Some interesting stuffs (blogs/articles/papers and useful resources) that I’ve read in Q3 2017.
July
Hardening Ubuntu. Systemd edition.
https://github.com/konstruktoid/hardening
Resource: Pentesting Wiki
https://www.peerlyst.com/posts/resource-pentesting-wiki-nicole-lamoureux
HTTPS Certificate Revocation is broken, and it’s time for some new tools
https://arstechnica.com/information-technology/2017/07/https-certificate-revocation-is-broken-and-its-time-for-some-new-tools/
Add-In Opportunities for Office Persistence
https://labs.mwrinfosecurity.com/blog/add-in-opportunities-for-office-persistence/
Lessons From The History Of Attacks On Secure Hash Functions
https://z.cash/technology/history-of-hash-function-attacks.html
Deep Dive into a Custom Malware Packer
https://vulnerablelife.wordpress.com/2017/07/02/deep-dive-into-a-custom-malware-packer/
NGINX and PHP Malware Used in Petya/Nyetya Ransomware Attack
https://www.wordfence.com/blog/2017/07/petya-nyetya-nginx-php-malware/
Benchmarking TensorFlow on Cloud CPUs: Cheaper Deep Learning than Cloud GPUs
http://minimaxir.com/2017/07/cpu-or-gpu/
Analyzing Ethereum, Bitcoin, and 1200+ other Cryptocurrencies using PostgreSQL
https://blog.timescale.com/analyzing-ethereum-bitcoin-and-1200-cryptocurrencies-using-postgresql-3958b3662e51
Internet Of Things Mobility Forensics
https://articles.forensicfocus.com/2017/05/17/internet-of-things-mobility-forensics/
[Memory Forensics] If memory doesn’t serve me right…
http://www.hexacorn.com/blog/2017/07/10/if-memory-doesnt-serve-me-right/
List of Free Python Resources
https://hakin9.org/list-of-free-python-resources/
Honeypots Resources
https://www.peerlyst.com/posts/honeypots-resources-infosectdk
Carving EVTX
https://rawsec.lu/blog/posts/2017/Jun/23/carving-evtx/
Analyzing censorship of the death of Liu Xiaobo on WeChat and Weibo
https://citizenlab.ca/2017/07/analyzing-censorship-of-the-death-of-liu-xiaobo-on-wechat-and-weibo
OSCE/CTP PREP GUIDE
https://tulpa-security.com/2017/07/18/288/
Odatv: A Case Study in Digital Forensics and Sophisticated Evidence Tampering
https://arsenalexperts.com/Case-Studies/Odatv/
Ten Process Injection Techniques: A Technical Survey Of Common And Trending Process Injection Techniques
https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process
CTI Reading List
https://medium.com/@sroberts/cti-reading-list-a93ccdd7469c
Real-World Rubber Ducky Attacks with Empire Stagers
https://www.sc0tfree.com/sc0tfree-blog/optimizing-rubber-ducky-attacks-with-empire-stagers
AntiForensics techniques : Process hiding in Kernel Mode
https://www.cert-devoteam.fr/publications/en/antiforensics-techniques-process-hiding-in-kernel-mode/
The purpose of ransomware
https://bartblaze.blogspot.co.uk/2017/07/the-purpose-of-ransomware.html
What Does It Really Take To Track A Million Cell Phones?
https://thehftguy.com/2017/07/19/what-does-it-really-take-to-track-100-million-cell-phones/
How Bitcoin transactions work
https://cyrussh.com/?p=85
Deep Learning for NLP Best Practices
http://ruder.io/deep-learning-nlp-best-practices/
How to create a private Ethereum network
https://omarmetwally.blog/2017/07/25/how-to-create-a-private-ethereum-network/
Metadata: a hacker’s best friend
https://blog.sweepatic.com/metadata-hackers-best-friend/
How to Use Windows API Knowledge to Be a Better Defender
https://www.redcanary.com/blog/windows-technical-deep-dive/
My Curated List of AI and Machine Learning Resources from Around the Web
https://unsupervisedmethods.com/my-curated-list-of-ai-and-machine-learning-resources-from-around-the-web-9a97823b8524
Cracking the Lens: Targeting HTTP’s Hidden Attack-Surface
http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html
Intro to SDR and RF Signal Analysis
https://www.elttam.com.au/blog/intro-sdr-and-rf-analysis/
DLL injection – Inject All the Things
http://blog.deniable.org/blog/2017/07/16/inject-all-the-things/
August
Links describing the leaked EQ Group tools for Windows
https://gist.github.com/bontchev/e5d2e5090ebe1be89b4f821ebb1ad0f9
Hacktivists unmasked: Group-IB reveals the identity of alleged members of the Islamic hacker group United Islamic Cyber Force
https://www.group-ib.com/blog/uicf
A zebra in sheep’s clothing: How a Microsoft icon-display bug in Windows allows attackers to masquerade PE files with special icons
https://www.cybereason.com/labs-a-zebra-in-sheeps-clothing-how-a-microsoft-icon-display-bug-in-windows-allows-attackers-to-masquerade-pe-files-with-special-icons/
How does FTK Imager snapshot memory?
