Awesome List Updates on Feb 14, 2022

12 awesome lists updated today.

🏠 Home · 🔍 Search · 🔥 Feed · 📮 Subscribe · ❤️ Sponsor

1. Awesome Vehicle Security

Presentations

• Analysis and Defense of Automotive Networks - Overview of CAN, security, and potential intrusion detection approaches at BSides Knoxville 2020

Research Papers

• CAN-D: A Modular Four-Step Pipeline for Comprehensively Decoding Controller Area Network Data

• Time-Based CAN Intrusion Detection Benchmark

• Addressing the Lack of Comparability & Testing in CAN Intrusion Detection Research: A Comprehensive Guide to CAN IDS Data & Introduction of the ROAD Dataset

Conferences

• Cyber Truck Challenge - Conference that focuses on heavy vehicle cybersecurity issues. Includes hands-on assessments of heavy vehicles and subsystems.

Miscellaneous / Episodes

• Real ORNL Automotive Dynamometer (ROAD) CAN Intrusion Dataset

• CAN DoS Fuzzing Attack Video

• ECU Reflashing Detector Demo

Libraries and Tools / C++

• CANdevStudio (⭐816) - Development tool for CAN bus simulation. CANdevStudio enables to simulate CAN signals such as ignition status, doors status or reverse gear by every automotive developer.

Libraries and Tools / Java

• ITS Geonetworking (⭐98) - ETSI ITS G5 GeoNetworking stack, in Java: CAM-DENM / ASN.1 PER / BTP / GeoNetworking

2. Awesome Tmux

Plugins

• tmux-browser (⭐81) Web browser sessions attached to tmux sessions.

3. Awesome Ruby

Date and Time Processing

• montrose (⭐842) - a simple library for expressing, serializing, and enumerating recurring events in Ruby.

• stamp (⭐968) - Format dates and times based on human-friendly examples, not arcane strftime directives.

4. Awesome Malware Persistence

Techniques / Generic

• MITRE ATT&CK tactic "TA0003 - Persistence" - MITRE ATT&CK tactic "TA0003 - Persistence".

• Sigma rules (⭐8k) - Sigma rules which covers persistence techniques. You can even use filters such as --filter tag=attack.persistence or specifically for one technique tag=attack.t1084.

Techniques / Linux

• Linux Malware Persistence with Cron - Blog post about linux persistence using cron jobs.

Techniques / Windows

• Windows Persistence using WinLogon - Blog post about abusing WinLogon.

• Persistence using GlobalFlags in Image File Execution Options – Hidden from Autoruns.exe - Blog post about abusing GlobalFlag for process execution.

• Uncovering a MyKings Variant With Bootloader Persistence via Managed Detection and Response - Blog post about bootloader persistence.

• Various blog posts about COM/CLSID hijacking
  • COM Object hijacking: the discreet way of persistence, 2014
  • Persistence – COM Hijacking, 2020
  • Abusing COM hijacking in combination with scheduled tasks, 2016

• Hunting for persistence via Microsoft Exchange Server or Outlook - Blog post about Microsoft Exchange server persistence.

Persistence Removal / Generic

• Awesome Incident Response (⭐7.5k) - Use the tools and resources for security incident response, aimed to help security analysts and DFIR teams.

Persistence Removal / Windows

• PowerSponse (⭐37) - PowerSponse includes various commands for cleanup of persistence mechanisms.

• Removing Backdoors – Powershell Empire Edition - Various blog posts handle the removal of WMI implants.

• RegDelNull - Removal of registry keys with null bytes - used e.g. in run keys for evasion.

Detection Testing / Windows

• Atomic Red Team (⭐9.5k) - Atomic Red Team supports also the MITRE ATT&CK persistence techniques, see e.g. T1044 "File System Permissions Weakness" (⭐9.5k).

Collection / Generic

• Awesome Forensics (⭐3.8k) - Use the tools from this list which includes awesome free (mostly open source) forensic analysis tools and resources. They help collecting the persistence mechanisms at scale, e.g. by using remote forensics tools.

• osquery - Query persistence mechanisms on clients.

• OSSEC (⭐4.4k) - Use rules and logs from the HIDS to detection configuration changes.

Collection / Windows

• PowerShell Autoruns (⭐248) - A PowerShell version of Autoruns.

• KAPE - The tool allows collecting various predefined artifactgs using targets and modules, see KapeFiles (⭐628) which include persistence mechanisms, among others there's a collection of LNK files (⭐628), scheduled task files (⭐628) and scheduled task listing (⭐628) or a WMI repository auditing (⭐628) module.

5. Awesome List

Front-End Development

• lit (⭐1.5k) - Library for building web components with a declarative template system.

Back-End Development

• Laravel (⭐12k) - PHP framework.
  • Education (⭐388)
  • TALL Stack (⭐906) - Full-stack development solution featuring libraries built by the Laravel community.

• Vapor (⭐1.2k) - Server-side development in Swift.

Computer Science

• Speech and Natural Language Processing (⭐2.2k)
  • Spanish (⭐328)
  • NLP with Ruby (⭐1k)
  • Question Answering (⭐751) - The science of asking and answering in natural language with a machine.
  • Natural Language Generation (⭐450) - Generation of text used in data to text, conversational agents, and narrative generation applications.

