Outils, services, sites à (re)découvrir 2015 S02

Une recherche, un ping, vous ont conduit ici ? Il s’agit d’un index d’actualités thématiques que j’ai trouvé intéressantes. Je vous invite à consulter le post d’introduction de cette ‘brève’ -veille perso- pour voir de quoi il s’agit. 

 

=> Video archives of security conferences and workshops 2014. 04/01/2015. «Just some links for your enjoyment. List of security conferences in 2014. Video archives (…).»
Source : contagiodump.blogspot.fr/2015/01/video-archives-of-security-conferences.html

=> Geotagging Basics with ExifTool. 05/01/2015. «In my case one of the cameras I use is a GoPro Hero3, which does not provide position information natively. This is where Phil Harvey’s excellent program ExifTool comes in (…).»
Source : www.digital-geography.com/geotagging/

=> Who’s Attacking Whom? Realtime Attack Trackers. 05/01/2015. «It seems nearly every day we’re reading about Internet attacks aimed at knocking sites offline and breaking into networks, but it’s often difficult to visualize this type of activity. In this post, we’ll take a look at multiple ways of tracking online attacks and attackers around the globe and in real-time (…).» Un post synthèse de cartes en temps réel proposées par certains éditeurs. Pas de découverte, mais le mérite de les retrouver toutes au même endroit.
Source : krebsonsecurity.com/2015/01/whos-attacking-whom-realtime-attack-trackers/

=> IPv6 et la sécurité. 05/01/2015. «Nouvelles du front – Janvier (…).»
Source : securite.intrinsec.com/2015/01/05/ipv6-et-la-securite-nouvelles-du-front-janvier-3/

=> Hubble’s High-Definition Panoramic View of the Andromeda Galaxy. 05/01/2015. «Highest-quality image: Hubble M31 PHAT Mosaic. These images should be downloaded, not viewed with a browser. Even though the file sizes may be small, the number of pixels these images contain can be problematic for a browser (…).» ‘Il n’y a pas de grain sur cette photo, chaque point est une étoile’. Via @Bouletcorp.
Source : hubblesite.org/newscenter/archive/releases/2015/02/image/a/warn/
Billets en relation :
09/01/2015. Hubble prend une photo de 1,5 milliards de pixels d’Andromède : www.atlantico.fr/atlantico-light/hubble-prend-photo-15-milliards-pixels-andromede-1946895.html
09/01/2015. Source : twitter.com/Bouletcorp/status/553646509271822336/photo/1

=> Jmp2it. 05/01/2015. «Transfer EIP control to shellcode during malware analysis investigation (…).»
Source : github.com/adamkramer/jmp2it
Billets en relation :
30/12/2014. Examining Shellcode in a Debugger through Control of the Instruction Pointer : digital-forensics.sans.org/blog/2014/12/30/taking-control-of-the-instruction-pointer

=> Forensics Investigation: The M57 Jean Case. 05/01/2015. «In this case study, we will investigate a similar situation pertaining to an email phishing attack. (…).»
Source : resources.infosecinstitute.com/forensics-investigation-document-exfiltration-involving-spear-phishing-m57-jean-case/

=> The history of grep, the 40 years old Unix command. 05/01/2015. «Grep is a Unix command line utility (well most Unix utilities are command line) that searches the input files for pattern and prints lines that contain the pattern. If you are reading this you, you are probably no stranger to grep (…).»
Source : medium.com/@rualthanzauva/grep-was-a-private-command-of-mine-for-quite-a-while-before-i-made-it-public-ken-thompson-a40e24a5ef48

=> Gamebuino, une console à portée de main. 05/01/2015. «Il y a quelques semaines, j’avais réalisé l’interview audio de Aurélien Rodot, élève-ingénieur qui a créé un petit objet : la Gamebuino. Cette petite console qui fleure bon le rétro-gaming a suscité pas mal d’engouement sur le web. Il nous en parle dans la suite du billet :) (…).»
Source : www.littlecelt.net/gamebuino-la-console-lyonnaise-pleine-de-talents/

=> C’est quoi « SS7 » ?. 06/01/2015. «La semaine dernière, lors du 31C3 (le Chaos Communication Congress), deux chercheurs en sécurité ont présenté leurs travaux sur SS7, ou plutôt les failles qui permettent d’exploiter SS7. Alors, SS7, c’est quoi exactement ? (…).»
Source : pixellibre.net/2015/01/cest-quoi-ss7/