https://cameronlonsdale.wordpress.com/2017/08/06/how-does-ftk-imager-snapshot-memory/
A Newbie’s Guide to ESXi and VM Log Files
https://www.altaro.com/vmware/introduction-esxi-vm-log-files/
Effects of HTTPS and SSL inspection on the client
https://vuls.cert.org/confluence/display/Wiki/Effects+of+HTTPS+and+SSL+inspection+on+the+client
Keyword Censorship in Chinese Mobile Games
https://citizenlab.ca/2017/08/chinesegames/
Attacking Java Deserialization
https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/
Research on CMSTP.exe
https://msitpros.com/?p=3960
Memory Acquisition and Virtual Secure Mode
https://df-stream.com/2017/08/memory-acquisition-and-virtual-secure/
A review of various U2F security keys
https://www.imperialviolet.org/2017/08/13/securitykeys.html
Steganography in contemporary cyberattacks
https://securelist.com/steganography-in-contemporary-cyberattacks/79276/
OPSEC for Activists
http://blog.totallynotmalware.net/?p=106
http://blog.totallynotmalware.net/?p=160
http://blog.totallynotmalware.net/?p=286
Some reminders about Windows file times
https://medium.com/@4n68r/some-reminders-about-windows-file-times-2debe1edb978
Post a boarding pass on Facebook, get your account stolen
https://www.michalspacek.com/post-a-boarding-pass-on-facebook-get-your-account-stolen
WMI wiki for offense and defense
https://www.peerlyst.com/posts/wmi-wiki-for-offense-and-defense-s-delano
List Of High Profile Cryptocurrency Hacks So Far (August 24th 2017)
https://storeofvalue.github.io/posts/cryptocurrency-hacks-so-far-august-24th/
How to trace ransomware payments end-to-end
https://www.elie.net/blog/security/how-to-trace-ransomware-payments-end-to-end
Analysis of End-to-End Encryption in LINE
https://citizenlab.ca/2017/08/linesecurity/
North Korea’s Missile Program: Rocket Science
http://graphics.straitstimes.com/STI/STIMEDIA/Interactives/2017/08/north-korea-missile-programme-reuters/index.html
How Wi-Fi Works
https://www.verizoninternet.com/bookmark/how-wifi-works/
All Security Guidelines and Checklists You’ll Ever Need
https://www.cybrary.it/0p3n/security-guidelines-checklsits-will-ever-need/
September
Using Google Custom Search Engines (CSEs) for OSINT
https://webbreacher.com/2017/09/04/using-a-google-cse-for-osint/
REMnux Usage Tips for Malware Analysis on Linux
https://zeltser.com/remnux-malware-analysis-tips/
Analyzing Malicious Documents Cheat Sheet
https://zeltser.com/analyzing-malicious-documents/
Development guide for Volatility Plugins
https://github.com/iAbadia/Volatility-Plugin-Tutorial
Flash Dumping – Part I
https://blog.quarkslab.com/flash-dumping-part-i.html
A collection of (mostly) technical things every software developer should know
https://github.com/mr-mig/every-programmer-should-know
New Security Measures in iOS 11 and Their Forensic Implications
https://blog.elcomsoft.com/2017/09/new-security-measures-in-ios-11-and-their-forensic-implications/
Awesome AI Security: A curated list of AI security resources
https://github.com/RandomAdversary/Awesome-AI-Security
A list of IDA Plugins
https://github.com/onethawt/idaplugins-list
Use Windows Event Forwarding to help with intrusion detection
https://docs.microsoft.com/en-us/windows/threat-protection/use-windows-event-forwarding-to-assist-in-instrusion-detection
Windows Event Forwarding for Network Defense
https://medium.com/@palantir/windows-event-forwarding-for-network-defense-cb208d5ff86f
That AI study which claims to guess whether you’re gay or straight is flawed and dangerous
http://mashable.com/2017/09/11/artificial-intelligence-ai-lgbtq-gay-straight/
How I Learned to Trust My Shell (Microsoft Powershell)
https://criticalinformatics.com/how-i-learned-to-trust-my-shell-microsoft-powershell/
Beware of the Bashware: A New Method for Any Malware to Bypass Security Solutions
https://research.checkpoint.com/beware-bashware-new-method-malware-bypass-security-solutions/
30 interesting commands for the Linux shell
https://www.lopezferrando.com/30-interesting-shell-commands/
Enlarge your botnet with: top D-Link routers
https://embedi.com/blog/enlarge-your-botnet-top-d-link-routers-dir8xx-d-link-routers-cruisin-bruisin
