Notes

Here you’ll find some things I think are interesting but that don’t require the writing of a full article.

Links

A list of links with a brief description:

• what is the Creative Commons licences? - official website,
• a list of tools and resources for security incident response - github repository,
• IRR (Internet Infrastructure Review) reports - IRR,
• SWGDE (Scientific Working Group on Digital Evidence) documents - SWDGE,
• Mozilla SSL Configurator Generator - offical website,
• Cipher suites list - official website,
• Open hardware Random Number Generator (OneRNG) - OneRNG,
• serverless functions, made simple - OpenFaaS,
• how rooting works: a technical explanation of the Android rooting process - how rooting works,
• ECDSA: handle with care - ecdsa: handle with care,
• POC for CVE-2020-0601 (Windows CryptoAPI - Crypt32.dll) - CurveBall,
• unauthorized disclosures of official secrets are essential for democracy - Cryptome,
• performing a side channel TEMPEST attack on a PC - TEMPEST attack on a PC,
• extract a ECDSA private key from two messages signed with the same K value nonce reuse exploit,
• choosing safe curves for elliptic-curve cryptography - SafeCurves,
• a cheat-sheet for password crackers - cheat-sheet for password crackers,
• informative site with EOL dates of everything - endoflife.date.

Commands

A list of commands/tools with a brief description:

• overwrite devices or files - shred.

Open source projects

A list of open sources projetcs with a brief description:

• the hunting ELK - HELK,
• a browser extension for OSINT search - mitaka,
• the LAZY script will make your life easier, and of course faster - lscript,
• MobSF is an automated, all-in-one mobile application pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis - MobSF,
• library and command line tool to detect SHA-1 collision in a file - sha1collisiondetection,
• terminal Telegram client that really works - tg,
• RSA attack tool to retrieve private key from weak public key and/or uncipher data - RsaCtfTool,
• Golang implementation of the elliptical curve diffie-hellman - go-ecdh,
• the Python-based interactive packet manipulation program & library - scapy,
• powerful framework for rogue access point attack - wifipumpkin3,
• program to decode radio transmissions from devices on the ISM bands (and other frequencies) - rtl_433,
• NRSC-5 receiver for RTL-SDR - nrsc5,
• NOAA APT weather satellite image decoder, for Linux, Windows, RPi 2+ and OS X - NOAA APT,
• a sniffer for Bluetooth 5 and 4.x LE - Sniffle,
• use Facebook to track your friends’ sleeping habits - fb-sleep-stats,
• e-mails, subdomains and names harvester - theHarvester,
• spy & control OS SSH connected client’s TTY - SSHPry2.0,
• USB key cleaner - Circlean,
• fancy reverse and bind shell handler - pwncat,
• Zigbee to MQTT bridge - zigbee2mqtt,
• a personal local DNS Server for privacy & security - DnsServer,
• sslscan tests SSL/TLS enabled services to discover supported cipher suites - sslscan,
• dump Azure AD Connect credentials for Azure AD and Active Directory - adconnectdump,
• a simple daemon to allow session software to update firmware - fwupd,
• an open source software that can be used to process and analyze digital evidence - IPED,
• a repository of live malwares for your own joy and pleasure - theZoo,
• an e-mail header analyzer - email-header-analyzer,
• SSH tarpit that slowly sends an endless banner - endlessh,
• hunt down social media accounts by username across social networks - sherlock,
• pretty awesome command-line client for public Qualys SSL Labs API - sslcli,
• weather in terminal, with ANSI colors and unicode symbols - ansiweather.