BlackHat Arsenal USA 2018 ToolsWatch黑客工具库

原文链接:https://medium.com/hack-with-github/black-hat-arsenal-usa-2018-the-w0w-lineup-7de9b6d32796

Black Hat Arsenal USA 2018 — The w0w lineup

After the huge success of Black Hat Arsenal USA 2017, @toolswatch has now announced the list of tools selected for Black Hat Arsenal USA 2018.

This time there were a huge number of proposals than expected, so the Arsenal team had a tough time selecting the tools.

NOTE: If you have submitted a proposal and didn’t get selected, don’t worry. Please do submit it again for Black Hat Arsenal EU 2018 / ASIA 2019. The rejected tools don’t necessarily mean that they aren’t good. Also the rejected tools are on the priority list for consideration in upcoming Black Hat Arsenal events.

Some of the selected tools are already present on GitHub and some are yet to be uploaded. This article contains the links to their respective repositories. The tools are arranged according to their tracks. If you like the tool, go to its repository and click Watch to keep updated on the latest commits and pushes.

Some tools will be updated during/after the Arsenal event. Links to the GitHub repositories of those tools will be eventually updated in this article.

If you feel that this article is missing links to some Arsenal tools hosted on GitHub, please comment so that it will updated.

NOTE: Arsenal Theater Demos are denoted using the Projector emoji — ?️

Android, iOS and Mobile Hacking

  • Damn Vulnerable iOS App: Swift Edition
    https://github.com/prateek147/DVIA-v2
    Presenter: Prateek Gianchandani (@prateekg147)

Code Assessment

  • OWASP Dependency-Check
    https://github.com/jeremylong/DependencyCheck
    Presenter: Jeremy Long (@ctxt)
  • Puma Scan
    https://github.com/pumasecurity/puma-scan
    Twitter: (@puma_scan)
    Presenter: Eric Johnson (@emjohn20)

Cryptography

  • DeepViolet: SSL/TLS Scanning API & Tools
    https://github.com/spoofzu/DeepViolet
    Presenter: Milton Smith (@spoofzu)

Data Forensics and Incident Response

  • Bro: Do You Bro? Beginner to Expert
    https://github.com/bro/bro
    Presenter: Seth Hall (@remor)
  • CyBot: Open-Source Threat Intelligence Chat Bot (Full Circle)
    https://github.com/CylanceSPEAR/CyBot
    Presenter: Tony Lee
  • LogonTracer
    https://github.com/JPCERTCC/LogonTracer
    Presenters: Shusei Tomonaga (@shu_tom), Tomoaki Tani
  • rastrea2r (reloaded!): Collecting & Hunting for IOCs with Gusto and Style
    https://github.com/rastrea2r/rastrea2r
    Presenters: Ismael Valenzuela (@aboutsecurity), Sudheendra Bhat
  • RedHunt OS (VM): A Virtual Machine for Adversary Emulation and Threat Hunting
    https://github.com/redhuntlabs/RedHunt-OS
    Presenter: Sudhanshu Chauhan (@Sudhanshu_C)

Exploitation and Ethical Hacking

  • AVET: AntiVirus Evasion Tool
    https://github.com/govolution/avet
    Presenter: Daniel Sauder (@DanielX4v3r)
  • DSP: Docker Security Playground
    https://github.com/giper45/DockerSecurityPlayground
    Presenter: Simon Pietro Romano (@spromano)
  • hideNsneak: An Attack Obfuscation Framework
    https://github.com/rmikehodges/hideNsneak
    Presenters: Michelle Hodges, Mike Hodges (@rmikehodges)
  • Merlin
    https://github.com/Ne0nd0g/merlin
    Presenter: Russel Van Tuyl (@Ne0nd0g)
  • RouterSploit
    https://github.com/threat9/routersploit
    Twitter: @routersploit
    Presenters: Blane Cordes, Marcin Bury

Hardware/Embedded

  • ChipWhisperer
    https://github.com/newaetech/chipwhisperer
    Presenter: Colin O’Flynn (@colinoflynn)
  • ?️ JTAGulator: Uncovering the Achilles Heel of Hardware Security
    https://github.com/grandideastudio/jtagulator
    Presenter: Joe Grand (@joegrand)
  • Micro-Renovator: Bringing Processor Firmware up to Code
    https://github.com/syncsrc/MicroRenovator
    Presenter: Matt King (@syncsrc)
  • TumbleRF: RF Fuzzing Made Easy
    https://github.com/riverloopsec/tumblerf
    Presenters: Matt Knight (@embeddedsec)
  • Walrus: Make the Most of Your Card Cloning Devices
    https://github.com/TeamWalrus/Walrus
    Presenters: Daniel Underhay, Matthew Daley

