» Infosec

This is where I’ll post about some of my Infosec exploits. Just for fun. This is unrelated to my sound-work and therefore also not indexed on the home-page. This serves primarily as a respository for myself.
I hack for the cerebral challenge and the lulz. Find me on twitter @Mad_HowardBeale if you wanna chat. If you like what you see here and wanna help keep my hobby afloat please feel free to leave a donation at: 1BMdBUgXJqt85MjCJCXAmMAShKMtWm2SXe

 

VMs

A list of VM challenges. Hacking for fun.
Billy Madison 1.1VulnHub


CTFs

A list of CTF hacking challenges
Tommy Boy 1.0VulnHub


 

Articles/Research

The Equation Group’s Firewall Exploit Chain
ONIOFF – Onion URL Inspector
How I bypassed 2-Factor-Authentication on Google, Facebook, Yahoo, LinkedIn, and many others
MISP – Malware Information Sharing Platform & Threat Sharing
Basic Linux Privilege Escalation
Using the Nmap Scripting Engine (NSE) for Reconnaissance
Wireless GUI Android Security Assessment: Hijacker
To hack an Uber
Sacred Cash Cow Tipping 2017(AV bypass)
ZMap is an open-source network scanner that enables researchers to easily perform Internet-wide network studies
How to create a self-extracting archive or installer on Linux
Add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs’ code
Tr-069 and 064 vulns on WAN modems
SWIFT hacked by NSA
FUZZBUNCH article
51 Tools for Security Analysis
BASS (pronounced “bæs”) is a framework designed to automatically generate antivirus signatures from samples belonging to previously generated malware clusters.
 

Tools

CAINE (Computer Aided INvestigative Environment)
FUZZBUNCH
Simple info gathering tools
Online NMAP
Reverse IP Lookup Tool: RevIP
FireWall KNock OPerator
Twitter OSINT Tool Tinfoleak
Extract text and media content from docx
Transparently tunnel your IP traffic through ICMP echo and reply packets
Acunetix Free Manual Pen Testing Tools
Web pen-test tool Punk.sh
A python program to create a fake AP and sniff data. mitmAP
Phishing application to aid in sending emails more simply and allowing for more control over settings.
A collection of Windows, Linux and MySQL privilege escalation scripts and exploits
Searchable Kernel privescXploits
RedSnarf, a penetration testing/red-teaming tool for retrieving hashes and credentials from workstations, servers and domain controllers using OpSec-Safe Techniques.
OpenSnitch is an application level firewall, meaning then while running, it will detect and alert the user for every outgoing connection applications he’s running are creating.
SCUTUM is an ARP firewall that prevents your computer from being arp spoofed. Scutum controls “arptables” in your computer so it accepts ARP packets only from the gateway.
Morpheus automates tcp/udp packet manipulation tasks by using etter filters to manipulate target requests/responses under MitM attacks replacing the tcp/udp packet contents with our contents before forwarding the packet to the target host
LOCKLEVEL was a rapidly built prototype that demonstrates a method for scoring how well Windows systems have implemented some of the NSA Information Assurance top 10 mitigation strategies.