Awesome List Updates on May 11 - May 17, 2015

22 awesome lists updated this week.

🏠 Home · 🔍 Search · 🔥 Feed · 📮 Subscribe · ❤️ Sponsor

1. Awesome IoT Hybrid

Hybrid Desktop / Resources-websites-projects

• Electron (⭐104k)

• Chromium Embedded Framework

2. Es6 Tools

Editors / Brunch Plugins

• ES6 syntax support in WebStorm and PhpStorm, compilation to ES5 with file watchers or task runners

3. Awesome Swift

Audio

• AudioPlayer (⭐718) - A wrapper around AVPlayer with some cool features.

4. Awesome Flexbox

W3C Specification

• CSS Flexible Box Layout Module Level 1

Cross Browser / Preprocessors in action

• Sass flex mixin (⭐1.1k)

Tools / Slides and Notes

• Fibonacci (⭐438)

5. Awesome Malware Analysis

Malware Collection / Anonymizers

• Anonymouse.org - A free, web based anonymizer.

• OpenVPN - VPN software and hosting solutions.

• Privoxy - An open source proxy server with some privacy features.

• Tor - The Onion Router, for browsing the web without leaving traces of the client IP.

Malware Collection / Honeypots

• Mnemosyne (⭐44) - A normalizer for honeypot data; supports Dionaea.

• Thug (⭐967) - Low interaction honeyclient, for investigating malicious websites.

Malware Collection / Malware Corpora

• Contagio - A collection of recent malware samples and analyses.

• Exploit Database - Exploit and shellcode samples.

• Zeltser's Sources - A list of malware sample sources put together by Lenny Zeltser.

Open Source Threat Intelligence / Other Resources

• CI Army (list) - Network security blocklists.

• hpfeeds (⭐208) - Honeypot feed protocol.

• Internet Storm Center (DShield) - Diary and searchable incident database, with a web API. (unofficial Python library (⭐24)).

• malc0de - Searchable incident database.

• Malware Domain List - Search and share malicious URLs.

• ZeuS Tracker - ZeuS blocklists.

Detection and Classification / Other Resources

• AnalyzePE (⭐201) - Wrapper for a variety of tools for reporting on Windows PE files.

• chkrootkit - Local Linux rootkit detection.

• ExifTool - Read, write and edit file metadata.

• hashdeep (⭐694) - Compute digest hashes with a variety of algorithms.

• nsrllookup (⭐110) - A tool for looking up hashes in NIST's National Software Reference Library database.

• Rootkit Hunter - Detect Linux rootkits.

• TrID - File identifier.

• YARA - Pattern matching tool for analysts.

Online Scanners and Sandboxes / Other Resources

• Cuckoo Sandbox - Open source, self hosted sandbox and automated analysis system.

• Recomposer (⭐130) - A helper script for safely uploading binaries to sandbox sites.

• VirusTotal - Free online analysis of malware samples and URLs

• Zeltser's List - Free automated sandboxes and services, compiled by Lenny Zeltser.

Domain Analysis / Other Resources

• Dig - Free online dig and other network tools.

• IPinfo (⭐95) - Gather information about an IP or domain by searching online resources.

• Whois - DomainTools free online whois search.

• Zeltser's List - Free online tools for researching malicious websites, compiled by Lenny Zeltser.

Browser Malware / Other Resources

• Java Decompiler - Decompile and inspect Java apps.

• Java IDX Parser (⭐39) - Parses Java IDX cache files.

• JSDetox - JavaScript malware analysis tool.

• jsunpack-n (⭐158) - A javascript unpacker that emulates browser functionality.

• Malzilla - Analyze malicious web pages.

• RABCDAsm (⭐427) - A "Robust ActionScript Bytecode Disassembler."

• swftools - Tools for working with Adobe Flash files.

• xxxswf - A Python script for analyzing Flash files.

Documents and Shellcode / Other Resources

• AnalyzePDF (⭐171) - A tool for analyzing PDFs and attempting to determine whether they are malicious.

• diStorm - Disassembler for analyzing malicious shellcode.

• JS Beautifier - JavaScript unpacking and deobfuscation.

• libemu - Library and tools for x86 shellcode emulation.

• malpdfobj (⭐51) - Deconstruct malicious PDFs into a JSON representation.

• OfficeMalScanner - Scan for malicious traces in MS Office documents.

• olevba - A script for parsing OLE and OpenXML documents and extracting useful information.

• Origami PDF - A tool for analyzing malicious PDFs, and more.

• PDF Tools - pdfid, pdf-parser, and more from Didier Stevens.

• PDF X-Ray Lite (⭐34) - A PDF analysis tool, the backend-free version of PDF X-RAY.

• peepdf - Python tool for exploring possibly malicious PDFs.

• Spidermonkey - Mozilla's JavaScript engine, for debugging malicious JS.

