wjy + security   419

CRXcavator - Burning Vocabulary: highlight & track words
CRXcavator automatically scans the entire Chrome Web Store every 3 hours and produces a quantified risk score for each Chrome Extension based on several factors. These factors include permissions, inclusion of vulnerable third party javascript libraries, weak content security policies, missing details from the Chrome Web Store description, and more. Organizations can use this tool to assess the Chrome Extensions they have installed and to move towards implementing explicit allow (whitelisting) for their organization.

CRXcavator was created as an internal tool by Duo’s Corporate Security Engineering team to solve a real problem in our organization. When maintaining a list of explicitly allowed Chrome Extensions it can be difficult to uniformly assess the risk introduced by adding a new extension to the allowed list. Because CRXcavator has solved real problems for us internally, we have made it a publicly available tool. You can get started by scanning an extension, or you can create an account and group to take advantage of our enterprise features.
chrome  extension  privacy  security  scanner 
18 days ago by wjy
TCP/IP stack fingerprinting - Wikipedia
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may then be used to infer the remote machine's operating system (aka, OS fingerprinting), or incorporated into a device fingerprint.
tcp  security  fingerprints  wikipedia  scanner  privacy 
june 2019 by wjy
Ghidra is a software reverse engineering (SRE) framework developed by NSA's Research Directorate for NSA's cybersecurity mission. It helps analyze malicious code and malware like viruses, and can give cybersecurity professionals a better understanding of potential vulnerabilities in their networks and systems.
security  hacking  decompiler  reverseengineering  nsa  opensource 
march 2019 by wjy
exploitagency/ESPloitV2: WiFi Keystroke Injection Tool designed for an Atmega 32u4/ESP8266 Paired via Serial (Cactus WHID Firmware). Also features Serial, HTTP, and PASV FTP exfiltration methods and an integrated Credential Harvester Phishing tool called
WiFi Keystroke Injection Tool designed for an Atmega 32u4/ESP8266 Paired via Serial (Cactus WHID Firmware). Also features Serial, HTTP, and PASV FTP exfiltration methods and an integrated Credential Harvester Phishing tool called ESPortal.
security  wifi  hardware 
february 2019 by wjy
schollz/howmanypeoplearearound: Count the number of people around you by monitoring wifi signals
Count the number of people around you 👨‍👨‍👦 by monitoring wifi signals 📡.

howmanypeoplearearound calculates the number of people in the vicinity using the approximate number of smartphones as a proxy (since ~70% of people have smartphones nowadays). A cellphone is determined to be in proximity to the computer based on sniffing WiFi probe requests. Possible uses of howmanypeoplearearound include: monitoring foot traffic in your house with Raspberry Pis, seeing if your roommates are home, etc.

Tested on Linux (Raspbian and Ubuntu) and Mac OS X.

It may be illegal to monitor networks for MAC addresses, especially on networks that you do not own. Please check your country's laws (for US Section 18 U.S. Code § 2511) - discussion.
python  wifi  wireless  privacy  security 
january 2019 by wjy
Ne0nd0g/merlin: Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
security  agent  cli  http2  golang 
january 2019 by wjy
PySyft/examples/tutorials at master · OpenMined/PySyft
Part 1: The Basic Tools of Private, Decentralized Data Science
Part 2: Intro to Federated Learning
Part 3: Advanced Remote Execution Tools
Part 4: Federated Learning via Trusted Aggregator
Part 5: Intro to Encrypted Programs
Part 6: Build an Encrypted, Decentralized Database
Part 7: Build an Encrypted, Decentralized Ledger
Part 8: Federated Learning - Encrypted Gradient Aggregation
Part 9: Train an Encrypted Neural Network on Encrypted Data
privacy  security  machinelearning  ai  blockchain  decentralized 
december 2018 by wjy
virtualabs/btlejack: Bluetooth Low Energy Swiss-army knife
Btlejack provides everything you need to sniff, jam and hijack Bluetooth Low Energy devices. It relies on one or more BBC Micro:Bit. devices running a dedicated firmware. You may also want to use an Adafruit's Bluefruit LE sniffer or a nRF51822 Eval Kit, as we added support for these devices.

