传送门
【7月23日-31日】Blackhat&DEFCON,黑客云集赌城拉斯维加斯
Blackhat&DEFCON 2017
北京时间7月23日至31日,安全圈最为火爆的顶级信息会议美国黑帽大会BlackHat(23日—28日)和世界黑客大会DEFCON(28日——31日)在美国拉斯维加斯拉开帷幕。
每年这个时候,数以万计的黑客云集拉斯维加斯,可不要以为黑客是赌徒,他们都是奔着安全圈著名的“两会”来的。可以说,他们对赌术毫无兴趣,却对 “安全技术”情有独钟,并且如痴如醉。美国黑帽大会BlackHat是信息安全行业公认的最高盛会,也是黑客大咖炫技的舞台,被称为黑客的“奥斯卡”;DEFCON黑客大会也被称为“黑客秘密大派对”,他的客人“高端大气上档次”,平均每年有超过7000名黑客和全球安全公司和安全机构的专家以及美国国防部、联邦调查局、国家安全局等政府机构的官员参加这一聚会。本篇文章为2017美国黑帽大会兵工厂工具列表。
Android、iOS移动安全
Android Tamer
https://github.com/AndroidTamer
Twitter: @AndroidTamer
主讲人: Anant Shrivastava (@anantshri)
BadIntent — 将Android与Burp集成
https://github.com/mateuszk87/BadIntent
主讲人: Mateusz Khalil (@mateuszk87)
DiffDroid
https://github.com/antojoseph/diff-droid
主讲人:Anto Joseph (@antojosep007)
Kwetza
https://github.com/sensepost/kwetza
主讲人: Chris Le Roy (@brompwnie)
Needle
https://github.com/mwrlabs/needle
Twitter: @mwrneedle
主讲人:Marco Lancini (@lancinimarco)
NoPE Proxy (Non-HTTP 代理扩展)
https://github.com/summitt/Burp-Non-HTTP-Extension
主讲人:Josh H.S. (@null0perat0r)
代码审计
Puma Scan
https://github.com/pumasecurity/puma-scan
Twitter: @puma_scan
主讲人:Aaron Cure (@curea)
Tintorera: 智能源代码审计引擎
https://github.com/vulnex/Tintorera
主讲人:Simon Roses Femerling (@simonroses)
密码学
Hashview
https://github.com/hashview/hashview
主讲人: Casey Cammilleri (@CaseyCammilleri), Hans Lakhan (@jarsnah12)
Gibber Sense
https://github.com/smxlabs/gibbersense
主讲人: Ajit Hatti (@ajithatti)
数据取证和事件响应
Answering When/Where/Who is my Insider — UserLine
https://github.com/THIBER-ORG/userline
主讲人: Chema Garcia (@sch3m4)
DefPloreX: 用于大规模eCrime取证的机器学习工具包
https://github.com/trendmicro/defplorex
主讲人: Federico Maggi (@phretor), Marco Balduzzi (@embyte), Lion Gu, Ryan Flores, Vincenzo Ciancaglini
HoneyPi
https://github.com/mattymcfatty/HoneyPi
主讲人: Matt South (@mattymcfatty)
PcapDB: 优化的全网络数据包捕获快速高效检索
https://github.com/dirtbags/pcapdb
主讲人:Paul Ferrell (@pflarr), Shannon Steinfadt
SCOT (Sandia Cyber Omni Tracker) 威胁情报和事件响应管理系统
https://github.com/sandialabs/scot
主讲人:Nick Georgieff , Todd Bruner (@toddbruner)
Security Monkey
https://github.com/Netflix/security_monkey
主讲人:Mike Grima (@mikegrima) , Patrick Kelley (@MonkeySecurity)
ThreatResponse: 在AWS中用于自动化事件响应的开源工具包
https://github.com/ThreatResponse
主讲人: Andrew Krug (@andrewkrug)
Volatile Memory Analysis at Scale —针对Windows x64系统的高性能取证平台
https://github.com/ShaneK2/inVtero.net
主讲人: Shane Macaulay (@ktwo_K2)
Yalda — 自动批量智能收集
https://github.com/gitaziabari/Yalda
主讲人: Gita Ziabari (@gitaziabri)
漏洞利用和道德黑客
AVET — 杀软绕过工具
https://github.com/govolution/avet
主讲人:Daniel Sauder (@DanielX4v3r)
通过Warhorse构建C2环境
https://github.com/war-horse/warhorse