File Carving / Other Resources

• bulk_extractor (⭐1k) - Fast file carving tool.

• EVTXtract (⭐176) - Carve Windows Event Log files from raw binary data.

• Foremost - File carving tool designed by the US Air Force.

• Scalpel (⭐612) - Another data carving tool.

Debugging and Reverse Engineering / Other Resources

• Evan's Debugger (EDB) - A modular debugger with a Qt GUI.

• GDB - The GNU debugger.

• IDA Pro - Windows disassembler and debugger, with a free evaluation version.

• Immunity Debugger - Debugger for malware analysis and more, with a Python API.

• ltrace - Dynamic analysis for Linux executables.

• objdump - Part of GNU binutils, for static analysis of Linux binaries.

• OllyDbg - An assembly-level debugger for Windows executables.

• Process Monitor - Advanced monitoring tool for Windows programs.

• Pyew (⭐380) - Python tool for malware analysis.

• Radare2 - Reverse engineering framework, with debugger support.

• Udis86 (⭐999) - Disassembler library and tool for x86 and x86_64.

• Vivisect (⭐908) - Python tool for malware analysis.

Network / Other Resources

• INetSim - Network service emulation, useful when building a malware lab.

• Malcom (⭐1.1k) - Malware Communications Analyzer.

• mitmproxy - Intercept network traffic on the fly.

• NetworkMiner - Network forensic analysis tool, with a free version.

• ngrep (⭐864) - Search through network traffic like grep.

• Tcpdump - Collect network traffic.

• tcpick - Trach and reassemble TCP streams from network traffic.

• tcpxtract - Extract files from network traffic.

• Wireshark - The network traffic analysis tool.

Memory Forensics / Other Resources

• FindAES - Find AES encryption keys in memory.

• Muninn (⭐51) - A script to automate portions of analysis using Volatility, and create a readable report. Orochi (⭐208) - Orochi is an open source framework for collaborative forensic memory dump analysis.

• Rekall - Memory analysis framework, forked from Volatility in 2013.

• TotalRecall (⭐49) - Script based on Volatility for automating various malware analysis tasks.

• Volatility (⭐7k) - Advanced memory forensics framework.

Windows Artifacts / Other Resources

• python-evt (⭐46) - Python library for parsing Windows Event Logs.

• python-registry - Python library for parsing registry files.

• RegRipper (GitHub) - Plugin-based registry analysis tool.

Storage and Workflow / Other Resources

• Malwarehouse (⭐131) - Store, tag, and search malware.

• Viper - A binary management and analysis framework for analysts and researchers.

Miscellaneous / Other Resources

• REMnux - Linux distribution and docker images for malware reverse engineering and analysis.

Books / Other Resources

• Malware Analyst's Cookbook and DVD - Tools and Techniques for Fighting Malicious Code.

• The Art of Memory Forensics - Detecting Malware and Threats in Windows, Linux, and Mac Memory.

• The IDA Pro Book - The Unofficial Guide to the World's Most Popular Disassembler.

Other / Other Resources

• Honeynet Project - Honeypot tools, papers, and other resources.

• Malicious Software - Malware blog and resources by Lenny Zeltser.

• Malware Analysis Search - Custom Google search engine from Corey Harrell.

• WindowsIR: Malware - Harlan Carvey's page on Malware.

• /r/Malware - The malware subreddit.

• /r/ReverseEngineering - Reverse engineering subreddit, not limited to just malware.

• Android Security (⭐7.9k)

• Pentesting (⭐21k)

• Security (⭐12k)

6. Awesome Courses

Courses / Machine Learning

• CS 224d Deep Learning for Natural Language Processing Stanford University
  • Natural language processing (NLP) is one of the most important technologies of the information age. Understanding complex language utterances is also a crucial part of artificial intelligence. Applications of NLP are everywhere because people communicate most everything in language: web search, advertisement, emails, customer service, language translation, radiology reports, etc. There are a large variety of underlying tasks and machine learning models powering NLP applications. Recently, deep learning approaches have obtained very high performance across many different NLP tasks. These models can often be trained with a single end-to-end model and do not require traditional, task-specific feature engineering. In this spring quarter course students will learn to implement, train, debug, visualize and invent their own neural network models. The course provides a deep excursion into cutting-edge research in deep learning applied to NLP.
  • Syllabus
  • Lectures and Assignments

7. Awesome Gametalks

GDC Talks / Table of Contents

• [2015] Scroll Back: The Theory and Practice of Cameras in Side-Scrollers: Itay Keren (Untame)

8. Awesome Electron

Videos / Other

• Packaging and Distributing Electron Desktop Apps

9. Awesome R

Integrated Development Environments

• StatET - An Eclipse based IDE for R.

10. Awesome Appsec

Books

Cryptography Engineering (2010)

Released: March 15, 2010

Develops a sense of professional paranoia while presenting crypto design techniques.

