1. 程式人生 > >BlackHat Arsenal USA 2018 ToolsWatch黑客工具庫

BlackHat Arsenal USA 2018 ToolsWatch黑客工具庫

http most spi owasp watch asa eat reat str

原文鏈接:https://medium.com/hack-with-github/black-hat-arsenal-usa-2018-the-w0w-lineup-7de9b6d32796

Black Hat Arsenal USA 2018?—?The w0w lineup

After the huge success of Black Hat Arsenal USA 2017, @toolswatch has now announced the list of tools selected for Black Hat Arsenal USA 2018.

This time there were a huge number of proposals than expected, so the Arsenal team had a tough time selecting the tools.

NOTE: If you have submitted a proposal and didn’t get selected, don’t worry. Please do submit it again for Black Hat Arsenal EU 2018 / ASIA 2019. The rejected tools don’t necessarily mean that they aren’t good. Also the rejected tools are on the priority list for consideration in upcoming Black Hat Arsenal events.

Some of the selected tools are already present on GitHub and some are yet to be uploaded. This article contains the links to their respective repositories. The tools are arranged according to their tracks. If you like the tool, go to its repository and click Watch to keep updated on the latest commits and pushes.

Some tools will be updated during/after the Arsenal event. Links to the GitHub repositories of those tools will be eventually updated in this article.

If you feel that this article is missing links to some Arsenal tools hosted on GitHub, please comment so that it will updated.

NOTE: Arsenal Theater Demos are denoted using the Projector emoji?—????

Android, iOS and Mobile Hacking

  • Damn Vulnerable iOS App: Swift Edition
    https://github.com/prateek147/DVIA-v2
    Presenter: Prateek Gianchandani (@prateekg147)

Code Assessment

  • OWASP Dependency-Check
    https://github.com/jeremylong/DependencyCheck
    Presenter: Jeremy Long (@ctxt)
  • Puma Scan
    https://github.com/pumasecurity/puma-scan
    Twitter: (@puma_scan)
    Presenter: Eric Johnson (@emjohn20)

Cryptography

  • DeepViolet: SSL/TLS Scanning API & Tools
    https://github.com/spoofzu/DeepViolet
    Presenter: Milton Smith (@spoofzu)

Data Forensics and Incident Response

  • Bro: Do You Bro? Beginner to Expert
    https://github.com/bro/bro
    Presenter: Seth Hall (@remor)
  • CyBot: Open-Source Threat Intelligence Chat Bot (Full Circle)
    https://github.com/CylanceSPEAR/CyBot
    Presenter: Tony Lee
  • LogonTracer
    https://github.com/JPCERTCC/LogonTracer
    Presenters: Shusei Tomonaga (@shu_tom), Tomoaki Tani
  • rastrea2r (reloaded!): Collecting & Hunting for IOCs with Gusto and Style
    https://github.com/rastrea2r/rastrea2r
    Presenters: Ismael Valenzuela (@aboutsecurity), Sudheendra Bhat
  • RedHunt OS (VM): A Virtual Machine for Adversary Emulation and Threat Hunting
    https://github.com/redhuntlabs/RedHunt-OS
    Presenter: Sudhanshu Chauhan (@Sudhanshu_C)

Exploitation and Ethical Hacking

  • AVET: AntiVirus Evasion Tool
    https://github.com/govolution/avet
    Presenter: Daniel Sauder (@DanielX4v3r)
  • DSP: Docker Security Playground
    https://github.com/giper45/DockerSecurityPlayground
    Presenter: Simon Pietro Romano (@spromano)
  • hideNsneak: An Attack Obfuscation Framework
    https://github.com/rmikehodges/hideNsneak
    Presenters: Michelle Hodges, Mike Hodges (@rmikehodges)
  • Merlin
    https://github.com/Ne0nd0g/merlin
    Presenter: Russel Van Tuyl (@Ne0nd0g)
  • RouterSploit
    https://github.com/threat9/routersploit
    Twitter: @routersploit
    Presenters: Blane Cordes, Marcin Bury

Hardware/Embedded

  • ChipWhisperer
    https://github.com/newaetech/chipwhisperer
    Presenter: Colin O’Flynn (@colinoflynn)
  • ??? JTAGulator: Uncovering the Achilles Heel of Hardware Security
    https://github.com/grandideastudio/jtagulator
    Presenter: Joe Grand (@joegrand)
  • Micro-Renovator: Bringing Processor Firmware up to Code
    https://github.com/syncsrc/MicroRenovator
    Presenter: Matt King (@syncsrc)
  • TumbleRF: RF Fuzzing Made Easy
    https://github.com/riverloopsec/tumblerf
    Presenters: Matt Knight (@embeddedsec)
  • Walrus: Make the Most of Your Card Cloning Devices
    https://github.com/TeamWalrus/Walrus
    Presenters: Daniel Underhay, Matthew Daley

Internet of Things

  • An Extensible Dynamic Analysis Framework for IoT Devices
    https://github.com/sycurelab/DECAF
    Presenters: Heng Yin, Xunchao Hu, Yaowen Zheng
  • BLE CTF Project
    https://github.com/hackgnar/ble_ctf
    Presenter: Ryan Holeman (@hackgnar)
  • WHID Injector and WHID Elite: A New Generation of HID Offensive Devices
    https://github.com/whid-injector/WHID
    Presenter: Luca Bongiorni (@LucaBongiorni)

Malware Defense

  • Advanced Deep Learning Analytic Platform Made Easy for Every Security Researcher
    https://github.com/intel/Resilient-ML-Research-Platform
    Presenters: Evan Yang, Li Chen
  • EKTotal
    https://github.com/nao-sec/ektotal
    Presenters: Keita Nomura, Rintaro Koike
  • Firmware Audit: Platform Firmware Security Automation for Blue Teams and DFIR
    https://github.com/PreOS-Security/fwaudit
    Presenters: Lee Fisher (@LeeFisher_PreOS), Paul English
  • MaliceIO
    https://github.com/maliceio/malice
    Twitter: @maliceio
    Presenter: Josh Maine
  • Objective-See’s MacOS Security Tools
    https://github.com/objective-see
    Twitter: @objective_see
    Presenter: Patrick Wardle (@patrickwardle)

Malware Offense

  • BloodHound 1.5
    https://github.com/BloodHoundAD/BloodHound
    Presenters: Andy Robbins (@_wald0), Rohan Vazarkar (@CptJesus)

Network Attacks

  • Armory
    https://github.com/depthsecurity/armory
    Presenter: Daniel Lawson (@fang0654)
  • Chiron: An Advanced IPv6 Security Assessment and Penetration Testing Framework
    https://github.com/aatlasis/Chiron
    Presenter: Antonios Atlasis (@AntoniosAtlasis)
  • DELTA: SDN Security Evaluation Framework
    https://github.com/OpenNetworkingFoundation/DELTA
    Presenters: Jinwoo Kim, Seungsoo Lee, Seungwon Shin, Seungwon Woo
  • Mallet: An Intercepting Proxy for Arbitrary Protocols
    https://github.com/sensepost/mallet
    Presenter: Rogan Dawes (@RoganDawes)
  • PowerUpSQL: A PowerShell Toolkit for Attacking SQL Servers in Enterprise Environments
    https://github.com/NetSPI/PowerUpSQL
    Presenters: Antti Rantasaari, Scott Sutherland (@_nullbind)
  • ??? WarBerryPi
    https://github.com/secgroundzero/warberry
    Presenters: Stella Constantinou, Yiannis Ioannides

