Guida Arsenale Blackhat USA 2017

[Яǝʌǝɹsǝ]

La maggior parte degli strumenti selezionati sono già presenti su GitHub e alcuni sono ancora da caricare. Questo articolo contiene i collegamenti ai rispettivi repository. Gli utensili sono disposti secondo le loro tracce. Se ti piace il tool, vai al suo repository e fai clic su Osserva per tenerti aggiornato sugli impegni più recenti.
Android, iOS e Mobile Hacking

• Android Tamer
  https://github.com/AndroidTamer
• DiffDroid
  https://github.com/antojoseph/diff-droid
• Kwetza
  https://github.com/sensepost/kwetza
• Needle
  https://github.com/mwrlabs/needle
• NoPE Proxy (Non-HTTP Proxy Extension)
  https://github.com/summitt/Burp-Non-HTTP-Extension

Valutazione dei codici

• Puma Scan
  https://github.com/pumasecurity/puma-scan
• Tintorera: Source Code Intelligence (Code not yet uploaded)
  https://github.com/vulnex/Tintorera

Crittografia

• Hashview
  https://github.com/hashview/hashview
• Gibber Sense
  https://github.com/smxlabs/gibbersense

Data Forensics and Incident Response

• PcapDB: Optimized Full Network Packet Capture for Fast and Efficient Retrieval
  https://github.com/dirtbags/pcapdb
• SCOT (Sandia Cyber Omni Tracker) Threat Intelligence and Incident Response Management System
  https://github.com/sandialabs/scot
• Security Monkey
  https://github.com/Netflix/security_monkey
• ThreatResponse: An Open Source Toolkit for Automating Incident Response in AWS
  https://github.com/ThreatResponse
• Yalda — Automated Bulk Intelligence Collection (Code not yet uploaded)
  https://github.com/gitaziabari/Yalda

Sfruttamento e hacking etico

• AVET — AntiVirus Evasion Tool
  https://github.com/govolution/avet
• GDB Enhanced Features (GEF)
  https://github.com/hugsy/gef
• Leviathan Framework
  https://github.com/leviathan-framework/leviathan
• MailSniper
  https://github.com/dafthack/MailSniper
• Seth
  https://github.com/SySS-Research/Seth

Hardware/Embedded

• ChipWhisperer
  https://github.com/newaetech/chipwhisperer
• DYODE, a DIY, Low-Cost Data Diode for ICS
  https://github.com/arnaudsoullie/dyode
• FTW: Framework for Testing WAFs
  https://github.com/fastly/ftw
• The Bicho: An Advanced Car Backdoor Maker
  https://github.com/UnaPibaGeek/CBM

Internet of Things

• Hacker Mode
  https://github.com/xssninja/Alexa-Hacker-Mode
• Universal Radio Hacker: Investigate Wireless Protocols Like a Boss
  https://github.com/jopohl/urh

Malware Defense

• Aktaion v2 — Open Source Machine Learning and Active Defense Tool
  https://github.com/jzadeh/Aktaion
• Cuckoo Sandbox
  https://github.com/cuckoosandbox/cuckoo
• LimaCharlie
  https://github.com/refractionPOINT/limacharlie
• Malboxes
  https://github.com/GoSecure/malboxes

Network Attacks

• BloodHound 1.3
  https://github.com/BloodHoundAD/BloodHound
• CrackMapExec v4
  https://github.com/byt3bl33d3r/CrackMapExec
• DELTA: SDN Security Evaluation Framework
  https://github.com/OpenNetworkingFoundation/DELTA
• eaphammer
  https://github.com/s0lst1c3/eaphammer
• gr-lora: An Open-Source SDR Implementation of the LoRa PHY
  https://github.com/BastilleResearch/gr-lora
• Yasuo
  https://github.com/0xsauby/yasuo

Network Defense

• Assimilator
  https://github.com/videlanicolas/assimilator
• Noddos
  https://github.com/noddos/noddos
• Sweet Security
  https://github.com/TravisFSmith/SweetSecurity

OSINT — Open Source Intelligence

• Datasploit — Automated Open Source Intelligence (OSINT) Tool
  https://github.com/DataSploit/datasploit
• Dradis: 10 Years Helping Security Teams Spend More Time Testing and Less Time Reporting
  https://github.com/dradis/dradis-ce
• OSRFramework: Open Sources Research Framework
  https://github.com/i3visio/osrframework

Reverse Engineering

• BinGrep
  https://github.com/m4b/bingrep

Valutazione di vulnerabilità

• Aardvark and Repokid
  https://github.com/square/Aardvark
• SERPICO
  https://github.com/SerpicoProject/Serpico
• SimpleRisk
  https://github.com/simplerisk/code

Web AppSec

• BurpSmartBuster: A Smart Way to Find Hidden Treasures
  https://github.com/pathetiq/BurpSmartBuster
• CSP Auditor
  https://github.com/GoSecure/csp-auditor
• Easily Exploit Timing Attacks in Web Applications with the ‘timing_attack’ Gem
  https://github.com/ffleming/timing_attack
• Fuzzapi — Fuzzing Your RESTAPIs Since Yesterday
  https://github.com/lalithr95/fuzzapi
• Offensive Web Testing Framework (OWASP OWTF)
  https://github.com/owtf/owtf
• PyMultiTor
  https://github.com/realgam3/pymultitor
• ThreadFix Web Application Attack Surface Calculation
  https://github.com/denimgroup/threadfix
• WaToBo — The Web Application Toolbox
  https://github.com/siberas/watobo
• WSSiP: A WebSocket Manipulation Proxy
  https://github.com/nccgroup/wssip

buon divertimento

 

[UserROOT]

Grazie,aspettavo da molto un post come questo

 

[CladTapestry]

Bello e utile, se hai tempo ti consiglio di aggiungere una breve descrizione per ogni programma!

 

[Gorate]

Bello e utile, se hai tempo ti consiglio di aggiungere una breve descrizione per ogni programma!

Non penso ce ne sia bisogno dato che la maggior parte dei tool elencati hanno gia' una descrizione piu' valida di introduzione nel README;
Comunque resta il fatto che il post e' molto utile e ben fatto, e forse hai ragione: una descrizione in piu' non guasterebbeanche se ,nel 99% dei casi fai :

<nome_programma> -h

-... ..............................
-... ..............................
-... ..............................
-... ..............................
-... ..............................
-... ..............................
-... ..............................
-... ..............................

e hai risolto, comunque bel lavoro veramente !!

 

[Яǝʌǝɹsǝ]

se hai tempo

ben detto.. comunque, si possono sempre aprire i vari link e leggere l'overview di ogni tool. alla fine, diciamo che non è roba da principianti, quindi non vedo il senso di spiegare

 

[CladTapestry]

ben detto.. comunque, si possono sempre aprire i vari link e leggere l'overview di ogni tool. alla fine, diciamo che non è roba da principianti, quindi non vedo il senso di spiegare

Sisi certamente! In ogni caso ottimo lavoro