From July 23 to 31, the most popular top information conference in the security circle, the Black Hat Conference (23-28) and the DEFCON Conference (28-31) kicked off in Las Vegas, USA.
Every year at this time, tens of thousands of hackers gather in Las Vegas. Don’t think that hackers are gamblers; they are all here for the famous “two conferences” in the security circle. It can be said that they have no interest in gambling skills, but are obsessed with “security technology”. The Black Hat Conference is recognized as the highest event in the information security industry and is also a stage for hacker experts to showcase their skills, often referred to as the “Oscar” of hackers; the DEFCON conference is also known as the “secret party of hackers”, with high-end guests, averaging over 7,000 hackers and experts from global security companies and agencies, as well as officials from the US Department of Defense, FBI, NSA, and other government agencies attending this gathering.
This article is a list of tools from the 2017 Black Hat Conference Arsenal.
Android, iOS Mobile Security
Android Tamer
https://github.com/AndroidTamer
Twitter: @AndroidTamer 61
Host: Anant Shrivastava (@anantshri)
BadIntent66—66 integrates Android with Burp
https://github.com/mateuszk87/BadIntent
Host: Mateusz Khalil (@mateuszk87)
DiffDroid
https://github.com/antojoseph/diff-droid
Host:Anto Joseph (@antojosep007)
Kwetza
https://github.com/sensepost/kwetza
Host: Chris Le Roy (@brompwnie)
Needle
https://github.com/mwrlabs/needle
Twitter: @mwrneedle
Host:Marco Lancini (@lancinimarco)
NoPE Proxy (Non-HTTP Proxy Extension)
https://github.com/summitt/Burp-Non-HTTP-Extension
Host:Josh H.S. (@null0perat0r)
Code Auditing
Puma Scan
https://github.com/pumasecurity/puma-scan
Twitter: @puma_scan
Host:Aaron Cure (@curea)Tintorera:
Intelligent Source Code Auditing Engine https://github.com/vulnex/Tintorera
Host:Simon Roses Femerling (@simonroses)
Cryptography
Hashview
https://github.com/hashview/hashview
Host: Casey Cammilleri (@CaseyCammilleri), Hans Lakhan (@jarsnah12)
Gibber Sense
https://github.com/smxlabs/gibbersense
Host: Ajit Hatti (@ajithatti)
Data Forensics and Incident Response
Answering When/Where/Who is my Insider66—66UserLine
https://github.com/THIBER-ORG/userline
Host: Chema Garcia (@sch3m4)
DefPloreX: Machine Learning Toolkit for Large-scale eCrime Forensics
https://github.com/trendmicro/defplorex
Host: Federico Maggi (@phretor), Marco Balduzzi (@embyte), Lion Gu, Ryan Flores,
Vincenzo Ciancaglini
HoneyPi
https://github.com/mattymcfatty/HoneyPi
Host: Matt South (@mattymcfatty)
PcapDB: Optimized Full Network Packet Capture Fast Efficient Retrieval
https://github.com/dirtbags/pcapdb
Host:Paul Ferrell (@pflarr), Shannon Steinfadt
SCOT (Sandia Cyber Omni Tracker) Threat Intelligence and Incident Response Management System
https://github.com/sandialabs/scot
Host:Nick Georgieff , Todd Bruner (@toddbruner)
Security Monkey
https://github.com/Netflix/security_monkey
Host:Mike Grima (@mikegrima) , Patrick Kelley (@MonkeySecurity)
ThreatResponse: Open Source Toolkit for Automated Incident Response in AWS
https://github.com/ThreatResponse
Host: Andrew Krug (@andrewkrug)
Volatile Memory Analysis at Scale66—High-Performance Forensics Platform for Windows x64 Systems
https://github.com/ShaneK2/inVtero.net
Host: Shane Macaulay (@ktwo_K2)
Yalda66—66Automated Bulk Intelligent Collection
