BlackHat Arsenal USA 2018 ToolsWatch黑客工具库
原文链接:https://medium.com/hack-with-github/black-hat-arsenal-usa-2018-the-w0w-lineup-7de9b6d32796
Black Hat Arsenal USA 2018 — The w0w lineup
After the huge success of Black Hat Arsenal USA 2017, @toolswatch has now announced the list of tools selected for Black Hat Arsenal USA 2018.
This time there were a huge number of proposals than expected, so the Arsenal team had a tough time selecting the tools.
NOTE: If you have submitted a proposal and didn’t get selected, don’t worry. Please do submit it again for Black Hat Arsenal EU 2018 / ASIA 2019. The rejected tools don’t necessarily mean that they aren’t good. Also the rejected tools are on the priority list for consideration in upcoming Black Hat Arsenal events.
Some of the selected tools are already present on GitHub and some are yet to be uploaded. This article contains the links to their respective repositories. The tools are arranged according to their tracks. If you like the tool, go to its repository and click Watch to keep updated on the latest commits and pushes.
Some tools will be updated during/after the Arsenal event. Links to the GitHub repositories of those tools will be eventually updated in this article.
If you feel that this article is missing links to some Arsenal tools hosted on GitHub, please comment so that it will updated.
NOTE: Arsenal Theater Demos are denoted using the Projector emoji — 📽️
Android, iOS and Mobile Hacking
- **Damn Vulnerable iOS App: Swift Edition **
https://github.com/prateek147/DVIA-v2
Presenter: Prateek Gianchandani (@prateekg147)
Code Assessment
- **OWASP Dependency-Check **
https://github.com/jeremylong/DependencyCheck
Presenter: Jeremy Long (@ctxt) - **Puma Scan **
https://github.com/pumasecurity/puma-scan
**Twitter: **(@puma_scan)
Presenter: Eric Johnson (@emjohn20)
Cryptography
- **DeepViolet: SSL/TLS Scanning API & Tools **
https://github.com/spoofzu/DeepViolet
Presenter: Milton Smith (@spoofzu)
Data Forensics and Incident Response
- **Bro: Do You Bro? Beginner to Expert **
https://github.com/bro/bro
Presenter: Seth Hall (@remor) - CyBot: Open-Source Threat Intelligence Chat Bot (Full Circle)
https://github.com/CylanceSPEAR/CyBot
Presenter: Tony Lee - **LogonTracer **
https://github.com/JPCERTCC/LogonTracer
Presenters: Shusei Tomonaga (@shu_tom), Tomoaki Tani - **rastrea2r (reloaded!): Collecting & Hunting for IOCs with Gusto and Style **
https://github.com/rastrea2r/rastrea2r
Presenters: Ismael Valenzuela (@aboutsecurity), Sudheendra Bhat - **RedHunt OS (VM): A Virtual Machine for Adversary Emulation and Threat Hunting **
https://github.com/redhuntlabs/RedHunt-OS
Presenter: Sudhanshu Chauhan (@Sudhanshu_C)
Exploitation and Ethical Hacking
- **AVET: AntiVirus Evasion Tool **
https://github.com/govolution/avet
Presenter: Daniel Sauder (@DanielX4v3r) - **DSP: Docker Security Playground **
https://github.com/giper45/DockerSecurityPlayground
Presenter: Simon Pietro Romano (@spromano) - **hideNsneak: An Attack Obfuscation Framework **
https://github.com/rmikehodges/hideNsneak
Presenters: Michelle Hodges, Mike Hodges (@rmikehodges) - **Merlin **
https://github.com/Ne0nd0g/merlin
**Presenter: **Russel Van Tuyl (@Ne0nd0g) - **RouterSploit **
https://github.com/threat9/routersploit
