Draft/Draft/Cheat sheets reference pages Checklists -.md View File

@ -26,6 +26,8 @@ TOC
CULL
| **tmux Cheat Sheet** | http://tmuxcheatsheet.com/
[IdaRef](https://github.com/nologic/idaref)
* IDA Pro Full Instruction Reference Plugin - It's like auto-comments but useful.


+ 2
- 0
Draft/Draft/Disinformation -.md View File

@ -7,6 +7,8 @@
https://web.archive.org/web/20150921054800id_/http://fair.org/home/down-the-memory-hole-nyt-erases-cias-efforts-to-overthrow-syrias-government/
https://meduza.io/en/feature/2015/02/02/a-man-who-s-seen-society-s-black-underbelly


+ 15
- 0
Draft/Draft/Documentation & Reports -.md View File

@ -2,6 +2,21 @@
For writing technical documentation.
CrScreenshotDxe
UEFI DXE driver to take screenshots from GOP-compatible graphic console
https://github.com/NikolajSchlej/CrScreenshotDxe
#####TOC
* [Collaboration Tools](#collab)
* [Writing](#writing)


+ 1
- 1
Draft/Draft/Exfiltration.md View File

@ -16,7 +16,7 @@ Stunnel
[[Virus] Self-modifying code-short overview for beginners](http://phimonlinemoinhat.blogspot.com/2010/12/virus-self-modifying-code-short.html)
https://github.com/sensepost/det
iodine


+ 54
- 3
Draft/Draft/Exploit Development.md View File

@ -40,6 +40,27 @@ TOC
* [OllyDbg Tricks](#ollydbg)
* [Books and Links](#books
Return into Lib(C) Theory Primer(Security-Tube)
http://www.securitytube.net/video/257
https://www.corelan.be/index.php/2013/02/26/root-cause-analysis-memory-corruption-vulnerabilities/
https://www.usenix.org/system/files/login/articles/105516-Schwartz.pdf
Jump-Oriented Programming: A New Class of Code-Reuse
https://www.comp.nus.edu.sg/~liangzk/papers/asiaccs11.pdf
[OneRNG](http://moonbaseotago.com/onerng/theory.html)
Finding Opcodes
@ -54,9 +75,7 @@ Corelan Exploit Series: https://www.corelan.be/index.php/articles/
[Vulnserver](http://www.thegreycorner.com/2010/12/introducing-vulnserver.html)
* I have just released a program named Vulnserver - a Windows based threaded TCP server application that is designed to be exploited.
[HackSys Extreme Vulnerable Driver](http://www.payatu.com/hacksys-extreme-vulnerable-driver/)
* HackSys Extreme Vulnerable Driver is intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level.
* HackSys Extreme Vulnerable Driver caters wide range of vulnerabilities ranging from simple Buffer Overflows to complex Use After Frees and Pool Overflows. This allows the researchers to explore the exploitation techniques for all the implemented vulnerabilities.z6z
[jmp2it](https://github.com/adamkramer/jmp2it)
This will allow you to transfer EIP control to a specified offset within a file containing shellcode and then pause to support a malware analysis investigation The file will be mapped to memory and maintain a handle, allowing shellcode to egghunt for second stage payload as would have happened in original loader Patches / self modifications are dynamically written to jmp2it-flypaper.out
@ -363,6 +382,16 @@ AVM Fritz!Box root RCE: From Patch to Metasploit Module
* A bug in Linux ASLR implementation for versions prior to 3.19-rc3 has been found. The issue is that the stack for processes is not properly randomized on some 64 bit architectures due to an integer overflow. This is a writeup of the bug and how to fix it.
Linux GLibC Stack Canary Values
https://xorl.wordpress.com/2010/10/14/linux-glibc-stack-canary-values/
###<a name="winspec">Windows Specific</a>
[A Brief History of Exploit Techniques and Mitigations on Windows](http://www.hick.org/~mmiller/presentations/misc/exploitation_techniques_and_mitigations_on_windows.pdf)
@ -382,6 +411,28 @@ AVM Fritz!Box root RCE: From Patch to Metasploit Module
[Exploiting the Otherwise Non-Exploitable on Windows](http://uninformed.org/?v=all&a=22&t=sumry)
* This paper describes a technique that can be applied in certain situations to gain arbitrary code execution through software bugs that would not otherwise be exploitable, such as NULL pointer dereferences. To facilitate this, an attacker gains control of the top-level unhandled exception filter for a process in an indirect fashion. While there has been previous work illustrating the usefulness in gaining control of the top-level unhandled exception filter, Microsoft has taken steps in XPSP2 and beyond, such as function pointer encoding, to prevent attackers from being able to overwrite and control the unhandled exception filter directly. While this security enhancement is a marked improvement, it is still possible for an attacker to gain control of the top-level unhandled exception filter by taking advantage of a design flaw in the way unhandled exception filters are chained. This approach, however, is limited by an attacker's ability to control the chaining of unhandled exception filters, such as through the loading and unloading of DLLs. This does reduce the global impact of this approach; however, there are some interesting cases where it can be immediately applied, such as with Internet Explorer.
Attacking x86 Windows Binaries by Jump Oriented Programming
http://www.uni-obuda.hu/users/szakala/INES%202013%20pendrive/61_ines2013.pdf
[HackSys Extreme Vulnerable Driver](http://www.payatu.com/hacksys-extreme-vulnerable-driver/)
* HackSys Extreme Vulnerable Driver is intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level.
* HackSys Extreme Vulnerable Driver caters wide range of vulnerabilities ranging from simple Buffer Overflows to complex Use After Frees and Pool Overflows. This allows the researchers to explore the exploitation techniques for all the implemented vulnerabilities.z6z
Beta aaKsYS TEAM: EGG HUNTER (Windows)
https://www.exploit-db.com/docs/18482.pdf
* Explanation of egghunters, how they work and a working demonstration on windows.
####SEH/SE-HOP Defeat/Bypass
Great Writeup/Example of SEH Bypass
http://www.primalsecurity.net/0x3-exploit-tutorial-buffer-overflow-seh-bypass/
SEH Overwrites Simplified v1.01
http://repo.palkeo.com/hacking/bas%20niveau/SEH%20overwrite.pdf