Classes

Offensive Computer Security (CIS 4930) FSU

A vulnerability research and exploit development class by Owen Redwood of Florida State University.

Be sure to check out the lectures!

Websites

SecurePasswords.info

Secure passwords in several languages/frameworks.

Security News Feeds Cheat-Sheet

A list of security news sources.

Open Security Training

Video courses on low-level x86 programming, hacking, and forensics.

Blogs

Paragon Initiative Enterprises Blog

The blog of our technology and security consulting firm based in Orlando, FL

ircmaxell's blog

A blog about PHP, Security, Performance and general web application development.

Pádraic Brady's Blog

Pádraic Brady is a Zend Framework security expert

Articles

20 Point List For Preventing Cross-Site Scripting In PHP (2013)

Released: April 22, 2013

Padriac Brady's advice on building software that isn't vulnerable to XSS

25 PHP Security Best Practices For Sys Admins (2011)

Released: November 23, 2011

Though this article is a few years old, much of its advice is still relevant as we veer around the corner towards PHP 7.

PHP data encryption primer (2014)

Released: June 16, 2014

@timoh6 explains implementing data encryption in PHP

Books and ebooks

Securing PHP: Core Concepts

Securing PHP: Core Concepts acts as a guide to some of the most common security terms and provides some examples of them in every day PHP.

Useful libraries

thephpleague/oauth2-server (⭐6.2k)

A secure OAuth2 server implementation

11. Awesome Ocaml

Regular Expressions

• Humane-re (⭐25) – Humane-re attempts to provide an easy interface for 90% of your regex needs. Courtesy of ocaml-re.

12. Awesome Ripple

Hosted Tools

• GateHub

• Ripple Live (GateHub)

13. Awesome Purescript

Build Tooling

• pulp (⭐448)

• grunt-purescript (⭐10)

• gulp-purescript (⭐34)

• purs-loader (⭐185) for webpack

UI Libraries

• purescript-thermite (⭐353) - A simple wrapper for ReactJS inspired by react-blaze.

Learning Resources

• Video - "PureScript (Maybe This Time We Get JavaScript Right)" by Bodil Stokke

• Book - "PureScript by Example" by Phil Freeman

14. Awesome Rest

Ruby Clients

• RESTClient (⭐5.2k) - Simple HTTP and REST client for Ruby, inspired by microframework syntax for specifying actions.

• Spyke (⭐899) - Interact with REST services in an ActiveRecord-like manner.

• excon (⭐1.2k) - Usable, fast, simple Ruby HTTP 1.1. It works great as a general HTTP(s) client and is particularly well suited to usage in API clients.

Go Clients

• gopencils (⭐452) - Small and simple package to easily consume REST APIs.

Python / Symfony2

• django-tastypie - Creating delicious APIs for Django apps.

• sandman (⭐2.3k) - Automated REST APIs for existing database-driven systems.

15. Awesome Json

Databases

• JSON Server (⭐71k) - Get a full fake REST API with zero coding in less than 30 seconds.

16. Awesome Android Ui

Layout

• Name: PhysicsLayout (⭐679)

  License: Apache License V2

  Demo:

ViewPager

• Name: MaterialViewPager (⭐8.2k)

  License: Apache License V2

  Demo:

Label / Form

• Name: SizeAdjustingTextView (⭐257)

  License: GNU License

  Demo: NONE

Progress

• Name: ElasticDownload (⭐1.7k)

  License: Apache License V2

  Demo:

Animation

• Name: Cross View (⭐322)

  License: Apache License V2

  Demo:

17. BEM Resources

Articles

• Working with BEM at Scale — Advice From Top Developers

Repos, CodePens and Things / Repos

• BEM Grid (⭐136)

18. Awesome Atom

Lint

• JavaScript — eslint

19. Motion Ui Design

Libraries / SVG

• SnapSVG — JavaScript library makes working with your SVG assets as easy as jQuery makes working with the DOM.
  • How to Manipulate and Animate SVG With Snap.svg

Guidelines / SVG

• MacOS
  • OS X Human Interface Guidelines: Animation

• Apple Watch
  • Specifications: Animations

20. Awesome Clojurescript

Awesome ClojureScript / Testing

• Speclj (⭐424) – A TDD/BDD framework for Clojure and ClojureScript.

21. Awesome Answers

Programming Languages / Ruby

• Ruby craziness: Class vs Object?

22. Awesome Ruby

CLI Builder

• Commander (⭐822) - The complete solution for Ruby command-line executables.

DevOps Tools

• Ruby-LXC (⭐133) - Native ruby binding for Linux containers.

Profiler and Optimization

• Derailed Benchmarks (⭐3k) - A series of things you can use to benchmark any Rack based app.

• Prev: May 18 - May 24, 2015
• Next: May 04 - May 10, 2015