Internet of Things

  • An Extensible Dynamic Analysis Framework for IoT Devices
    https://github.com/sycurelab/DECAF
    Presenters: Heng Yin, Xunchao Hu, Yaowen Zheng
  • BLE CTF Project
    https://github.com/hackgnar/ble_ctf
    Presenter: Ryan Holeman (@hackgnar)
  • WHID Injector and WHID Elite: A New Generation of HID Offensive Devices
    https://github.com/whid-injector/WHID
    Presenter: Luca Bongiorni (@LucaBongiorni)

Malware Defense

  • Advanced Deep Learning Analytic Platform Made Easy for Every Security Researcher
    https://github.com/intel/Resilient-ML-Research-Platform
    Presenters: Evan Yang, Li Chen
  • EKTotal
    https://github.com/nao-sec/ektotal
    Presenters: Keita Nomura, Rintaro Koike
  • Firmware Audit: Platform Firmware Security Automation for Blue Teams and DFIR
    https://github.com/PreOS-Security/fwaudit
    Presenters: Lee Fisher (@LeeFisher_PreOS), Paul English
  • MaliceIO
    https://github.com/maliceio/malice
    Twitter: @maliceio
    Presenter: Josh Maine
  • Objective-See’s MacOS Security Tools
    https://github.com/objective-see
    Twitter: @objective_see
    Presenter: Patrick Wardle (@patrickwardle)

Malware Offense

  • BloodHound 1.5
    https://github.com/BloodHoundAD/BloodHound
    Presenters: Andy Robbins (@_wald0), Rohan Vazarkar (@CptJesus)

Network Attacks

  • Armory
    https://github.com/depthsecurity/armory
    Presenter: Daniel Lawson (@fang0654)
  • Chiron: An Advanced IPv6 Security Assessment and Penetration Testing Framework
    https://github.com/aatlasis/Chiron
    Presenter: Antonios Atlasis (@AntoniosAtlasis)
  • DELTA: SDN Security Evaluation Framework
    https://github.com/OpenNetworkingFoundation/DELTA
    Presenters: Jinwoo Kim, Seungsoo Lee, Seungwon Shin, Seungwon Woo
  • Mallet: An Intercepting Proxy for Arbitrary Protocols
    https://github.com/sensepost/mallet
    Presenter: Rogan Dawes (@RoganDawes)
  • PowerUpSQL: A PowerShell Toolkit for Attacking SQL Servers in Enterprise Environments
    https://github.com/NetSPI/PowerUpSQL
    Presenters: Antti Rantasaari, Scott Sutherland (@_nullbind)
  • ?️ WarBerryPi
    https://github.com/secgroundzero/warberry
    Presenters: Stella Constantinou, Yiannis Ioannides

Network Defense

  • ANWI (All New Wireless IDS): The $5 WIDS
    https://github.com/SanketKarpe/anwi
    Presenters: Rishikesh Bhide, Sanket Karpe
  • CHIRON: Home-Based Network Analytics & Machine Learning Threat Detection Framework
    https://github.com/jzadeh/chiron-elk
    Presenters: Joseph Zadeh (@JosephZadeh), Rod Soto (@rodsoto)
  • Cloud Security Suite: One Stop Tool for AWS/GCP/Azure Security Audit
    https://github.com/SecurityFTW/cs-suite
    Twitter: @CS_Suite
    Presenters: Divya John, Jayesh Chauhan (@jayeshsch), Shivankar Madaan (@shivankarmadaan)
  • DejaVu: An Open Source Deception Framework
    https://github.com/bhdresh/Dejavu
    Presenters: Bhadreshkumar Patel (@bhdresh), Harish Ramadoss (@hramados)

OSINT — Open Source Intelligence

  • DataSploit 2.0
    https://github.com/DataSploit/datasploit
    Twitter: @datasploit
    Presenter: Shubham Mittal (@upgoingstar)
  • ?️ Dradis Framework: Learn How to Cut Your Reporting Time in Half
    https://github.com/dradis/dradis-ce
    Twitter: @dradisfw
    Presenter: Daniel Martin (@etdsoft)

Reverse Engineering

  • Snake: The Malware Storage Zoo
    https://github.com/countercept/snake
    Presenter: Alex Kornitzer (@AlexKornitzer)

Smart Grid / Industrial Security

  • ?️ GRFICS: A Graphical Realism Framework for Industrial Control Simulations
    https://github.com/djformby/GRFICS
    Presenter: David Formby

Vulnerability Assessment

  • ?️ Adversarial Robustness Toolbox for Machine Learning Models
    https://github.com/IBM/adversarial-robustness-toolbox
    Presenter: Irina Nicolae
  • Android Dynamic Analysis Tool (ADA)
    https://github.com/ANELKAOS/ada
    Presenter: Anelkaos (@ANELKAOS1)
  • ?️ Archery: Open Source Vulnerability Assessment and Management
    https://github.com/archerysec/archerysec
    Twitter: @ArcherySec
    Presenter: Anand Tiwari (@anandtiwarics)
  • boofuzz
    https://github.com/jtpereyda/boofuzz
    Presenter: Joshua Pereyda (@jtpereyda)
  • BTA
    https://github.com/airbus-seclab/bta
    Presenter: Joffrey Czarny (@_Sn0rkY)
  • Deep Exploit
    https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit
    Presenter: Isao Takaesu (@bbr_bbq)
  • Halcyon IDE: For Nmap Script Developers
    https://github.com/s4n7h0/Halcyon
    Presenter: Sanoop Thomas (@s4n7h0)
  • ?️ SimpleRisk
    https://github.com/simplerisk
    Twitter: @simpleriskfree
    Presenter: Josh Sokol (@joshsokol)
  • ?️ TROMMEL
    https://github.com/CERTCC/trommel
    Presenter: Kyle O’Meara

Web AppSec

  • A Look at ModSec 3.0 for NGINX: A Software Web Application Firewall
    https://github.com/SpiderLabs/ModSecurity
    Presenter: Kevin Jones
  • Astra: Automated Security Testing For REST APIs
    https://github.com/flipkart-incubator/Astra
    Presenters: Ankur Bhargava (@_AnkurB), Sagar Popat (@popat_sagar)
  • Burp Replicator: Automate Reproduction of Complex Vulnerabilities
    https://github.com/PortSwigger/replicator
    Presenter: Paul Johnston (@paulpaj)
  • OWASP Offensive Web Testing Framework
    https://github.com/owtf/owtf
    Twitter: @owtfp
    Presenter: Viyat Bhalodia (@viyat)
  • OWASP JoomScan Project
    https://github.com/rezasp/joomscan
    Twitter: @OWASP_JoomScan ‏
    Presenters: Babak Amin Azad, Mohammad Reza Espargham (@rezesp) , Vahid Behzadan (@vbehzadan)
  • WSSAT
    https://github.com/YalcinYolalan/WSSAT
    Presenters: Mehmet Yalcin YOLALAN (@yyolalan), Salih TALAY

If you haven’t looked at the selected tools, check the below embed to view the complete details of the tools and its presenters.

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/news/253833.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

SOA是什么

SOA是什么? SOA是面向服务的架构,是一个组件模型,它将应用程序的不同功能单元(称为服务)通过这些服务之间定义良好的接口和契约联系起来。接口是采用中立的方式进行定义的,它独立于实现服务的硬件平台、操作…

redis 优化

系统优化echo "vm.overcommit_memory1" > /etc/sysctl.conf 0, 表示内核将检查是否有足够的可用内存供应用进程使用;如果有足够的可用内存,内存申请允许;否则,内存申请失败,并把错误返回给应…

IC设计常见设计思想

速度与面积互换原则 所谓速度,是指整个工程稳定运行所能够达到的最高时钟频率,它不仅和电路内部各个寄存器的建立时间、保持时间以及外部器件接口的各种时序要求有关,而且还和两个紧邻的寄存器间的逻辑延时,走线延时有关。所谓面…