Twitter: @routersploit
**Presenters: **Blane Cordes, Marcin Bury
Hardware/Embedded
- **ChipWhisperer **
https://github.com/newaetech/chipwhisperer
Presenter: Colin O’Flynn (@colinoflynn) - 📽️ JTAGulator: Uncovering the Achilles Heel of Hardware Security
https://github.com/grandideastudio/jtagulator
Presenter: Joe Grand (@joegrand) - **Micro-Renovator: Bringing Processor Firmware up to Code **
https://github.com/syncsrc/MicroRenovator
Presenter: Matt King (@syncsrc) - **TumbleRF: RF Fuzzing Made Easy **
https://github.com/riverloopsec/tumblerf
**Presenters: **Matt Knight (@embeddedsec) - **Walrus: Make the Most of Your Card Cloning Devices **
https://github.com/TeamWalrus/Walrus
**Presenters: **Daniel Underhay, Matthew Daley
Internet of Things
- **An Extensible Dynamic Analysis Framework for IoT Devices **
https://github.com/sycurelab/DECAF
Presenters: Heng Yin, Xunchao Hu, Yaowen Zheng - **BLE CTF Project **
https://github.com/hackgnar/ble_ctf
Presenter: Ryan Holeman (@hackgnar) - **WHID Injector and WHID Elite: A New Generation of HID Offensive Devices **
https://github.com/whid-injector/WHID
**Presenter: **Luca Bongiorni (@LucaBongiorni)
Malware Defense
- **Advanced Deep Learning Analytic Platform Made Easy for Every Security Researcher **
https://github.com/intel/Resilient-ML-Research-Platform
Presenters: Evan Yang, Li Chen - **EKTotal **
https://github.com/nao-sec/ektotal
Presenters: Keita Nomura, Rintaro Koike - **Firmware Audit: Platform Firmware Security Automation for Blue Teams and DFIR **
https://github.com/PreOS-Security/fwaudit
Presenters: Lee Fisher (@LeeFisher_PreOS), Paul English - **MaliceIO **
https://github.com/maliceio/malice
Twitter: @maliceio
Presenter: Josh Maine - Objective-See’s MacOS Security Tools
https://github.com/objective-see
Twitter: @objective_see
Presenter: Patrick Wardle (@patrickwardle)
Malware Offense
- **BloodHound 1.5 **
https://github.com/BloodHoundAD/BloodHound
**Presenters: **Andy Robbins (@_wald0), Rohan Vazarkar (@CptJesus)
Network Attacks
- **Armory **
https://github.com/depthsecurity/armory
Presenter: Daniel Lawson (@fang0654) - **Chiron: An Advanced IPv6 Security Assessment and Penetration Testing Framework **
https://github.com/aatlasis/Chiron
Presenter: Antonios Atlasis (@AntoniosAtlasis) - **DELTA: SDN Security Evaluation Framework **
https://github.com/OpenNetworkingFoundation/DELTA
**Presenters: **Jinwoo Kim, Seungsoo Lee, Seungwon Shin, Seungwon Woo - **Mallet: An Intercepting Proxy for Arbitrary Protocols **
https://github.com/sensepost/mallet
**Presenter: **Rogan Dawes (@RoganDawes) - **PowerUpSQL: A PowerShell Toolkit for Attacking SQL Servers in Enterprise Environments **
https://github.com/NetSPI/PowerUpSQL
Presenters: Antti Rantasaari, Scott Sutherland (@_nullbind) - 📽️ **WarBerryPi **
https://github.com/secgroundzero/warberry
Presenters: Stella Constantinou, Yiannis Ioannides
Network Defense
- **ANWI (All New Wireless IDS): The $5 WIDS **
https://github.com/SanketKarpe/anwi
**Presenters: **Rishikesh Bhide, Sanket Karpe - **CHIRON: Home-Based Network Analytics & Machine Learning Threat Detection Framework **
https://github.com/jzadeh/chiron-elk
Presenters: Joseph Zadeh (@JosephZadeh), Rod Soto (@rodsoto) - **Cloud Security Suite: One Stop Tool for AWS/GCP/Azure Security Audit **