Big Data

• Big Data (⭐13k)

Gaming

• Construct 2 (⭐70) - Game engine.

Testing

• k6 (⭐561) - Open-source, developer-centric performance monitoring and load testing solution.

Miscellaneous

• Analytics (⭐3.9k)

• Data Visualization (⭐3.7k)

• Product Design (⭐2.3k) - Design a product from the initial concept to production.

• QR Code (⭐91) - A type of matrix barcode that can be used to store and share a small amount of information.

Related

• Awesome Viewer - A visualizer for all of the above Awesome lists.

6. Awesome Agi Cocosci

NYU / Commonsense Knowledgebase

• Ernest Davis - Department of Computer Science, Courant Institute of Mathematical Sciences, NYU.

7. Awesome React Components

Boilerplate / Mouse Events

• nx - Next generation build system with first class monorepo support and powerful integrations.

8. Awesome Cpp

Graphics

• Skia (⭐9.1k) - A complete 2D graphic library for drawing Text, Geometries, and Images. [BSD] website

9. Awesome Ebpf

Articles and Presentations / Generic eBPF Presentations and Articles

• Cloudflare's blog posts on eBPF - Different blog posts about networking use cases and low-level aspects of eBPF.

• Linux Extended BPF (eBPF) Tracing Tools - An in-depth collection of information around examples of performance analysis tools using eBPF. Contains also a section at the end of the page about other resources.

eBPF Workflow: Tools and Utilities / eBPF on Other Platforms

• eBPF for Windows (⭐2.7k) - This project is a work-in-progress that allows using existing eBPF toolchains and APIs familiar in the Linux ecosystem to be used on top of Windows.

Projects Related to eBPF / Security

• Falco - A cloud-native runtime security project used as a Kubernetes threat detection engine.

• Sysmon for Linux (⭐1.7k) - A security monitoring tool. It depends on SysinternalsEBPF (⭐224).

• Red Canary Linux Agent - Red Canary has started to incorporate eBPF to their Linux security sensor.

• Tracee (⭐3.4k) - A runtime security and forensics tool for Linux which uses eBPF technology to trace the system and applications at runtime, and analyze collected events to detect suspicious behavioral patterns.

• redcanary-ebpf-sensor (⭐94) - A set of BPF programs that gather security relevant event data from the Linux kernel. The BPF programs are combined into a single ELF file from which individual probes can be selectively loaded, depending on the running operating system and kernel version.

• bpflock - Lock Linux machines (⭐135) - An eBPF driven security tool for locking and auditing Linux machines.

Projects Related to eBPF / Tools

• bpftrace - A tool for tracing with its own high-level tracing language. It is flexible enough to be envisioned as a Linux replacement for DTrace and SystemTap.
  • bpftrace Cheat Sheet - Summary and cheat sheet for programming in bpftrace. Contains information about syntax, probe types, variables and functions.

• Embrace The Red: Offensive BPF! - A series of posts around the introduction into BPF with a focus to an offensive setting, and also how its misuse can be detected. Posts include discussions on the rootkit capabilities of eBPF, or on which tracing type is needed for different use cases.

• eBPF: Block Linux Fileless Payload "Malware" Execution with BPF LSM - Blog post about how BPF can help detection and blocking fileless malware.

• Blackhat 2021: With Friends Like eBPF, Who Needs Enemies? - Talk about an eBPF rootkit and how the capabilities of eBPF could be abused. The rootkit was also the object of a talk at Defcon, eBPF, I thought we were friends !.

• ebpfkit (⭐714) - A rootkit that leverages multiple eBPF features to implement offensive security techniques.

• ebpfkit-monitor (⭐118) - An utility to statically analyze eBPF bytecode or monitor suspicious eBPF activity at runtime. It was specifically designed to detect ebpfkit.

• Bad BPF (⭐504) - A collection of malicious eBPF programs that make use of eBPF's ability to read and write user data in between the usermode program and the kernel.

10. Awesome Snmp

Publications / Books

• The Networknomicon, or SNMP Mastery by Abdul Alhazred and Michael W. Lucas - The Simple Network Management Protocol, SNMP, empowers you to invoke ancient standards from the void. SNMP exposes the secrets of your network and servers, and--if you're careless--reconfigures them into unspeakable nightmares. It exposes your inadequate brain to the vast alien dimensions underlying modern computing.

• SNMP Mastery by Michael W. Lucas - SNMP, Simple Network Management Protocol, Four lies in one acronym?

11. Public Apis

Books

• API: Wizard World

  Description: Get information from the Harry Potter universe

  Auth: No

  HTTPS: Yes

  CORS: Yes

12. Awesome Purescript

Binary Serialization

• purescript-arraybuffer-builder (⭐4) - Builder for serializing ArrayBuffer

• purescript-parsing-dataview (⭐3) - Parser for deserializing ArrayBuffer

• purescript-protobuf (⭐47) - Google Protocol Buffers

• Prev: Feb 15, 2022
• Next: Feb 13, 2022