Tales of a Threat Hunter 1: Detecting Mimikatz & other Suspicious LSASS Access – Part 1
https://www.eideon.com/2017-09-09-THL01-Mimikatz/
Demystifying Apple’s Touch ID
https://hackernoon.com/demystifying-apples-touch-id-4883d5121b77
Face ID, Touch ID, No ID, PINs and Pragmatic Security
https://www.troyhunt.com/face-id-touch-id-pins-no-id-and-pragmatic-security/
Hardening Apache Struts with SELinux
https://doublepulsar.com/hardening-apache-struts-with-selinux-db3a9cd1a10c
Speed, Thermal, and Performance Comparison of Fast Charge Standards
https://www.xda-developers.com/charging-comparison-oneplus-huawei/
Browser Security White Paper comparing Chrome, Edge, and IE
https://www.x41-dsec.de/security/report/whitepaper/2017/09/18/whitepaper-x41-browser-security/
By using SMTP command injection attackers can modify aspects of an email that is sent in the background
https://www.contextis.com/blog/neglected-dangers-email-functionality
Tips for Troubleshooting Human Communications
https://zeltser.com/human-communications-cheat-sheet/
A new kind of map: it’s about time
https://blog.mapbox.com/a-new-kind-of-map-its-about-time-7bd9f7916f7f
Designing Websites for iPhone X
https://webkit.org/blog/7929/designing-websites-for-iphone-x/
Playing with APFS – Took a quick look at APFS and its current support by a few tools
https://thinkdfir.com/2017/09/27/playing-with-apfs/
An easy way to access the user’s iOS location data without actually having access
https://github.com/KrauseFx/detect.location
Borrowing Microsoft Code Signing Certificates
https://blog.conscioushacker.io/index.php/2017/09/27/borrowing-microsoft-code-signing-certificates/
Ultimate AppLocker ByPass List: most common techniques to bypass AppLocker
https://github.com/api0cradle/UltimateAppLockerByPassList
HEIF Image Files Forensics
http://blog.ampedsoftware.com/2017/09/29/heif-image-files-forensics-authentication-apocalypse/
Equifax Breach – Early lessons learned and six point action plan
https://www.renditioninfosec.com/2017/09/equifax-breach-early-lessons-learned-and-six-point-action-plan/
Equitablefax [Timeline]
http://lists.immunityinc.com/pipermail/dailydave/2017-September/001421.html
My notes on Hacking BLE – list of resources
https://www.davidsopas.com/my-notes-on-hacking-ble-list-of-resources/
Intro to Analyze NFC Payment Methods & Contactless Cards
https://salmg.net/2017/09/12/intro-to-analyze-nfc-contactless-cards/
Evidence Aurora Operation – APT attack on CCleaner
http://www.intezer.com/evidence-aurora-operation-still-active-supply-chain-attack-through-ccleaner/
http://www.intezer.com/evidence-aurora-operation-still-active-part-2-more-ties-uncovered-between-ccleaner-hack-chinese-hackers/
Learn Blockchains by Building One
https://hackernoon.com/learn-blockchains-by-building-one-117428612f46
How does Ethereum work, anyway?
https://medium.com/@preethikasireddy/how-does-ethereum-work-anyway-22d1df506369
The easy way to analyze huge amounts of PCAP data
https://isc.sans.edu/diary/rss/22876
Android Stuff and Security Research
https://www.mulliner.org/android/
Robot hacking research
https://securitycafe.ro/2017/09/22/robot-hacking-research/
Reversing DirtyC0W
http://blog.tetrane.com/2017/09/dirtyc0w-1.html
Javascript : The Curious Case of Null >= 0
https://blog.campvanilla.com/javascript-the-curious-case-of-null-0-7b131644e274
Protecting Domain Hijacking
https://blendle.engineering/protecting-our-mission-critical-domain-names-e9807db9d84c
Understanding new APK Signature Scheme V2
https://medium.com/@dhuma1981/understanding-new-apk-signature-scheme-v2-b705178f4d60
How Booking.com manipulates you
https://ro-che.info/articles/2017-09-17-booking-com-manipulation
HTTP Strict Transport Security, the practical explanation
https://pentesterslife.blog/2017/09/12/http-strict-transport-security-the-practical-explanation/
Detecting Mimikatz & other Suspicious LSASS Access – Part 1
https://www.eideon.com/2017-09-09-THL01-Mimikatz/
EternalBlue – Everything There Is To Know
https://research.checkpoint.com/eternalblue-everything-know/
Learning Python: From Zero to Hero
https://medium.freecodecamp.org/learning-python-from-zero-to-hero-120ea540b567