Notes
Here you’ll find some things I think are interesting but that don’t require the writing of a full article.
Links
A list of links with a brief description:
- what is the Creative Commons licences? - official website,
- a list of tools and resources for security incident response - github repository,
- IRR (Internet Infrastructure Review) reports - IRR,
- SWGDE (Scientific Working Group on Digital Evidence) documents - SWDGE,
- Mozilla SSL Configurator Generator - offical website,
- Cipher suites list - official website,
- Open hardware Random Number Generator (OneRNG) - OneRNG,
- serverless functions, made simple - OpenFaaS,
- how rooting works: a technical explanation of the Android rooting process - how rooting works,
- ECDSA: handle with care - ecdsa: handle with care,
- POC for CVE-2020-0601 (Windows CryptoAPI - Crypt32.dll) - CurveBall,
- unauthorized disclosures of official secrets are essential for democracy - Cryptome,
- performing a side channel TEMPEST attack on a PC - TEMPEST attack on a PC,
- extract a ECDSA private key from two messages signed with the same K value nonce reuse exploit,
- choosing safe curves for elliptic-curve cryptography - SafeCurves,
- a cheat-sheet for password crackers - cheat-sheet for password crackers.
Commands
A list of commands/tools with a brief description:
- overwrite devices or files - shred.
Open source projects
A list of open sources projetcs with a brief description:
- the hunting ELK - HELK,
- a browser extension for OSINT search - mitaka,
- the LAZY script will make your life easier, and of course faster - lscript,
- MobSF is an automated, all-in-one mobile application pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis - MobSF,
- library and command line tool to detect SHA-1 collision in a file - sha1collisiondetection,
- terminal Telegram client that really works - tg,
- RSA attack tool to retrieve private key from weak public key and/or uncipher data - RsaCtfTool,
- Golang implementation of the elliptical curve diffie-hellman - go-ecdh,
- the Python-based interactive packet manipulation program & library - scapy,
- powerful framework for rogue access point attack - wifipumpkin3,
- program to decode radio transmissions from devices on the ISM bands (and other frequencies) - rtl_433,
- NRSC-5 receiver for RTL-SDR - nrsc5,
- NOAA APT weather satellite image decoder, for Linux, Windows, RPi 2+ and OS X - NOAA APT,
- a sniffer for Bluetooth 5 and 4.x LE - Sniffle,
- use Facebook to track your friends’ sleeping habits - fb-sleep-stats,
- e-mails, subdomains and names harvester - theHarvester,
- spy & control OS SSH connected client’s TTY - SSHPry2.0,
- USB key cleaner - Circlean,
- fancy reverse and bind shell handler - pwncat,
- Zigbee to MQTT bridge - zigbee2mqtt,
- a personal local DNS Server for privacy & security - DnsServer,
- sslscan tests SSL/TLS enabled services to discover supported cipher suites - sslscan,
- dump Azure AD Connect credentials for Azure AD and Active Directory - adconnectdump,
- a simple daemon to allow session software to update firmware - fwupd.