https://github.com/gitaziabari/Yalda
Host: Gita Ziabari (@gitaziabri)
Exploitation and Ethical Hacking
AVET66—66Anti-Virus Bypass Tool
https://github.com/govolution/avet
Host:Daniel Sauder (@DanielX4v3r)
Building C2 Environment with Warhorse
https://github.com/war-horse/warhorse
Host: Ralph May (@ralphte1)
Cumulus66—66Cloud Exploitation Toolkit
https://github.com/godinezj/metasploit-framework/tree/cumulus
Host: Javier Godinez (@isomorphix)
GDB Enhancements (GEF)
https://github.com/hugsy/gef
Host: Chris Alladoum (@_hugsy_)
Leviathan Framework
https://github.com/leviathan-framework/leviathan
Host:Ozge Barbaros (@ozgebarbaros), Utku Sen (@utku1337)
MailSniper
https://github.com/dafthack/MailSniper
Host:Beau Bullock (@dafthack)
Rattler
https://github.com/sensepost/rattler
Host:Chris Le Roy (@brompwnie)
Seth
https://github.com/SySS-Research/Seth
Host: Adrian Vollmer (@AdrianVollmer)
Hardware, Embedded
ChipWhisperer
https://github.com/newaetech/chipwhisperer
Host:Colin O’Flynn (@colinoflynn)
DYODE: A DIY, Low-Cost Data Diode for Industrial Control Systems
https://github.com/arnaudsoullie/dyode
Host:Arnaud Soullié (@arnaudsoullie), Ary Kokos ()
FTW: WAF Testing Framework
https://github.com/fastly/ftw
Host:Chaim Sanders, Zack Allen (@teachemtechy)
The Bicho: Advanced Automotive Backdoor Generator
https://github.com/UnaPibaGeek/CBM
Host:Claudio Caracciolo (@holesec), Sheila Ayelen Berta (@UnaPibaGeek)
Social Engineering
IsThisLegit
https://github.com/duo-labs/isthislegit
Host:Jordan Wright (@jw_sec), Mikhail Davidov (@sirus)
IoT
Hacker Mode
https://github.com/xssninja/Alexa-Hacker-Mode
Host:David Cross (@10rdV4d3r)
Universal Radio Hacker: Investigate Wireless Protocols Like a Boss
https://github.com/jopohl/urh
Host:Johannes Pohl (@jopohl)
Malware Defense
Open Source Machine Learning and Proactive Defense Tools
https://github.com/jzadeh/Aktaion
Host:Joseph Zadeh (@JosephZadeh), Rod Soto (@rodsoto)
Cuckoodroid
https://github.com/idanr1986/cuckoo-droid
Host: Idan Revivo (@idanr86)
Cuckoo Sandbox
https://github.com/cuckoosandbox/cuckoo
Twitter: @cuckoosandbox
Host:Jurriaan Bremer (@skier_t)
LimaCharlie
https://github.com/refractionPOINT/limacharlie
Twitter: @rp_limacharlie
Host:Maxime Lamothe-Brassard (@_maximelb)
Malboxes
https://github.com/GoSecure/malboxes
Host:Olivier Bilodeau (@obilodeau)
Malware Attacks
Empty-Nest: New Payload Generator
https://github.com/empty-nest/emptynest
Host: James Cook (@_jbcook), Tom Steele (@_tomsteele)
Network Attacks
BloodHound 1.3
https://github.com/BloodHoundAD/BloodHound
Host: Andy Robbins (@_wald0), Rohan Vazarkar (@CptJesus), Will Schroeder (@harmj0y)
CrackMapExec v4
https://github.com/byt3bl33d3r/CrackMapExec
Host:Marcello Salvati (@byt3bl33d3r)
DELTA: SDN Security Assessment Framework
https://github.com/OpenNetworkingFoundation/DELTA
Host:Jinwoo Kim, Seungsoo Lee, Seungwon Shin
eaphammer
https://github.com/s0lst1c3/eaphammer
Host: Gabriel Ryan (@s0lst1c3)
GoFetch
https://github.com/GoFetchAD/GoFetch
Host:Tal Maor (@talthemaor)
gr-lora: LoRa PHY Open Source SDR Implementation
https://github.com/BastilleResearch/gr-lora
Host: Matt Knight (@embeddedsec)
Yasuo
https://github.com/0xsauby/yasuo
Host: Saurabh Harit (@0xsauby)
Network Defense
Assimilator
https://github.com/videlanicolas/assimilator
Host:Nicolas Videla (@jsusvidela)
Noddos
https://github.com/noddos/noddos
Host:Steven Hessing
SITCH: Distributed GSM Reverse Monitoring