Network Defense

  • ANWI (All New Wireless IDS): The $5 WIDS
    https://github.com/SanketKarpe/anwi
    Presenters: Rishikesh Bhide, Sanket Karpe
  • CHIRON: Home-Based Network Analytics & Machine Learning Threat Detection Framework
    https://github.com/jzadeh/chiron-elk
    Presenters: Joseph Zadeh (@JosephZadeh), Rod Soto (@rodsoto)
  • Cloud Security Suite: One Stop Tool for AWS/GCP/Azure Security Audit
    https://github.com/SecurityFTW/cs-suite
    Twitter: @CS_Suite
    Presenters: Divya John, Jayesh Chauhan (@jayeshsch), Shivankar Madaan (@shivankarmadaan)
  • DejaVu: An Open Source Deception Framework
    https://github.com/bhdresh/Dejavu
    Presenters: Bhadreshkumar Patel (@bhdresh), Harish Ramadoss (@hramados)

OSINT?—?Open Source Intelligence

  • DataSploit 2.0
    https://github.com/DataSploit/datasploit
    Twitter: @datasploit
    Presenter: Shubham Mittal (@upgoingstar)
  • ??? Dradis Framework: Learn How to Cut Your Reporting Time in Half
    https://github.com/dradis/dradis-ce
    Twitter: @dradisfw
    Presenter: Daniel Martin (@etdsoft)

Reverse Engineering

  • Snake: The Malware Storage Zoo
    https://github.com/countercept/snake
    Presenter: Alex Kornitzer (@AlexKornitzer)

Smart Grid / Industrial Security

  • ??? GRFICS: A Graphical Realism Framework for Industrial Control Simulations
    https://github.com/djformby/GRFICS
    Presenter: David Formby

Vulnerability Assessment

  • ??? Adversarial Robustness Toolbox for Machine Learning Models
    https://github.com/IBM/adversarial-robustness-toolbox
    Presenter: Irina Nicolae
  • Android Dynamic Analysis Tool (ADA)
    https://github.com/ANELKAOS/ada
    Presenter: Anelkaos (@ANELKAOS1)
  • ??? Archery: Open Source Vulnerability Assessment and Management
    https://github.com/archerysec/archerysec
    Twitter: @ArcherySec
    Presenter: Anand Tiwari (@anandtiwarics)
  • boofuzz
    https://github.com/jtpereyda/boofuzz
    Presenter: Joshua Pereyda (@jtpereyda)
  • BTA
    https://github.com/airbus-seclab/bta
    Presenter: Joffrey Czarny (@_Sn0rkY)
  • Deep Exploit
    https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit
    Presenter: Isao Takaesu (@bbr_bbq)
  • Halcyon IDE: For Nmap Script Developers
    https://github.com/s4n7h0/Halcyon
    Presenter: Sanoop Thomas (@s4n7h0)
  • ??? SimpleRisk
    https://github.com/simplerisk
    Twitter: @simpleriskfree
    Presenter: Josh Sokol (@joshsokol)
  • ??? TROMMEL
    https://github.com/CERTCC/trommel
    Presenter: Kyle O’Meara

Web AppSec

  • A Look at ModSec 3.0 for NGINX: A Software Web Application Firewall
    https://github.com/SpiderLabs/ModSecurity
    Presenter: Kevin Jones
  • Astra: Automated Security Testing For REST APIs
    https://github.com/flipkart-incubator/Astra
    Presenters: Ankur Bhargava (@_AnkurB), Sagar Popat (@popat_sagar)
  • Burp Replicator: Automate Reproduction of Complex Vulnerabilities
    https://github.com/PortSwigger/replicator
    Presenter: Paul Johnston (@paulpaj)
  • OWASP Offensive Web Testing Framework
    https://github.com/owtf/owtf
    Twitter: @owtfp
    Presenter: Viyat Bhalodia (@viyat)
  • OWASP JoomScan Project
    https://github.com/rezasp/joomscan
    Twitter: @OWASP_JoomScan ?
    Presenters: Babak Amin Azad, Mohammad Reza Espargham (@rezesp) , Vahid Behzadan (@vbehzadan)
  • WSSAT
    https://github.com/YalcinYolalan/WSSAT
    Presenters: Mehmet Yalcin YOLALAN (@yyolalan), Salih TALAY

If you haven’t looked at the selected tools, check the below embed to view the complete details of the tools and its presenters.

BlackHat Arsenal USA 2018 ToolsWatch黑客工具庫