This tool only supports Bluetooth Low Energy 4.x.
bluetooth  python  opensource  security  tools 
september 2018 by wjy
google/tink: Tink is a multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
Tink is a multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
google  library  crypto  cryptography  security  java  c++ 
september 2018 by wjy
paragonie/paseto: Platform-Agnostic Security Tokens
Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague the JOSE standards.

What follows is a reference implementation. Requires PHP 7 or newer.
php  alternative  jwt  authentication  security 
june 2018 by wjy
radare/radare2: unix-like reverse engineering framework and commandline tools security
unix-like reverse engineering framework and commandline tools security http://www.radare.org/

radare2 is portable.


6502, 8051, CRIS, H8/300, LH5801, T8200, arc, arm, avr, bf, blackfin, xap, dalvik, dcpu16, gameboy, i386, i4004, i8080, m68k, malbolge, mips, msil, msp430, nios II, powerpc, rar, sh, snes, sparc, tms320 (c54x c55x c55+), V810, x86-64, zimg, risc-v.

File Formats:

bios, CGC, dex, elf, elf64, filesystem, java, fatmach0, mach0, mach0-64, MZ, PE, PE+, TE, COFF, plan9, dyldcache, Commodore VICE emulator, Game Boy (Advance), Nintendo DS ROMs and Nintendo 3DS FIRMs.

Operating Systems:

Android, GNU/Linux, [Net|Free|Open]BSD, iOS, OSX, QNX, w32, w64, Solaris, Haiku, FirefoxOS


Vala/Genie, Python (2, 3), NodeJS, Lua, Go, Perl, Guile, php5, newlisp, Ruby, Java, OCaml, ...
framework  unix  debugging  reverseengineering  security  hacking  cli  commandline  radare 
june 2018 by wjy
Return-oriented programming - Wikipedia
Return-oriented programming (ROP) is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as executable space protection and code signing.[1]
exploits  security  cracking  wikipedia  rop 
may 2018 by wjy
Zenmap - Official cross-platform Nmap Security Scanner GUI
Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. The results of recent scans are stored in a searchable database.
gui  tools  nmap  security  networking  scanner 
april 2018 by wjy
iSECPartners/ios-ssl-kill-switch: Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS Apps
Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS Apps
ios  security  ssl  tls  tool  app 
march 2018 by wjy
VPN Leak - VoidSec
TL:DR: VPN leaks users’ IPs via WebRTC.
I’ve tested seventy VPN providers and 16 of them leaks users’ IPs via WebRTC (23%)
security  vpn  webrtc  privacy  article  networking  stun  ice 
march 2018 by wjy
OpenPGP.js | OpenPGP JavaScript Implementation
This project aims to provide an Open Source OpenPGP library in JavaScript so it can be used on virtually every device. Instead of other implementations that are aimed at using native code, OpenPGP.js is meant to bypass this requirement (i.e. people will not have to install gpg on their machines in order to use the library). The idea is to implement all the needed OpenPGP functionality in a JavaScript library that can be reused in other projects that provide browser extensions or server applications. It should allow you to sign, encrypt, decrypt, and verify any kind of text - in particular e-mails - as well as managing keys.
javascript  js  opensource  openpgp  pgp  security 
march 2018 by wjy
ForbesLindesay/connect-roles: Provides dynamic roles based authorisation for node.js connect and express servers.
Connect roles is designed to work with connect or express. It is an authorisation provider, not an authentication provider. It is designed to support context sensitive roles/abilities, through the use of middleware style authorisation strategies.

If you're looking for an authentication system I suggest you check out passport.js, which works perfectly with this module.
nodejs  javascript  js  security  authorization 
march 2018 by wjy
LuLu is the free open-source macOS firewall that aims to block unknown outgoing connections, unless explicitly approved by the user.
osx  security  mac  firewall  software 
january 2018 by wjy
Pown.js is the security testing an exploitation framework built on top of Node.js and NPM.
js  javascript  node.js  nodejs  testing  exploitation  framework  security 
january 2018 by wjy
Ophcrack is a free Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.

» Runs on Windows, Linux/Unix, Mac OS X, ...
» Cracks LM and NTLM hashes.
» Free tables available for Windows XP and Vista/7.
» Brute-force module for simple passwords.
» Audit mode and CSV export.
» Real-time graphs to analyze the passwords.
» LiveCD available to simplify the cracking.
» Dumps and loads hashes from encrypted SAM recovered from a Windows partition.
» Free and open source software (GPL).
tools  security  password  windows  crack 
january 2018 by wjy
« earlier      
per page:    204080120160

related tags

!awesome  2fa  3ds  3rdparty  acoustic  adsafe  advertising  aes  afl  agent  ai  airbnb  Ajax  algorithm  algorithms  alternative  analysis  analytics  analyze  analyzer  android  anonymous  ansible  apache  api  app  apple  apps  apt  arduido  arm  article  asm  assembly  attack  audit  auditing  auth  authentication  authenticator  authorization  automation  awesome  aws  backup  bash  bcrypt  best-practice  best-practices  bestpractice  bestpractices  bigint  bigip  binary  blackhat  blacklist  blind-injection  blockchain  blog  bluetooth  bmp  bomb  book  books  botdetection  botnet  bro  browser  browsers  bruteforce  bug  bugs  burp  burpsuite  c++  ca  cache  camera  canvas  captcha  car  cars  censorship  certificate  certificates  challenge  challenges  chat  cheat  cheatsheet  checker  checklist  chef  china  chinese  chrome  chromebook  chromeos  ci  cipher  cjdns  cli  client  cloud  cloudrlare  cluster  CMS  cobalt  code  codereview  coding  coffeescript  collection  collision  commandline  communication  compare  comparison  compression  compsci  concurrency  config  configuration  constants  consul  converter  cookie  cookies  cool  cornell  cpu  crack  cracking  crime  cryptanalysis  crypto  cryptographic  cryptography  cs  csp  csrf  css  csv  ctf  ctypto  cyclone  daemontools  data  database  ddos  ddr  debian  debugging  decentralized  decoder  decompiler  defense  demo  dependency  developer  development  devops  DHTML  dictionary  directory  distributed  distributioin  distro  diy  djbdns  dll  dma  dmarc  dns  dnschain  dnssec  docs  domain  dos  dpi  drawing  dropbox  dvwa  dylib  ebook  ecc  ecommerce  education  electronics  email  emergency  encoding  encrypted  encryption  enterprise  etcd  ev  excel  exercises  exploit  exploitation  exploits  express  express.js  extension  f5  fake  fastjson  fiddler  FIDO  filename  filesharing  filesystem  filetransfer  filter  fingerprint  fingerprinting  fingerprints  firefox  firewall  firmware  fitbit  flash  forkbomb  framework  fraud  freakattack  free  freenet  frida  fullscreen  fun  fuzz  fuzzing  gadgets  gamedev  gamehacking  gas  gateway  gcp  gdb  gdpr  gem  generator  gethostname  gfw  gif  github  glibc  gnupg  golang  google  gpg  gpgpu  gps  gpu  gsm  gui  guide  hack  hacker  hackernews  hacking  hacks  Hackvertor  hardware  hash  hashing  hashtable  header  