Hacking

Don’t ask me how I got this list … 😶

If you have any tips for what list should include, please use the contact page to get in touch with me.

Software and tools

The Cyber Swiss Army Knife

• Cyberchef - A must-have web application developed by the British GCHQ for encryption, encryption, compression and data analysis applications.

Hex editors

• XXD - Linux tool for making hexdumps
• HexEdit - CLI hex editor for Linux
• Bless - GUI hex editor for Linux
• HxD - GUI hex editor for Windows
• Hex Fiend - GUI hex editor for MacOS

PE analysis

• PE Studio - Tool for initial malware triage
• CFF Explorer - Parser and editor for Windows PE binaries

Disassemblers

• IDA - nteractive Disassembler for various executable file formats and architectures
• Ghidra - Reverse engineering tool developed by the US National Security Agency (NSA)

Dynamic Analysis

• x64 Debugger - Windows Tool for debugging binaries
• Fakenet - Tool for simulating generic internet services in a lab environment developed by FireEye
• iNetSIM - Tool for simulating generic internet services in a lab environment

Networkanalysis

• WireShark - Tool for analyzing network protocols
• Networkminer - Passive sniffer and packet capturing tool. Also suitable for exploring network traffic
• Moloch - Tool for capturing, indexing and searching network traffic
• Brimsecurity - Desktop application for indexing and searching network traffic
• Snort - Open-source Intrusion Detection System (IDS), Intrusion Prevention System (IPS)
• Suricata - Open-source Intrusion Detection System (IDS), Intrusion Prevention System (IPS) and Network Security Monitor (NSM)
• Zeek - Open-source Network Security Monitor (NSM)

Data analysis and visualization

• Kibana - Tool for exploring and visualizing Elasticsearch data
• Elasticsearch - Open-source distributed search engine for various types of data

Operating Systems

• SIFT - Linux OS provided with various Digital Forensics and Incident Response tooling developed by SANS
• REMNUX - Linux OS provides various malware analysis tools
• Kali - Linux OS providing various Penetration Testing and Ethical Hacking tools
• FlareVM - Windows OS provides various malware analysis tools

Analyze mobile apps

• JD-GUI - Open-source Java Disassembler for rebuilding “.class” files
• APKTool - Tool for reverse engineering APK files
• Dex2Jar - Open-source tool to turn Android Dex files into Jar files.

Memory Forensics

• Volatility - Open-source memory forensics toolkit
• Rekall - Open-source memory forensics framework, includes additional functions for Forensics and Incident Response

Forensics

• The Sleuth Kit - A collection of CLI tools for forensics on disk images
• FTK Imager - A data preview and imaging tool that lets you quickly assess electronic evidence to determine if further analysis with a forensic tool

Virtualization

• VMWare Player - Virtualization software for Linux, Windows and MacOS
• VirtualBox - Virtualization software for Linux, Windows and MacOS

Password cracking

• THC-Hydra - Popular password brute-forcing tool that supports a large number of protocols
• John - Open Source password security auditing and password recovery tool
• Hashcat - Password cracking tool that supports a large number of hashes

Reading material

Reverse engineering information

• Automated Malware Analysis - An overview of free tools and web services suitable for automated malware analysis
• Malicious IP Blocklists - An overview of various malicious IP and URL blocklists
• Malware Analysis Tools - An overview of free frameworks for automated malware analysis
• Remnux Malware Analysis Tips - A cheat sheet of various tools available in the REMnux Linux distribution
• Analyzing Malicious Documents - A cheat sheet for analyzing malicious documents
• Malware Analysis Cheat Sheet - A cheat sheet for analyzing malicious software
• Didier Stevens Tools - An overview of various tools developed by security researcher Didier Stevens

Reverse engineering tutorials

• Flare-On Challenge 2018 - Solutions of the FireEye Flare-On Challenge 2018
• Flare-On Challenge 2019 -Solutions of the FireEye Flare-On Challenge 2019

Cheat sheets (general)

• SANS Digital Forensics Cheat Sheet - SANS overview of cheat sheets for various forensic tools and software
• The Ultimate List of SANS Cheat Sheets - SANS overview of cheat sheets in the field of IT Security, Digital Forensics and Incident Response

The Eneco Toon is a thermostat by a Dutch power and gas company. It has a relatively large display for a thermostat and is also a touch screen. It let’s you view realtime information about your electricity and gas usage and can be controlled remotely if you subscibe to Eneco’s services… At least, that’s that Eneco want’s you to do.

I was looking for a thermostat that could be controlled remotely but I don’t need Eneco, Google or anyone else to know what the temperature in my living room is. Knowing I can root the Toon, I looked for one on Marktplaats and picked one up for a fair price. It’s the first version, so it’s a bit slow.

I love a good puzzle. And I’m not talking about 🧩 jigsaw puzzles. The ones I’m talking about are 👨‍💻 digital. I’m a big fan of Valve’s Portal games for instance.

Today, I’ve prepared a puzzle for you! You’ll need some technical skills though.

One part of this puzzle is analog, but I’m sure you can figure it out 😉.

You start here:

L0VHN2hKa3hMenovIA==

🤠 Good luck! Let me know if (you think) you have reached the end. If you get stuck, you can always ask for a hint.