+ 2
- 0
Draft/Draft/Forensics Incident Response.md View File

@ -24,6 +24,8 @@ Better security - Mean time to detect/Mean time to respond
###CULL
https://forensiccontrol.com/resources/free-software/
[Human Hunting](http://www.irongeek.com/i.php?page=videos/bsidessf2015/108-human-hunting-sean-gillespie) * Much of what appears to be happening in information security seems to be focused on replacing humans with magic boxes and automation rather than providing tools to augment human capabilities. However, when we look at good physical security we see technology is being used to augment human capabilities rather than simply replace them. The adversary is human so we are ultimately looking for human directed behaviors. If analysts don't know how to go looking for evil without automated detection tools then they are not going to be able to effectively evaluate if the detection tools are working properly or if the deployment was properly engineered. An over reliance on automated detection also puts organizations in a position of paying protection money if they want to remain secure. We should be spending more resources on honing analyst hunting skills to find human adversaries rather than purchasing more automated defenses for human adversaries to bypass.


+ 4
- 0
Draft/Draft/Interesting Things Useful stuff.md View File

@ -35,6 +35,10 @@ http://www.securitywizardry.com/radar.htm
###CULL
https://github.com/vrtadmin/moflow
https://medium.com/@networksecurity/oleoutlook-bypass-almost-every-corporate-security-control-with-a-point-n-click-gui-37f4cbc107d0#.r3x0vnfir
[No one expect command execution!](http://0x90909090.blogspot.fr/2015/07/no-one-expect-command-execution.html)


+ 2
- 2
Draft/Draft/Network Attacks & Defenses.md View File

@ -35,9 +35,9 @@ http://www.exploit-db.com/papers/35425/
###Cull
[DNS Dumpster](DNSdumpster.com is a FREE domain research tool that can discover hosts related to a domain. Finding visible hosts from the attackers perspective is an important part of the security assessment process.)
[DNS Dumpster](DNSdumpster.com is a free domain research tool that can discover hosts related to a domain. Finding visible hosts from the attackers perspective is an important part of the security assessment process.)
[More on HNAP - What is it, How to Use it, How to Find it](https://isc.sans.edu/diary/More+on+HNAP+-+What+is+it%2C+How+to+Use+it%2C+How+to+Find+it/17648)
[More on HNAP - What is it, How to Use it,How to Find it](https://isc.sans.edu/diary/More+on+HNAP+-+What+is+it%2C+How+to+Use+it%2C+How+to+Find+it/17648)
[ms15-034.nse Script](https://github.com/pr4jwal/quick-scripts/blob/master/ms15-034.nse)


+ 3
- 2
Draft/Draft/Steal Everything Kill Everyone Profit.md View File

@ -44,8 +44,9 @@ Coding Malware for fun and no profit
[Spidernet](https://github.com/wandering-nomad/Spidernet)
* Proof of Concept of SSH Botnet C&C Using Python
Pupy
https://github.com/n1nj4sec/pupy
Pupy is an opensource, multi-platform Remote Administration Tool with an embedded Python interpreter. Pupy can load python packages from memory and transparently access remote python objects. Pupy can communicate using different transports and have a bunch of cool features & modules. On Windows, Pupy is a reflective DLL and leaves no traces on disk.


+ 18
- 0
Draft/Draft/System Internals Windows and Linux Internals Reference.md View File

@ -14,6 +14,21 @@ CULL
CULL
TechNet Library: About Processes and Threads
https://msdn.microsoft.com/en-us/library/windows/desktop/ms681917%28v=vs.85%29.aspx
WinHTTP
https://msdn.microsoft.com/en-us/library/windows/desktop/aa382925%28v=vs.85%29.aspx
WinINet
https://msdn.microsoft.com/en-us/library/windows/desktop/aa383630%28v=vs.85%29.aspx
WinINet vs WinHTTP
https://msdn.microsoft.com/en-us/library/windows/desktop/hh227298%28v=vs.85%29.aspx
http://linux-audit.com/elf-binaries-on-linux-understanding-and-analysis/?utm_content=buffere95dc&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
[Collection of Windows Autostart locations](http://gladiator-antivirus.com/forum/index.php?showtopic=24610)
[pagexec - GRSEC](https://pax.grsecurity.net/docs/pageexec.txt)
@ -21,6 +36,9 @@ CULL
Windows - Named Pipes
https://msdn.microsoft.com/en-us/library/windows/desktop/aa365590%28v=vs.85%29.aspx
[Instruments - OS X system analysis](https://developer.apple.com/library/mac/documentation/DeveloperTools/Conceptual/InstrumentsUserGuide/Introduction/Introduction.html)
* Instruments is a performance-analysis and testing tool for dynamically tracing and profiling OS X and iOS code. It is a flexible and powerful tool that lets you track a process, collect data, and examine the collected data. In this way, Instruments helps you understand the behavior of both user apps and the operating system.


Draft/Draft/To Do/add cull -2.txt → Draft/Draft/To Do/add cull -3.txt View File


Loading…
Cancel
Save