https://github.com/SecurityFTW/cs-suite
Twitter: @CS_Suite
Presenters: Divya John, Jayesh Chauhan (@jayeshsch), Shivankar Madaan (@shivankarmadaan) - **DejaVu: An Open Source Deception Framework **
https://github.com/bhdresh/Dejavu
Presenters: Bhadreshkumar Patel (@bhdresh), Harish Ramadoss (@hramados)
OSINT — Open Source Intelligence
- **DataSploit 2.0 **
https://github.com/DataSploit/datasploit
Twitter: @datasploit
Presenter: Shubham Mittal (@upgoingstar) - 📽️ **Dradis Framework: Learn How to Cut Your Reporting Time in Half **
https://github.com/dradis/dradis-ce
Twitter: @dradisfw
Presenter: Daniel Martin (@etdsoft)
Reverse Engineering
- Snake: The Malware Storage Zoo
https://github.com/countercept/snake
Presenter: Alex Kornitzer (@AlexKornitzer)
Smart Grid / Industrial Security
- 📽️ **GRFICS: A Graphical Realism Framework for Industrial Control Simulations **
https://github.com/djformby/GRFICS
Presenter: David Formby
Vulnerability Assessment
- 📽️ Adversarial Robustness Toolbox for Machine Learning Models
https://github.com/IBM/adversarial-robustness-toolbox
Presenter: Irina Nicolae - **Android Dynamic Analysis Tool (ADA) **
https://github.com/ANELKAOS/ada
Presenter: Anelkaos (@ANELKAOS1) - 📽️ **Archery: Open Source Vulnerability Assessment and Management **
https://github.com/archerysec/archerysec
Twitter: @ArcherySec
Presenter: Anand Tiwari (@anandtiwarics) - **boofuzz **
https://github.com/jtpereyda/boofuzz
**Presenter: **Joshua Pereyda (@jtpereyda) - **BTA **
https://github.com/airbus-seclab/bta
**Presenter: **Joffrey Czarny (@_Sn0rkY) - **Deep Exploit **
https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit
Presenter: Isao Takaesu (@bbr_bbq) - **Halcyon IDE: For Nmap Script Developers **
https://github.com/s4n7h0/Halcyon
Presenter: Sanoop Thomas (@s4n7h0) - 📽️ **SimpleRisk **
https://github.com/simplerisk
Twitter: @simpleriskfree
Presenter: Josh Sokol (@joshsokol) - 📽️ **TROMMEL **
https://github.com/CERTCC/trommel
Presenter: Kyle O’Meara
Web AppSec
- **A Look at ModSec 3.0 for NGINX: A Software Web Application Firewall **
https://github.com/SpiderLabs/ModSecurity
Presenter: Kevin Jones - **Astra: Automated Security Testing For REST APIs **
https://github.com/flipkart-incubator/Astra
Presenters: Ankur Bhargava (@_AnkurB), Sagar Popat (@popat_sagar) - **Burp Replicator: Automate Reproduction of Complex Vulnerabilities **
https://github.com/PortSwigger/replicator
Presenter: Paul Johnston (@paulpaj) - **OWASP Offensive Web Testing Framework **
https://github.com/owtf/owtf
Twitter: @owtfp
Presenter: Viyat Bhalodia (@viyat) - **OWASP JoomScan Project **
https://github.com/rezasp/joomscan
Twitter: @OWASP_JoomScan
Presenters: Babak Amin Azad, Mohammad Reza Espargham (@rezesp) , Vahid Behzadan (@vbehzadan) - **WSSAT **
https://github.com/YalcinYolalan/WSSAT
Presenters: Mehmet Yalcin YOLALAN (@yyolalan), Salih TALAY
If you haven’t looked at the selected tools, check the below embed to view the complete details of the tools and its presenters.
声明:
作者:ssooking 联系邮箱:c3Nvb2tpbmdAeWVhaC5uZXQ=
若无特殊说明,所发博文皆为原创,转载请务必注明出处、保留原文地址。欢迎交流分享!如果您有任何问题,请联系我!
作者:ssooking 联系邮箱:c3Nvb2tpbmdAeWVhaC5uZXQ=
若无特殊说明,所发博文皆为原创,转载请务必注明出处、保留原文地址。欢迎交流分享!如果您有任何问题,请联系我!