=> RIN Studio – RIN Authoring tool. 06/01/2015. «Rich Interactive Narratives (RIN) is a technology developed by Microsoft Research. RIN offers a way to seamlessly combine cinematic experiences with user exploration to create rich interactive and immersive narratives (…).»
Source : research.microsoft.com/en-us/downloads/32f330bc-fd4d-4170-8bbe-b077bc25f4c7/default.aspx

=> The New Year 2014/2015 #sophospuzzle – all the winners, and how to solve it. 06/01/2015. «The New Year 2014/2015 #sophospuzzle is over. Here’s a list of everyone who solved it in time, and those of the solvers who won prizes. We’ve also explained how to solve it for those who weren’t able to take part (…).»
Source : nakedsecurity.sophos.com/2015/01/06/the-new-year-20142015-sophospuzzle-all-the-winners-and-how-to-solve-it/

=> Reverse Engineering The Private API: Hacking your Couch. 06/01/2015. «Traveling is my passion, and I’m a huge fan of Couchsurfing. Couchsurfing is a global community of travelers, where you can find a place to stay or share your own home with other travelers (…).»
Source : www.toptal.com/back-end/reverse-engineering-the-private-api-hacking-your-couch

=> Prof, j’ai regardé des vidéos éducatives sur YouTube. 06/01/2015. «Ils ne sont pas profs, et pourtant, ils enseignent à eux seuls à des centaines de milliers de personnes. On ne les appelle pas « Monsieur » ou « Madame », mais par leur pseudonyme : e-penser, Tyllou, DirtyBiology. Ce sont des enseignants 2.0, qui, sans mettre un pied dans une salle de classe, parviennent à transmettre leur savoir (…).»
Source : blogs.rue89.nouvelobs.com/monsieur-le-prof/2015/01/06/prof-jai-regarde-des-videos-educatives-sur-youtube-234017

=> Command Line Happiness. 06/01/2015. «There is no contesting that the command line in a Linux/Mac environment kicks Windows’s cmd.exe without even trying hard. There are entire blogs dedicated to how wonderful it is. But, most of the commercial forensics tools are Windows only, relegating many of us to that environment (…) So, below are some tools I use to make the Windows command line a little more productive (…).»
Source : www.taksati.org/command-line-happiness/
Billets en relation :
07/01/2015. Utilities by the Thousands : www.taksati.org/utilities-by-the-thousands/
08/01/2015. Useful Windows Commands : www.taksati.org/useful-windows-commands/

=> Linux contre l’obsolescence programmée !. 06/01/2015. «Avec la fin récente de Windows XP, beaucoup d’ordinateurs se sont retrouvés avec un système d’exploitation complètement laissé à l’abandon. Il fallait upgrader. Mais avec quoi, et comment ?! (…).»
Source : buzut.fr/2015/01/06/linux-contre-lobsolescence-programmee/

=> TwitterDev code samples on GitHub. 06/01/2015. «Our Developer Advocacy team helps companies integrate Twitter into their products, sites and apps, and one of the ways we do that is by sharing code samples and end-to-end use cases; Today, we’re sharing the most commonly requested code via our TwitterDev GitHub account (…).»
Source : blog.twitter.com/2015/twitterdev-code-samples-on-github

=> AnomalyDetection. 07/01/2015. «Anomaly Detection with R. AnomalyDetection is an open-source R package to detect anomalies which is robust, from a statistical standpoint, in the presence of seasonality and an underlying trend. The AnomalyDetection package can be used in wide variety of contexts (…).»
Source : github.com/twitter/AnomalyDetection
Billets en relation :
11/01/2015. Twitter releases open source Anomaly Detection tool : www.hotforsecurity.com/blog/twitter-releases-open-source-anomaly-detection-tool-11151.html

=> Pwntools – CTF toolkit. 07/01/2015. «Pwntools is best supported on Ubuntu 12.04 and 14.04, but most functionality should work on any Posix-like distribution (Debian, Arch, FreeBSD, OSX, etc.). Most of the functionality of pwntools is self-contained and Python-only (…).»
Source : github.com/Gallopsled/pwntools?v=2.2

=> The Sony hack attribution generator!. 07/01/2015. «Do you need a quick story you can pull out of your butt to explain the Sony hack at a party or job interview? (…).»
Source : grahamcluley.com/2015/01/sony-hack-attribution-generator/

=> PANDA – Platform for Architecture-Neutral Dynamic Analysis. 07/01/2015. «Une fois n’est pas coutume, un peu de réclame pour lecteurs avertis. Si vous captez qu’un mot / deux c’est que vous n’êtes pas assez avertis :þ PANDA is an open-source Platform for Architecture-Neutral Dynamic Analysis. (…) PANDA n’est pas nouveau mais il a quelque peu été oublié. De notre côté, nous avons pris le soins d’évaluer la stabilité de ce projet en utilisant une distribution GNU/Linux Debian avec LLVM / Clang en 3.3, comme recommandé. (…).»
Source : forum.malekal.com/panda-platform-for-architecture-neutral-dynamic-analysis-t50359.html
Billets en relation :
07/01/2015. PANDA : github.com/moyix/panda/

=> Wifiphisher. 07/01/2015. «Fast automated phishing attacks against WiFi networks (…).»
Source : github.com/sophron/wifiphisher

=> Bypassing the IE XSS filter. 07/01/2015. «Mario noticed that the new version of the IE filter blocks anchors in attempt to prevent the same origin bypass where you double encode the vector and post a link to itself. I had to take a look and see if I could break it and…of course I did (…).»
Source : www.thespanner.co.uk/2015/01/07/bypassing-the-ie-xss-filter/

=> Neutralité de l’internet. Un entretien vidéo avec Francesca Musiani. 08/01/2015. «Pour prolonger son propos, elle a accepté de répondre à quelques questions dans cet entretien vidéo, où il est question de gouvernance de l’internet, des conséquences de l’affaire Snowden et, bien sûr, de neutralité du net (…).»
Source : politique-etrangere.com/2015/01/08/neutralite-de-linternet-un-entretien-video-avec-francesca-musiani/

=> SANS Holiday Hack 2014 – A Christmas Hacking Carol (the less chatty edition). 08/01/2015. «Here are my findings from the SANS Holiday Hack. Was my first challenge, had a blast doing it, and many thanks to Ed Skoudis and everyone else who put this together (…).»
Source : cultofthedyingsun.wordpress.com/2015/01/08/sans-holiday-hack-2014-a-christmas-hacking-carol/
Billets en relation :
24/12/2014. Holiday Challenge 2014 : pen-testing.sans.org/holiday-challenge/2014

=> PowerSploit – A PowerShell Post-Exploitation Framework . 08/01/2015. «PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts (…).» Vieux, mais à l’occasion d’un article c’était l’occasion de le mentionner à nouveau.
Source : github.com/mattifestation/PowerSploit
Billets en relation :
08/01/2015. PowerShell Toolkit: PowerSploit : resources.infosecinstitute.com/powershell-toolkit-powersploit/

=> Création de la une de #CharlieHebdo . 08/01/2015. «Ce matin, au travers des milliers de tweets, de vidéos, de photos et d’images, je découvre ce court film tourné pendant un comité de rédaction à Charlie Hebdo en février 2006. Ce film nous montre comment, ensemble, ils concevaient leurs une en riant, en essayant de trouver le ton juste tout en en étant brillants, intelligents et drôles (…).»
Source : graphism.fr/vido-cration-de-la-une-de-charliehebdo/
Billets en relation :
08/01/2015. Une conf de rédac à Charlie Hebdo, ça ressemblait à ça : www.lesinrocks.com/inrocks.tv/une-conf-de-redac-charlie-hebdo-cetait-ca/

=> Didier Stevens Suite . 08/01/2015. «I bundled most of my software in a ZIP file. In all modesty, I call it Didier Stevens Suite (…).»
Source : blog.didierstevens.com/2015/01/08/didier-stevens-suite/
Billets en relation :
08/01/2015. My Software : blog.didierstevens.com/my-software/

=> OWASP SSL. 08/01/2015. «OWASP SSL advanced forensic tool / OWASP SSL audit for testers. Stable release 15.01.07 (…).»
Source : www.owasp.org/index.php/O-Saft
Billets en relation :
07/01/2015. Updates O-Saft v-15.01.07: OWASP SSL audit for testers / OWASP SSL advanced forensic tool : seclist.us/updates-o-saft-v-15-01-07-owasp-ssl-audit-for-testers-owasp-ssl-advanced-forensic-tool.html

=> Graph-tool. 08/01/2015. «Graph-tool is an efficient Python module for manipulation and statistical analysis of graphs (a.k.a. networks) (…).»
Source : graph-tool.skewed.de/

=> Paensy 0.1 by Ozuru . 08/01/2015. «Paensy is a combination of the word payload and Teensy – Paensy is an attacker-oriented library written for the development of Teensy devices. Paensy simplifies mundane tasks and allows an easier platform for scripting (…).»
Source : github.com/Ozuru/Paensy
Billets en relation :
11/01/2015. Paensy 0.1 Release & Messing Around with the Teensy 3.1 : malware.cat/?p=89

=> Intelligence Information Gathering: Collecting Twitter Followers with 25 lines of Python. 09/01/2015. «In this article, let’s assume that we have a task to perform a penetration test for an online banking system to verify the ability of guessing valid usernames and passwords. If you were a hacker, what would you do? (…).»
Source : resources.infosecinstitute.com/intelligence-information-gathering-collecting-twitter-followers-25-lines-python/

=> GHIRO v-0.1 released . 09/01/2015. «GHIRO v-0.1 released : is a Fully automated and open source software for digital photo & digital image forensics. (…).»
Source : seclist.us/ghiro-v-0-1-released-is-a-fully-automated-and-open-source-software-for-digital-photo-digital-image-forensics.html
Billets en relation :
07/01/2015. GHIRO : www.getghiro.org/#header-section
07/01/2015. Ghiro Automated image forensics tool : github.com/ghirensics/ghiro

=> Liens vagabonds old et new media. 10/01/2015. «Veille média de la semaine, par E. Scherer, directeur de la Prospective, FT. (…).» Diverses veilles thématiques de la semaine.
Source : meta-media.fr/2015/01/10/liens-vagabonds-old-et-new-media-98.html
Billets en relation :
09/01/2015. Recap IT : Attentat Charlie Hebdo, CES 2015, Fin du Patch Tuesday : www.lemondeinformatique.fr/actualites/lire-recap-it-attentat-charlie-hebdo-ces-2015-fin-du-patch-tuesday-59859.html
09/01/2015. La sélection scientifique de la semaine (numéro 153) : passeurdesciences.blog.lemonde.fr/2015/01/09/la-selection-scientifique-de-la-semaine-numero-153/

=> Android-security-awesome. 10/01/2015. «A collection of android security related resources. A lot of work is happening in academia and industry on tools to perform dynamic analysis, static analysis and reverse engineering of android apps (…).»
Source : github.com/ashishb/android-security-awesome

=> Using the Shikra to Attack Embedded Systems: Getting Started. 10/01/2015. «Since we’ve started teaching SexViaHex, many people (not just our students) have asked me (Joe Fitzpatrick) for equipment recommendations for doing their own hardware hacking. I own and use several tools with duplicate and overlapping purposes, since there’s usually a ‘best’ tool for any given job (…).» Date du 26/12.
Source : www.xipiter.com/musings/using-the-shikra-to-attack-embedded-systems-getting-started

=> Archiv – Hacktivity 2014. 10/01/2015. «All 2014 Hacktivity videos have become available. You can watch them in our archives (…).»
Source : hacktivity.com/en/archives/hacktivity-20141/
Billets en relation :
30/10/2014. Gábor Molnár – Handcrafting ASCII Flash Files for Fun and Profit (slides) : hacktivity.com/en/downloads/archives/335/
30/10/2014. Gábor Molnár – Handcrafting ASCII Flash Files for Fun and Profit (vidéo) : www.youtube.com/watch?v=HQNU6EKFQYM

=> BlueScan – A Bluetooth Device Scanner. 10/01/2015. «BlueScan is a BASH script that acts as a Bluetooth device scanner. It’s a tool designed to detect Bluetooth devices within the radio range of your system and extract as much information as possible from the devices without the requirement to pair (…).»
Source : www.darknet.org.uk/2015/01/bluescan-bluetooth-device-scanner/
Billets en relation :
10/01/2015. BlueScan : bluescanner.sourceforge.net/

=> 515ème édition des LIDD. 11/01/2015. «Comme tous les dimanches (ou presque) depuis près de 11 ans maintenant, voici notre sélection des liens les plus insolites de ces derniers jours, tous publiés sur LIDD.fr auparavant (…).»
Source : www.nextinpact.com/news/91693-515eme-edition-lidd-liens-idiots-du-dimanche.htm
 

Publié par

Gof

Canard boiteux numérique ; juste intéressé, juste passionné.