https://github.com/sitch-io/sensor
Twitter: @sitch_io
Host:Ash Wilson (@ashmastaflash)
Sweet Security
https://github.com/TravisFSmith/SweetSecurity
Host:Travis Smith (@MrTrav)
OSINT66—66Open Source Intelligence
Datasploit66: Automated OSINT Tool
https://github.com/DataSploit/datasploit
Twitter: @datasploit
Host:Shubham Mittal (@upgoingstar)
Dradis: Helping Security Teams Spend More Time Testing and Less Time Reporting for 10 Years
https://github.com/dradis/dradis-ce
Twitter: @dradisfw
Host:Daniel Martin (@etdsoft)
OSRFramework: Open Source Research Framework
https://github.com/i3visio/osrframework
Host:Félix Brezo Fernández (@febrezo), Yaiza Rubio Viñuela (@yrubiosec)
Reverse Engineering
BinGrep
https://github.com/m4b/bingrep
Host:Hiroki Hada
FLARE VM
https://github.com/fireeye/flare-vm
Host: Peter Kacherginsky (@_iphelix)
Vulnerability Assessment
Aardvark and Repokid
https://github.com/Netflix-Skunkworks/aardvark
https://github.com/Netflix/repokid
Host: Patrick Kelley (@MonkeySecurity), Travis McPeak (@travismcpeak)
BugBot66—66Background Running Kubernetes Scalable Automated Testing Slackbot
https://github.com/anshumanbh/kubebot
Host:Anshuman Bhartiya (@anshuman_bh)
Can Check IBM i (AS/400) Machines Hack/400 and IBMiScanner Tools
https://github.com/hackthelegacy/hack400tool
Host:Bart Kulach (@bartholozz)
PowerSAP: PowerShell Tool for Evaluating SAP Security
https://github.com/airbus-seclab/powersap
Host: Joffrey Czarny (@Sn0rkY)
SERPICO
https://github.com/SerpicoProject/Serpico
Twitter: @SerpicoProject
Host: Peter Arzamendi (@thebokojan), Will Vandevanter (@0xRST)
SimpleRisk
https://github.com/simplerisk/code
Twitter: @simpleriskfree
Host:Josh Sokol (@joshsokol)
Web Security
BurpSmartBuster: A Smart Way to Find Hidden Treasures
https://github.com/pathetiq/BurpSmartBuster
Host:Patrick Mathieu (@pathetiq)
CSP Auditor
https://github.com/GoSecure/csp-auditor
Host: Philippe Arteau (@h3xstream)
Easily Exploit Timing Attacks in Web Applications with the ‘timing_attack’ Gem
https://github.com/ffleming/timing_attack
Host:Forrest Fleming (@ffleming)
Fuzzapi66—66Fuzz RESTAPI Tool
https://github.com/lalithr95/fuzzapi
Twitter: @Fuzzapi0x00
Host:Abhijeth Dugginapeddi (@abhijeth), Lalith Rallabhandi (@lalithr95), Srinivas Rao (@srini0x00)
Offensive Web Testing Framework (OWASP OWTF)
https://github.com/owtf/owtf
Twitter: @owtfp
Host:Viyat Bhalodia (@viyat)
PyMultiTor
https://github.com/realgam3/pymultitor
Host: Tomer Zait (@realgam3)
ThreadFix Web Application Attack Surface Analysis Tool
https://github.com/denimgroup/threadfix
Twitter: @ThreadFix
Host:Dan Cornell (@danielcornell)
WaToBo: Web Application Toolbox
https://github.com/siberas/watobo
Host:Andreas Schmidt (@_znow)
WSSiP: WebSocket Operation Proxy
https://github.com/nccgroup/wssip
Host: Samantha Chalker (@itsisatis)
END
Shenzhen Extreme Network Technology Co., Ltd. focuses on the research of system-level and network attack and defense technology. It is an information security operation service provider that combines network security with big data artificial intelligence. Since its establishment, it has provided comprehensive network security solutions and professional security services for key information infrastructure, government departments, large and medium-sized enterprises, and key industries in China.
Leave a Comment
Your email address will not be published. Required fields are marked *