主讲人: Ralph May (@ralphte1)
Cumulus — 云漏洞利用工具包
https://github.com/godinezj/metasploit-framework/tree/cumulus
主讲人: Javier Godinez (@isomorphix)
GDB增强功能(GEF)
主讲人: Chris Alladoum (@_hugsy_)
Leviathan Framework
https://github.com/leviathan-framework/leviathan
主讲人:Ozge Barbaros (@ozgebarbaros), Utku Sen (@utku1337)
MailSniper
https://github.com/dafthack/MailSniper
主讲人:Beau Bullock (@dafthack)
Rattler
https://github.com/sensepost/rattler
主讲人:Chris Le Roy (@brompwnie)
Seth
https://github.com/SySS-Research/Seth
主讲人: Adrian Vollmer (@AdrianVollmer)
硬件、嵌入式
ChipWhisperer
https://github.com/newaetech/chipwhisperer
主讲人:Colin O’Flynn (@colinoflynn)
DYODE:一个针对工业控制系统的DIY、低成本Data Diode
https://github.com/arnaudsoullie/dyode
主讲人:Arnaud Soullié (@arnaudsoullie), Ary Kokos ()
FTW:WAF测试框架
主讲人:Chaim Sanders, Zack Allen (@teachemtechy)
The Bicho: 高级汽车后门生成器
https://github.com/UnaPibaGeek/CBM
主讲人:Claudio Caracciolo (@holesec), Sheila Ayelen Berta (@UnaPibaGeek)
社会工程学
IsThisLegit
https://github.com/duo-labs/isthislegit
主讲人:Jordan Wright (@jw_sec), Mikhail Davidov (@sirus)
IoT
Hacker Mode
https://github.com/xssninja/Alexa-Hacker-Mode
主讲人:David Cross (@10rdV4d3r)
Universal Radio Hacker: Investigate Wireless Protocols Like a Boss
主讲人:Johannes Pohl (@jopohl)
恶意软件防御
开源机器学习和主动防御工具
https://github.com/jzadeh/Aktaion
主讲人:Joseph Zadeh (@JosephZadeh), Rod Soto (@rodsoto)
Cuckoodroid
https://github.com/idanr1986/cuckoo-droid
主讲人: Idan Revivo (@idanr86)
Cuckoo Sandbox
https://github.com/cuckoosandbox/cuckoo
Twitter: @cuckoosandbox
主讲人:Jurriaan Bremer (@skier_t)
LimaCharlie
https://github.com/refractionPOINT/limacharlie
Twitter: @rp_limacharlie
主讲人:Maxime Lamothe-Brassard (@_maximelb)
Malboxes
https://github.com/GoSecure/malboxes
主讲人:Olivier Bilodeau (@obilodeau)
恶意软件攻击
Empty-Nest:新型Payload生成器
https://github.com/empty-nest/emptynest
主讲人: James Cook (@_jbcook), Tom Steele (@_tomsteele)
网络攻击
BloodHound 1.3
https://github.com/BloodHoundAD/BloodHound
主讲人: Andy Robbins (@_wald0), Rohan Vazarkar (@CptJesus), Will Schroeder (@harmj0y)
CrackMapExec v4
https://github.com/byt3bl33d3r/CrackMapExec
主讲人:Marcello Salvati (@byt3bl33d3r)
DELTA: SDN安全评估框架
https://github.com/OpenNetworkingFoundation/DELTA
主讲人:Jinwoo Kim, Seungsoo Lee, Seungwon Shin
eaphammer
https://github.com/s0lst1c3/eaphammer
主讲人: Gabriel Ryan (@s0lst1c3)
GoFetch
https://github.com/GoFetchAD/GoFetch
主讲人:Tal Maor (@talthemaor)
gr-lora: LoRa PHY开源SDR实现
https://github.com/BastilleResearch/gr-lora
主讲人: Matt Knight (@embeddedsec)
Yasuo
https://github.com/0xsauby/yasuo
主讲人: Saurabh Harit (@0xsauby)
网络防御
Assimilator
https://github.com/videlanicolas/assimilator
主讲人:Nicolas Videla (@jsusvidela)
Noddos
https://github.com/noddos/noddos
主讲人:Steven Hessing
SITCH: 分布式GSM反向监控
https://github.com/sitch-io/sensor
Twitter: @sitch_io
主讲人:Ash Wilson (@ashmastaflash)
Sweet Security
https://github.com/TravisFSmith/SweetSecurity
主讲人:Travis Smith (@MrTrav)
OSINT — 开源情报
Datasploit :自动化OSINT工具
https://github.com/DataSploit/datasploit
Twitter: @datasploit
主讲人:Shubham Mittal (@upgoingstar)
Dradis: 10年帮助安全团队花费更多的时间测试和更少的时间报告
https://github.com/dradis/dradis-ce
Twitter: @dradisfw
主讲人:Daniel Martin (@etdsoft)
OSRFramework: 开源研究框架
https://github.com/i3visio/osrframework
主讲人:Félix Brezo Fernández (@febrezo), Yaiza Rubio Viñuela (@yrubiosec)
逆向工程
BinGrep
https://github.com/m4b/bingrep
主讲人:Hiroki Hada
FLARE VM
https://github.com/fireeye/flare-vm
主讲人: Peter Kacherginsky (@_iphelix)
漏洞评估
Aardvark and Repokid
https://github.com/Netflix-Skunkworks/aardvark
https://github.com/Netflix/repokid
主讲人: Patrick Kelley (@MonkeySecurity), Travis McPeak (@travismcpeak)
BugBot —后台运行在Kubernetes可扩展自动化测试Slackbot
https://github.com/anshumanbh/kubebot
主讲人:Anshuman Bhartiya (@anshuman_bh)
可以检查IBM i(AS/400)机器Hack/400和IBMiScanner工具
https://github.com/hackthelegacy/hack400tool
主讲人:Bart Kulach (@bartholozz)
PowerSAP:用于评估SAP安全性的Powershell工具
https://github.com/airbus-seclab/powersap
主讲人: Joffrey Czarny (@Sn0rkY)
SERPICO
https://github.com/SerpicoProject/Serpico
Twitter: @SerpicoProject
主讲人: Peter Arzamendi (@thebokojan), Will Vandevanter (@0xRST)
SimpleRisk
https://github.com/simplerisk/code
Twitter: @simpleriskfree
主讲人:Josh Sokol (@joshsokol)
Web安全
BurpSmartBuster:一个聪明的方式去寻找隐藏的宝藏
https://github.com/pathetiq/BurpSmartBuster
主讲人:Patrick Mathieu (@pathetiq)
CSP Auditor
https://github.com/GoSecure/csp-auditor
主讲人: Philippe Arteau (@h3xstream)
Easily Exploit Timing Attacks in Web Applications with the ‘timing_attack’ Gem
https://github.com/ffleming/timing_attack
主讲人:Forrest Fleming (@ffleming)
Fuzzapi — Fuzz RESTAPI的工具
https://github.com/lalithr95/fuzzapi
Twitter: @Fuzzapi0x00
主讲人:Abhijeth Dugginapeddi (@abhijeth), Lalith Rallabhandi (@lalithr95), Srinivas Rao (@srini0x00)
Offensive Web 测试框架 (OWASP OWTF)
Twitter: @owtfp
主讲人:Viyat Bhalodia (@viyat)
PyMultiTor
https://github.com/realgam3/pymultitor
主讲人: Tomer Zait (@realgam3)
ThreadFix Web应用程序攻击面分析工具
https://github.com/denimgroup/threadfix
Twitter: @ThreadFix
主讲人:Dan Cornell (@danielcornell)
WaToBo:Web应用工具箱
https://github.com/siberas/watobo
主讲人:Andreas Schmidt (@_znow)
WSSiP: WebSocket操作代理
https://github.com/nccgroup/wssip
主讲人: Samantha Chalker (@itsisatis)
传送门