DM365 u-boot启动分析

http://www.61ic.com/Article/DaVinci/DM644X/201009/27429.html

(十三)Hibernate高级配置

配置数据库连接池 配置C3P0连接池。先导入c3p0包。然后在hibernate.cfg.xml文件中 &#xff0c;使用下面代码配置连接池<property name"hibernate.connection.provider_class">org.hibernate.connection.C3P0ConnectionProvider</property>可以通过下面的…

eclipse中如何配置tomcat

1.打开eclipse上面的Windows选项&#xff0c;选择Preferences>Server>Runtime Environments>Add 2.选择你电脑中安装的tomcat的版本我的是8所以我选的是Apache Tomcat v8.0 3,Next>Browse选择Tomcat的安装目录&#xff0c;选择jdk 4.Finish>OK tomcat配置完成。…

jsp调试小技巧

console.log($("#toolbar")); 打印对象可知道这个对象的参数信息转载于:https://www.cnblogs.com/chenweida/p/6149342.html

数字IC验证学习(一)

一、数据类型 1、logic logic类型只能有一个驱动。使用wire和reg的地方均可使用logic&#xff0c;但如双向总线等有多个驱动的地方&#xff0c;则不可使用logic。 2、二值逻辑 对于二值逻辑变量与DUT中的四值逻辑变量连接时&#xff0c;如果DUT中产生了X和Z&#xff0c;会被…

SecureCRT 配置文件中 找密码

打开本地电脑如下路径 C:\Users\XXX\AppData\Roaming\VanDyke\Config\Sessions 找到配置文件。 运行命令&#xff1a;python SecureCRTDecrypt.py [配置文件名称] 例如&#xff1a;python SecureCRTDecrypt.py 192.168.1.249.ini ssh root192.168.1.249 # 123456 即可得到密…

刷题比赛

题目描述 给你四个数组A,B,C,D. 给出每个数组的初始值A[1] 1, B[1] 1, C[1] 1, D[1] 1 , A[2] 3, B[2] 3, C[2] 3, D[2] 3; 有以下的递推公式: (1) a[k2]p* a[k1]qa[k]b[k1]c[k1]r k^2t * k1d[k]; (2)b[k2]u* b[k1]vb[k]a[k1]c[k1]w^kd[k]; (3)c[k2]x c[k1]yc[k]a[k1]b[…

自动化测试用例设计原则

自动化测试用例设计原则&#xff1a;每一个用例 都是一个闭合的业务操作。用例之间要保持独立 &#xff0c;不要有操作上的依赖关系&#xff0c;就算有也是测试数据上的依赖。第二个用例 依赖第一个用例产生的数据。转载于:https://www.cnblogs.com/yyjiangnan/p/6149430.html

MII/MDIO接口详解

MII/MDIO接口详解 http://dpinglee.blog.163.com/blog/static/144097753201041131115262/

T24412 Cup#182-3 洞穴之旅

弱连通模板题&#xff0c;不过还是不会。。。 这道题在POJ2762有&#xff0c;这个出题人直接翻译弄过来了。。。 弱连通的定义是&#xff1a;从u能到达v或从v能到达u&#xff0c;则u和v这两个点弱连通。 显然如果是强连通分量就一定是弱连通分量啦&#xff0c;所以可以直接缩点…

PCB相关的基础知识

http://www.elecfans.com/article/89/92/2017/20170425510728.html转载于:https://www.cnblogs.com/jackn-crazy/p/7300228.html

sql server 修改表结构语法大全

1.增加字段 alter table docdsp add dspcode char(200) 2.删除字段 alter table table_name drop column column_name 3.修改字段类型 alter table table_name alter column column_name new_data_type 2.6.1. 增加字段 要增加一个字段&#xff0c;使用这条命令…

Flutter - 生成二维码与识别二维码

#生成二维码 ##首先需要在pubspec.yaml:中添加 qr_flutter: ^1.1.3 其次&#xff0c;引入代码&#xff1a; import package:qr_flutter/qr_flutter.dart; 核心代码如下&#xff1a; child: QrImage(data: "这里是需要生成二维码的数据",size: 100.0,onError: (ex) {p…

任意小数分频设计

对于任意小数分频&#xff0c;如果有PLL的话&#xff0c;直接倍频再分频即可&#xff1b;或常用的方法有双模前置小数分频和脉冲删除小数分频。前一种方法设计较为复杂&#xff0c;因此主要以第二种方式为主设计了一下。 任意小数均可以化为分数&#xff0c;例如要进行5.3分频即…

Bootstrap--圆角图片`圆形图

转载于:https://www.cnblogs.com/qiyiyifan/p/6159823.html