Security

(or almost any other app)

In a recent tweet I showed the output of a script that I run every week to automatically activate offers that the Dutch supermarket Albert Hein puts in their app every week. You are supposed to open up to app, go to ‘bonus box’ and activate the offers you want. Normally, you can activate 5 / 10 discounts. But the thing is, if you have ‘Albert Heijn Premium’ (12,99 / year) you can activate 10 discounts. Sometimes there are more then 10, but we’ll ignore that for now.

Don’t ask me how I got this list … 😶

If you have any tips for what list should include, please use the contact page to get in touch with me.

Software and tools

The Cyber Swiss Army Knife

• Cyberchef - A must-have web application developed by the British GCHQ for encryption, encryption, compression and data analysis applications.

Hex editors

• XXD - Linux tool for making hexdumps
• HexEdit - CLI hex editor for Linux
• Bless - GUI hex editor for Linux
• HxD - GUI hex editor for Windows
• Hex Fiend - GUI hex editor for MacOS

PE analysis

• PE Studio - Tool for initial malware triage
• CFF Explorer - Parser and editor for Windows PE binaries

Disassemblers

• IDA - nteractive Disassembler for various executable file formats and architectures
• Ghidra - Reverse engineering tool developed by the US National Security Agency (NSA)

Dynamic Analysis

• x64 Debugger - Windows Tool for debugging binaries
• Fakenet - Tool for simulating generic internet services in a lab environment developed by FireEye
• iNetSIM - Tool for simulating generic internet services in a lab environment

Networkanalysis

• WireShark - Tool for analyzing network protocols
• Networkminer - Passive sniffer and packet capturing tool. Also suitable for exploring network traffic
• Moloch - Tool for capturing, indexing and searching network traffic
• Brimsecurity - Desktop application for indexing and searching network traffic
• Snort - Open-source Intrusion Detection System (IDS), Intrusion Prevention System (IPS)
• Suricata - Open-source Intrusion Detection System (IDS), Intrusion Prevention System (IPS) and Network Security Monitor (NSM)
• Zeek - Open-source Network Security Monitor (NSM)

Data analysis and visualization

• Kibana - Tool for exploring and visualizing Elasticsearch data
• Elasticsearch - Open-source distributed search engine for various types of data

Operating Systems

• SIFT - Linux OS provided with various Digital Forensics and Incident Response tooling developed by SANS
• REMNUX - Linux OS provides various malware analysis tools
• Kali - Linux OS providing various Penetration Testing and Ethical Hacking tools
• FlareVM - Windows OS provides various malware analysis tools

Analyze mobile apps

• JD-GUI - Open-source Java Disassembler for rebuilding “.class” files
• APKTool - Tool for reverse engineering APK files
• Dex2Jar - Open-source tool to turn Android Dex files into Jar files.

Memory Forensics

• Volatility - Open-source memory forensics toolkit
• Rekall - Open-source memory forensics framework, includes additional functions for Forensics and Incident Response

Forensics

• The Sleuth Kit - A collection of CLI tools for forensics on disk images
• FTK Imager - A data preview and imaging tool that lets you quickly assess electronic evidence to determine if further analysis with a forensic tool

Virtualization

• VMWare Player - Virtualization software for Linux, Windows and MacOS
• VirtualBox - Virtualization software for Linux, Windows and MacOS

Password cracking

• THC-Hydra - Popular password brute-forcing tool that supports a large number of protocols
• John - Open Source password security auditing and password recovery tool
• Hashcat - Password cracking tool that supports a large number of hashes

Reading material

Reverse engineering information

• Automated Malware Analysis - An overview of free tools and web services suitable for automated malware analysis
• Malicious IP Blocklists - An overview of various malicious IP and URL blocklists
• Malware Analysis Tools - An overview of free frameworks for automated malware analysis
• Remnux Malware Analysis Tips - A cheat sheet of various tools available in the REMnux Linux distribution
• Analyzing Malicious Documents - A cheat sheet for analyzing malicious documents
• Malware Analysis Cheat Sheet - A cheat sheet for analyzing malicious software
• Didier Stevens Tools - An overview of various tools developed by security researcher Didier Stevens

Reverse engineering tutorials

• Flare-On Challenge 2018 - Solutions of the FireEye Flare-On Challenge 2018
• Flare-On Challenge 2019 -Solutions of the FireEye Flare-On Challenge 2019

Cheat sheets (general)

• SANS Digital Forensics Cheat Sheet - SANS overview of cheat sheets for various forensic tools and software
• The Ultimate List of SANS Cheat Sheets - SANS overview of cheat sheets in the field of IT Security, Digital Forensics and Incident Response

Some say it couldn’t be done, I’d like to prove you otherwise.

I recently did a project where the combination from the title would come in handy. A secure VPN server that uses an existing Windows Active Directory setup.

After everything is setup. You have an OpenVPN server that authenticates using Active Directory and requires a TOTP token, all running on OPNsense

Alright, let’s get to work! First, go to System > Access > Servers and click Add. Use the following info, replace data to fit your enviroment.

Recently, a colleague told me about the existance of SSHFP DNS records. A way to verify that you’re actually connecting to the host you’re expecting to connect to.

Here’s how you can set it up for yourself:

1: Run this command

➜  ~ ssh-keygen -r $hostname

2: ??? \ 3: Profit!

In all seriousness: you’re now going to see the records you need to add that are specific to the server you ran the command on. It looks something like this: