Nifty Stories and Tools from the Cyber World

HaveIBeenPwned
check if you have already been hacked (passwords and emails) for real

True People Search
search for public records of people, anyone you know, including yourself

Password Manager
use a password manager, it is time (there are many out there, this one is just an example)

YubiKey
the best 2-factor authentication is a physical security key (there are a few out there, this one is just an example)

How hackers hack you completely
a DefCon experience of Kevin Roose who let hackers hack him

Hacking Tools Used to Get into an Office
a video talking about stealing key cards through the air, getting into hotel, NFC spoofers

Pentesters Strike Back
a fun video describing pentesting analysis of Star Wars Episode IV

StrandHogg Android Vulnerability
malware that can be disguised as any android app to read SMS, steal photos, hijack social media accounts, GPS location, listen to the microphone, intercept credentials and 2 FA

Hacking an Andoird TV under 2 minutes
a short article about hacking any Android TV with a video at the end

Eavesdropping on Google Home and Alexa
video demos of third-party apps eavesdropping on your conversations without you knowing it

Iron Geek
Video archive of past security conference presentations

Pentesting a Power Grid
16-min video on breaking into a power grid

Danger Drone
compromising a wireless mouse and keyboard on a drone

Protect Ya Passwords
a rapper's view on passwords in a 3-min video

Live Social Engineering
a hack of your phone account through your provider

What is Your Password
Jimmy Kimmel's show: asking for passwords on the street

Dolphin Attack
initiating inaudible voice commands to an iPhone

Rubber Ducky to Bypass Lockscreen
a story about a rubber ducky

Remotely Stealing a Tesla
an attack against a passive keyless entry

DARPA Cyber Grand Challenge
AI supercomputers are hacking each other and patching unknown bugs on the fly

Netz
automatically discover Internet-wide misconfigurations (ex. on AWS runs for 10 mins with 4 NICs and scans the whole Internet)

BruteShark
Network forensic analysis tool: password extractiion, build a network map, reconstruct TCP sessions, extract hashes and DNS queries, file carving

Traitor
automatic Linux privilege escalation via exploitation like GTFObins

Teler
simple and easy to use real-time HTTP intrusion detection system that reads in logs and provides information about attacks

PEASS
privilege escalation awesome scripts suite with colors

Assetnote Wordlists
custom-made wordlists for subdomain enumeration

Rustscan
a fast scanner of ports (65K ports in 3 seconds) written in Rust and using some of the nmap features

TunyCheck
captures traffic from any device (e.g., mobile) to automatically analyze suspicious activities happening on that device

GTFOBins
Unix binaries that can be exploited by an attacker to bypass local security restriction

Ciphey
fully automated decryption tool using natural language processing and artificial intelligence

Infection Monkey
open source Breach and Attack Simulation (BAS) tool with post-breach attacks and lateral movement

Web Sandbox for Malware Analysis
Joe Sandbox detects and analyzes files and URLs for suspicious activities, comprehensive dynamic/static analysis report

Tsunami Vulnerability Scanner
network security scanner, able to detect high severity vulnerabilities, based on nmap and ncrack, developed by Google

Wardriving
captured WiFi networks around the globe

Modlishka
the most dangerous phishing tool that acts as a smart reverse proxy

MASSCAN
Mass IP port scanner - can scan entire Internet in under 6 minutes

Hacking The Cloud
encyclopedia of tactics and techniques to attack cloud systems: AWS, Azure, GCP

Epic Twitter Hack Explained
social engineering, email swapping, and many bitcoins later in a massive twitter hack of well-known people

Critical Infrastructure Intelligence Gathering
using tools to analyze and access cameras, printers, and Industrial Control Systems (ICS)/SCADA infrastructure terminals

Phishing Users Walk-Through
evilginx is deployed on AWS to capture username & password and EditThisCookie is used to bypass 2FA

State Hackers Use IoT to Breach Networks
hackers break into IoT devices, commonly through default passwords, and compromise networks through them

Instagram $30K Bug Bounty hack
a researcher found a vulnerability on Instagram, earning $30K as a bug bounty

Tricking Cylance's AI Antivirus
shows how simple it could be to bypass antivirus with AI and still run malware

Car Hacking at DefCon
a car hacking village

SIM Hijackers
sophisticated attacks using just phone numbers via SIM hijacking

Creative Phishing
a write-up about a very creative phishing attack on Steam and others

Vigilante Botnet
a botnet that removes another cryptocurrency malware

Naked Security
attackers breached a bank through a LinkedIn job ad and Skype call

Spying with Raspberry Pi
a Raspberry Pi was found in the network closet

Twitter was Broken
how Twitter was broken because of SMS

Cybersecurity Horror Stories
real stories from red and blue teams

One Laptop Leads to a Full Pwn
a laptop used in a coffee shop led to a full network attack

Drone Hacks
a list of vulnerable drones and attack tools

Voicemail Attack on WhatsApp
attackers used voicemail hack to steal WhatsApp accounts

Security Keys
a story about how Google used security keys to defeat phishing

Reddit Hack
SMS 2FA verification codes were intercepted, leading to the Reddit hack