Technical details of exploits and distributed malicious systems, together with associated discovery and analysis approaches.
SecGen creates vulnerable virtual machines, lab environments, and hacking challenges, so students can learn security penetration testing techniques. Boxes like Metasploitable2 are always the same, this project uses Vagrant, Puppet, and Ruby to create randomly vulnerable virtual machines that can be used for learning or for hosting CTF events.
TripleCross is a Linux eBPF rootkit that demonstrates the offensive capabilities of the eBPF technology. It features backdoor, C2, library injection, execution hijacking, persistence and stealth capabilities.
Malware often tries to hide itself from other software, for example, anti-virus. How can a process hide from other processes whilst it is running?
Malware may hide itself or information it has gathered in files. How can this be done whilst still keeping the data accessible to the malware?
Malware often tries to conceal its communication from other software and network devices. How can malware achieve this whilst still being able to send and receive information?
FLARE VM is a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc.
Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.
Understand the limitations of eBPF-based tools and how adversaries may bypass them.
Hack The Box is a massive, online cybersecurity training platform, allowing individuals, companies, universities and all kinds of organizations around the world to level up their hacking skills.
Published weekly, the Risky Business podcast features news and in-depth commentary from security industry luminaries. Hosted by award-winning journalist Patrick Gray, Risky Business has become a must-listen digest for information security professionals.
mitmproxy is a free and open source interactive HTTPS proxy. You can use it on the command line, through a web interface, or through a Python API.
Many different executable packers exist. They may compress, encrypt or obfuscate the underlying binary. Malware authors may use either off-the-shelf packers or custom packers to avoid detection. One example packer is UPX, a free, portable, extendable, high-performance executable packer for several executable formats. If you've got more time, try analysing or debugging the binary.
Objective-See is a non-profit that creates simple, effective macOS security tools. Their tools are free and open-source.
Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. They provide comprehensive write-ups of the vulnerabilities they discover, and their work to work with the wide community to remediate them.
The "Art of Mac Malware" was created to provide a comprehensive resource about threats targeting Apple's desktop OS. Dedicated to the community, it is a culmination of over a decade of macOS security research.
The Cyber Security Body Of Knowledge is a comprehensive Body of Knowledge to inform and underpin education and professional training for the cyber security sector. The CyBOK project aims to bring cyber security into line with the more established sciences by distilling knowledge from major internationally-recognised experts to form a Cyber Security Body of Knowledge that will provide much-needed foundations for this emerging topic. The project, funded by the National Cyber Security Programme, is led by the University of Bristol's Professor Awais Rashid, along with other leading cyber security experts - including Professor Andrew Martin, Professor Steve Schneider, Dr Yulia Cherdantseva, Dr Rod Chapman and Dr Marina Krotofil.
The goal of BDF is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state.
Capstone is a lightweight multi-platform, multi-architecture disassembly framework.
Frida is a dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. Inject your own scripts into black box processes. Hook any function, spy on crypto APIs or trace private application code, no source code needed. Edit, hit save, and instantly see the results. All without compilation steps or program restarts.
Metasploit is the world’s most used penetration testing framework.
A free/libre toolchain for easing several low level tasks like forensics, software reverse engineering, exploiting, debugging etc.