Some interesting stuffs (blogs/articles/papers and useful resources) that I’ve read in Q3 2017.

July

Hardening Ubuntu. Systemd edition.
https://github.com/konstruktoid/hardening

Resource: Pentesting Wiki
https://www.peerlyst.com/posts/resource-pentesting-wiki-nicole-lamoureux

HTTPS Certificate Revocation is broken, and it’s time for some new tools
https://arstechnica.com/information-technology/2017/07/https-certificate-revocation-is-broken-and-its-time-for-some-new-tools/

Add-In Opportunities for Office Persistence
https://labs.mwrinfosecurity.com/blog/add-in-opportunities-for-office-persistence/

Lessons From The History Of Attacks On Secure Hash Functions
https://z.cash/technology/history-of-hash-function-attacks.html

Deep Dive into a Custom Malware Packer
https://vulnerablelife.wordpress.com/2017/07/02/deep-dive-into-a-custom-malware-packer/

NGINX and PHP Malware Used in Petya/Nyetya Ransomware Attack
https://www.wordfence.com/blog/2017/07/petya-nyetya-nginx-php-malware/

Benchmarking TensorFlow on Cloud CPUs: Cheaper Deep Learning than Cloud GPUs
http://minimaxir.com/2017/07/cpu-or-gpu/

Analyzing Ethereum, Bitcoin, and 1200+ other Cryptocurrencies using PostgreSQL
https://blog.timescale.com/analyzing-ethereum-bitcoin-and-1200-cryptocurrencies-using-postgresql-3958b3662e51

Internet Of Things Mobility Forensics
https://articles.forensicfocus.com/2017/05/17/internet-of-things-mobility-forensics/

[Memory Forensics] If memory doesn’t serve me right…
http://www.hexacorn.com/blog/2017/07/10/if-memory-doesnt-serve-me-right/

List of Free Python Resources
https://hakin9.org/list-of-free-python-resources/

Honeypots Resources
https://www.peerlyst.com/posts/honeypots-resources-infosectdk

Carving EVTX
https://rawsec.lu/blog/posts/2017/Jun/23/carving-evtx/

Analyzing censorship of the death of Liu Xiaobo on WeChat and Weibo
https://citizenlab.ca/2017/07/analyzing-censorship-of-the-death-of-liu-xiaobo-on-wechat-and-weibo

OSCE/CTP PREP GUIDE
https://tulpa-security.com/2017/07/18/288/

Odatv: A Case Study in Digital Forensics and Sophisticated Evidence Tampering
https://arsenalexperts.com/Case-Studies/Odatv/

Ten Process Injection Techniques: A Technical Survey Of Common And Trending Process Injection Techniques
https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process

CTI Reading List
https://medium.com/@sroberts/cti-reading-list-a93ccdd7469c

Real-World Rubber Ducky Attacks with Empire Stagers
https://www.sc0tfree.com/sc0tfree-blog/optimizing-rubber-ducky-attacks-with-empire-stagers

AntiForensics techniques : Process hiding in Kernel Mode
https://www.cert-devoteam.fr/publications/en/antiforensics-techniques-process-hiding-in-kernel-mode/

The purpose of ransomware
https://bartblaze.blogspot.co.uk/2017/07/the-purpose-of-ransomware.html

What Does It Really Take To Track A Million Cell Phones?
https://thehftguy.com/2017/07/19/what-does-it-really-take-to-track-100-million-cell-phones/

How Bitcoin transactions work
https://cyrussh.com/?p=85

Deep Learning for NLP Best Practices
http://ruder.io/deep-learning-nlp-best-practices/

How to create a private Ethereum network
https://omarmetwally.blog/2017/07/25/how-to-create-a-private-ethereum-network/

Metadata: a hacker’s best friend
https://blog.sweepatic.com/metadata-hackers-best-friend/

How to Use Windows API Knowledge to Be a Better Defender
https://www.redcanary.com/blog/windows-technical-deep-dive/

My Curated List of AI and Machine Learning Resources from Around the Web
https://unsupervisedmethods.com/my-curated-list-of-ai-and-machine-learning-resources-from-around-the-web-9a97823b8524

Cracking the Lens: Targeting HTTP’s Hidden Attack-Surface
http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html

Intro to SDR and RF Signal Analysis
https://www.elttam.com.au/blog/intro-sdr-and-rf-analysis/

DLL injection – Inject All the Things
http://blog.deniable.org/blog/2017/07/16/inject-all-the-things/

August

Links describing the leaked EQ Group tools for Windows
https://gist.github.com/bontchev/e5d2e5090ebe1be89b4f821ebb1ad0f9

Hacktivists unmasked: Group-IB reveals the identity of alleged members of the Islamic hacker group United Islamic Cyber Force
https://www.group-ib.com/blog/uicf

A zebra in sheep’s clothing: How a Microsoft icon-display bug in Windows allows attackers to masquerade PE files with special icons
https://www.cybereason.com/labs-a-zebra-in-sheeps-clothing-how-a-microsoft-icon-display-bug-in-windows-allows-attackers-to-masquerade-pe-files-with-special-icons/

How does FTK Imager snapshot memory?
https://cameronlonsdale.wordpress.com/2017/08/06/how-does-ftk-imager-snapshot-memory/

A Newbie’s Guide to ESXi and VM Log Files
https://www.altaro.com/vmware/introduction-esxi-vm-log-files/

Effects of HTTPS and SSL inspection on the client
https://vuls.cert.org/confluence/display/Wiki/Effects+of+HTTPS+and+SSL+inspection+on+the+client

Keyword Censorship in Chinese Mobile Games
https://citizenlab.ca/2017/08/chinesegames/

Attacking Java Deserialization
https://nickbloor.co.uk/2017/08/13/attacking-java-deserialization/

Research on CMSTP.exe
https://msitpros.com/?p=3960

Memory Acquisition and Virtual Secure Mode
https://df-stream.com/2017/08/memory-acquisition-and-virtual-secure/

A review of various U2F security keys
https://www.imperialviolet.org/2017/08/13/securitykeys.html

Steganography in contemporary cyberattacks
https://securelist.com/steganography-in-contemporary-cyberattacks/79276/

OPSEC for Activists
http://blog.totallynotmalware.net/?p=106
http://blog.totallynotmalware.net/?p=160
http://blog.totallynotmalware.net/?p=286

Some reminders about Windows file times
https://medium.com/@4n68r/some-reminders-about-windows-file-times-2debe1edb978

Post a boarding pass on Facebook, get your account stolen
https://www.michalspacek.com/post-a-boarding-pass-on-facebook-get-your-account-stolen

WMI wiki for offense and defense
https://www.peerlyst.com/posts/wmi-wiki-for-offense-and-defense-s-delano

List Of High Profile Cryptocurrency Hacks So Far (August 24th 2017)
https://storeofvalue.github.io/posts/cryptocurrency-hacks-so-far-august-24th/

How to trace ransomware payments end-to-end
https://www.elie.net/blog/security/how-to-trace-ransomware-payments-end-to-end

Analysis of End-to-End Encryption in LINE
https://citizenlab.ca/2017/08/linesecurity/

North Korea’s Missile Program: Rocket Science
http://graphics.straitstimes.com/STI/STIMEDIA/Interactives/2017/08/north-korea-missile-programme-reuters/index.html

How Wi-Fi Works
https://www.verizoninternet.com/bookmark/how-wifi-works/

All Security Guidelines and Checklists You’ll Ever Need
https://www.cybrary.it/0p3n/security-guidelines-checklsits-will-ever-need/

September

Using Google Custom Search Engines (CSEs) for OSINT
https://webbreacher.com/2017/09/04/using-a-google-cse-for-osint/

REMnux Usage Tips for Malware Analysis on Linux
https://zeltser.com/remnux-malware-analysis-tips/

Analyzing Malicious Documents Cheat Sheet
https://zeltser.com/analyzing-malicious-documents/

Development guide for Volatility Plugins
https://github.com/iAbadia/Volatility-Plugin-Tutorial

Flash Dumping – Part I
https://blog.quarkslab.com/flash-dumping-part-i.html

A collection of (mostly) technical things every software developer should know
https://github.com/mr-mig/every-programmer-should-know

New Security Measures in iOS 11 and Their Forensic Implications
https://blog.elcomsoft.com/2017/09/new-security-measures-in-ios-11-and-their-forensic-implications/

Awesome AI Security: A curated list of AI security resources
https://github.com/RandomAdversary/Awesome-AI-Security

A list of IDA Plugins
https://github.com/onethawt/idaplugins-list

Use Windows Event Forwarding to help with intrusion detection
https://docs.microsoft.com/en-us/windows/threat-protection/use-windows-event-forwarding-to-assist-in-instrusion-detection

Windows Event Forwarding for Network Defense
https://medium.com/@palantir/windows-event-forwarding-for-network-defense-cb208d5ff86f

That AI study which claims to guess whether you’re gay or straight is flawed and dangerous
http://mashable.com/2017/09/11/artificial-intelligence-ai-lgbtq-gay-straight/

How I Learned to Trust My Shell (Microsoft Powershell)
https://criticalinformatics.com/how-i-learned-to-trust-my-shell-microsoft-powershell/

Beware of the Bashware: A New Method for Any Malware to Bypass Security Solutions
https://research.checkpoint.com/beware-bashware-new-method-malware-bypass-security-solutions/

30 interesting commands for the Linux shell
https://www.lopezferrando.com/30-interesting-shell-commands/

Enlarge your botnet with: top D-Link routers
https://embedi.com/blog/enlarge-your-botnet-top-d-link-routers-dir8xx-d-link-routers-cruisin-bruisin

Tales of a Threat Hunter 1: Detecting Mimikatz & other Suspicious LSASS Access – Part 1
https://www.eideon.com/2017-09-09-THL01-Mimikatz/

Demystifying Apple’s Touch ID
https://hackernoon.com/demystifying-apples-touch-id-4883d5121b77

Face ID, Touch ID, No ID, PINs and Pragmatic Security
https://www.troyhunt.com/face-id-touch-id-pins-no-id-and-pragmatic-security/

Hardening Apache Struts with SELinux
https://doublepulsar.com/hardening-apache-struts-with-selinux-db3a9cd1a10c

Speed, Thermal, and Performance Comparison of Fast Charge Standards
https://www.xda-developers.com/charging-comparison-oneplus-huawei/

Browser Security White Paper comparing Chrome, Edge, and IE
https://www.x41-dsec.de/security/report/whitepaper/2017/09/18/whitepaper-x41-browser-security/

By using SMTP command injection attackers can modify aspects of an email that is sent in the background
https://www.contextis.com/blog/neglected-dangers-email-functionality

Tips for Troubleshooting Human Communications
https://zeltser.com/human-communications-cheat-sheet/

A new kind of map: it’s about time
https://blog.mapbox.com/a-new-kind-of-map-its-about-time-7bd9f7916f7f

Designing Websites for iPhone X
https://webkit.org/blog/7929/designing-websites-for-iphone-x/

Playing with APFS – Took a quick look at APFS and its current support by a few tools
https://thinkdfir.com/2017/09/27/playing-with-apfs/

An easy way to access the user’s iOS location data without actually having access
https://github.com/KrauseFx/detect.location

Borrowing Microsoft Code Signing Certificates
https://blog.conscioushacker.io/index.php/2017/09/27/borrowing-microsoft-code-signing-certificates/

Ultimate AppLocker ByPass List: most common techniques to bypass AppLocker
https://github.com/api0cradle/UltimateAppLockerByPassList

HEIF Image Files Forensics
http://blog.ampedsoftware.com/2017/09/29/heif-image-files-forensics-authentication-apocalypse/

Equifax Breach – Early lessons learned and six point action plan
https://www.renditioninfosec.com/2017/09/equifax-breach-early-lessons-learned-and-six-point-action-plan/

Equitablefax [Timeline]
http://lists.immunityinc.com/pipermail/dailydave/2017-September/001421.html

My notes on Hacking BLE – list of resources
https://www.davidsopas.com/my-notes-on-hacking-ble-list-of-resources/

Intro to Analyze NFC Payment Methods & Contactless Cards
https://salmg.net/2017/09/12/intro-to-analyze-nfc-contactless-cards/

Evidence Aurora Operation – APT attack on CCleaner
http://www.intezer.com/evidence-aurora-operation-still-active-supply-chain-attack-through-ccleaner/
http://www.intezer.com/evidence-aurora-operation-still-active-part-2-more-ties-uncovered-between-ccleaner-hack-chinese-hackers/

Learn Blockchains by Building One
https://hackernoon.com/learn-blockchains-by-building-one-117428612f46

How does Ethereum work, anyway?
https://medium.com/@preethikasireddy/how-does-ethereum-work-anyway-22d1df506369

The easy way to analyze huge amounts of PCAP data
https://isc.sans.edu/diary/rss/22876

Android Stuff and Security Research
https://www.mulliner.org/android/

Robot hacking research
https://securitycafe.ro/2017/09/22/robot-hacking-research/

Reversing DirtyC0W
http://blog.tetrane.com/2017/09/dirtyc0w-1.html

Javascript : The Curious Case of Null >= 0
https://blog.campvanilla.com/javascript-the-curious-case-of-null-0-7b131644e274

Protecting Domain Hijacking
https://blendle.engineering/protecting-our-mission-critical-domain-names-e9807db9d84c

Understanding new APK Signature Scheme V2
https://medium.com/@dhuma1981/understanding-new-apk-signature-scheme-v2-b705178f4d60

How Booking.com manipulates you
https://ro-che.info/articles/2017-09-17-booking-com-manipulation

HTTP Strict Transport Security, the practical explanation
https://pentesterslife.blog/2017/09/12/http-strict-transport-security-the-practical-explanation/

Detecting Mimikatz & other Suspicious LSASS Access – Part 1
https://www.eideon.com/2017-09-09-THL01-Mimikatz/

EternalBlue – Everything There Is To Know
https://research.checkpoint.com/eternalblue-everything-know/

Learning Python: From Zero to Hero
https://medium.freecodecamp.org/learning-python-from-zero-to-hero-120ea540b567

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w
Cancel

Connecting to %s