heartbleed  hijack  hijacking  hmac  hn  home  homeautomation  homebrew  honeypot  honeypots  host  hosting  howto  hpkp  hsm  hsts  html  html5  http  http2  https  ice  icmp  identity  ids  ietf  iframe  im  image  imsi  infosec  ini  inject  injection  innovation  integer  internet  intro  ios  iot  ipcop  ipfilter  iphone  iptables  issuce  jabber  jailbreaking  java  javascript  jquery  js  jscript  json  jsonp  jwt  kali  kaspersky  kernel  keybase  keyboard  keychain  keypress  keys  krack  ksplice  l2tp  language  laptop  leak  learning  less  letsencrypt  libc  libpcap  library  linux  list  livecd  loadbancer  lock  login  mac  machinelearning  macos  magazine  malware  maps  math  md5  meltdown  memory  messages  messaging  metasploit  mhn  microservices  middleware  minecraft  minion  mit  mitm  mitmproxy  mits  mobile  mongodb  monitoring  mozilla  msdn  msf  multifactor  mysql  names  nasl  ncat  nessus  netcat  network  networking  news  nexpose  nginx  nmap  node  node.js  nodejs  nosql  npm  nsa  nss  oath  oauth  oauth2  oclhashcat  ollydbg  onetime  online  openbsd  openpgp  opensource  openssh  openssl  openvpn  openwrt  opera  operatingsystem  organization  os  osx  otp  owasp  p2p  packages  packet  padrino  pam  paper  parser  parsing  password  passwords  paste  pastebin  patch  path  pathoc  pathod  payment  PBKDF2  pci  pcileech  pdf  penetration  penetrationtesting  pennetration  pentesting  people  performance  perl  pgp  phantomjs  phishing  phison  phone  php  php5  ping  pipe  pkcs11  pki  PktFilter  platform  plugin  poc  portscanner  posix  postmessage  postscript  pppoe  pptp  privacy  privly  productivity  programming  protocol  provider  proxy  publickey  puppet  purifier  puzzle  python  qmail  qt  racecondition  radare  radio  ram  random  raspberry-pi  raspberrypi  reading  recaptcha  redphone  refer  reference  remote  repository  research  resource  resources  resqme  reverseeng  reverseengineering  ricochet  rop  ror  router  routing  rsa  ruby  rubyonrails  rules  sa  saas  safe  safety  Samy  sasl  scale  scan  scanner  scripting  scrypt  sdr  search  searchengine  security  seif  sensors  server  serverside  service  session  sessions  setup  sha1  sha2  shadowsocks  sharedarraybuffer  sharedmemory  sharing  shattered  shell  shellshock  sidechannel  signalprocessing  signature  simple  simswap  sinatra  sip  slack  slowloris  smartphone  sms  sniffer  socialengineering  socks  softether  software  Spaceflash  spam  spec  spectre  spider  spy  sql  sqlinjection  sqlite  ssh  ssh-agent  sshagent  SSJS  ssl  ssllab  sslmate  standard  standards  stanf  stanford  steganography  storage  strava  string  stun  stunnel  suhosin  surveillance  survival  swf  sysadmin  tack  Tahoe-LAFS  tcp  technology  tencent  test  tester  testing  third-party  tiktok  timer  tips  tls  tool  toolkit  tools  tor  tplink  transparency  tunnel  tutorial  tutorials  twilio  twofactor  txt  U2F  UAF  ubuntu  udp  ui  ukraine  unix  unpacking  upload  uploading  upnp  usb  utilities  utility  venom  video  virtual  virtulization  visualization  vm  vpn  vulnerability  vurlnerability  w3c  wannacry  wannaCrypt  web  web2.0  webappsec  webbrowser  webdev  webgl  webpayments  webrtc  webscraping  websec  websecurity  webserver  websocket  websockets  whitelist  wifi  wiki  wikid  wikipedia  wildcard  windows  winpcap  wireless  wispi  witopia  wordpress  worm  wpa2  wps  wsChess  WYSIWYG  XHR  xml  xmpp  xss  Yamanner  yubikey  zap  zeroknowledge  zip  zmap 

Copy this bookmark: