BlackHat Arsenal USA 2018 ToolsWatch黑客工具库

Posted 2020-12-29 ssooking

原文链接：https://medium.com/hack-with-github/black-hat-arsenal-usa-2018-the-w0w-lineup-7de9b6d32796

Black Hat Arsenal USA 2018?—?The w0w lineup

After the huge success of Black Hat Arsenal USA 2017, @toolswatch has now announced the list of tools selected for Black Hat Arsenal USA 2018.

This time there were a huge number of proposals than expected, so the Arsenal team had a tough time selecting the tools.

NOTE: If you have submitted a proposal and didn’t get selected, don’t worry. Please do submit it again for Black Hat Arsenal EU 2018 / ASIA 2019. The rejected tools don’t necessarily mean that they aren’t good. Also the rejected tools are on the priority list for consideration in upcoming Black Hat Arsenal events.

Some of the selected tools are already present on GitHub and some are yet to be uploaded. This article contains the links to their respective repositories. The tools are arranged according to their tracks. If you like the tool, go to its repository and click Watch to keep updated on the latest commits and pushes.

Some tools will be updated during/after the Arsenal event. Links to the GitHub repositories of those tools will be eventually updated in this article.

If you feel that this article is missing links to some Arsenal tools hosted on GitHub, please comment so that it will updated.

NOTE: Arsenal Theater Demos are denoted using the Projector emoji?—????

android, ios and Mobile Hacking

• Damn Vulnerable iOS App: Swift Edition
  https://github.com/prateek147/DVIA-v2
  Presenter: Prateek Gianchandani (@prateekg147)

Code Assessment

• OWASP Dependency-Check
  https://github.com/jeremylong/DependencyCheck
  Presenter: Jeremy Long (@ctxt)
• Puma Scan
  https://github.com/pumasecurity/puma-scan
  Twitter: (@puma_scan)
  Presenter: Eric Johnson (@emjohn20)

Cryptography

• DeepViolet: SSL/TLS Scanning API & Tools
  https://github.com/spoofzu/DeepViolet
  Presenter: Milton Smith (@spoofzu)

Data Forensics and Incident Response

• Bro: Do You Bro? Beginner to Expert
  https://github.com/bro/bro
  Presenter: Seth Hall (@remor)
• CyBot: Open-Source Threat Intelligence Chat Bot (Full Circle)
  https://github.com/CylanceSPEAR/CyBot
  Presenter: Tony Lee
• LogonTracer
  https://github.com/JPCERTCC/LogonTracer
  Presenters: Shusei Tomonaga (@shu_tom), Tomoaki Tani
• rastrea2r (reloaded!): Collecting & Hunting for IOCs with Gusto and Style
  https://github.com/rastrea2r/rastrea2r
  Presenters: Ismael Valenzuela (@aboutsecurity), Sudheendra Bhat
• RedHunt OS (VM): A Virtual Machine for Adversary Emulation and Threat Hunting
  https://github.com/redhuntlabs/RedHunt-OS
  Presenter: Sudhanshu Chauhan (@Sudhanshu_C)

Exploitation and Ethical Hacking

• AVET: AntiVirus Evasion Tool
  https://github.com/govolution/avet
  Presenter: Daniel Sauder (@DanielX4v3r)
• DSP: Docker Security Playground
  https://github.com/giper45/DockerSecurityPlayground
  Presenter: Simon Pietro Romano (@spromano)
• hideNsneak: An Attack Obfuscation Framework
  https://github.com/rmikehodges/hideNsneak
  Presenters: Michelle Hodges, Mike Hodges (@rmikehodges)
• Merlin
  https://github.com/Ne0nd0g/merlin
  Presenter: Russel Van Tuyl (@Ne0nd0g)
• RouterSploit
  https://github.com/threat9/routersploit
  Twitter: @routersploit
  Presenters: Blane Cordes, Marcin Bury

Hardware/Embedded

• ChipWhisperer
  https://github.com/newaetech/chipwhisperer
  Presenter: Colin O’Flynn (@colinoflynn)
• ??? JTAGulator: Uncovering the Achilles Heel of Hardware Security
  https://github.com/grandideastudio/jtagulator
  Presenter: Joe Grand (@joegrand)
• Micro-Renovator: Bringing Processor Firmware up to Code
  https://github.com/syncsrc/MicroRenovator
  Presenter: Matt King (@syncsrc)
• TumbleRF: RF Fuzzing Made Easy
  https://github.com/riverloopsec/tumblerf
  Presenters: Matt Knight (@embeddedsec)
• Walrus: Make the Most of Your Card Cloning Devices
  https://github.com/TeamWalrus/Walrus
  Presenters: Daniel Underhay, Matthew Daley

Internet of Things

• An Extensible Dynamic Analysis Framework for IoT Devices
  https://github.com/sycurelab/DECAF
  Presenters: Heng Yin, Xunchao Hu, Yaowen Zheng
• BLE CTF Project
  https://github.com/hackgnar/ble_ctf
  Presenter: Ryan Holeman (@hackgnar)
• WHID Injector and WHID Elite: A New Generation of HID Offensive Devices
  https://github.com/whid-injector/WHID
  Presenter: Luca Bongiorni (@LucaBongiorni)

Malware Defense

• Advanced Deep Learning Analytic Platform Made Easy for Every Security Researcher
  https://github.com/intel/Resilient-ML-Research-Platform
  Presenters: Evan Yang, Li Chen
• EKTotal
  https://github.com/nao-sec/ektotal
  Presenters: Keita Nomura, Rintaro Koike
• Firmware Audit: Platform Firmware Security Automation for Blue Teams and DFIR
  https://github.com/PreOS-Security/fwaudit
  Presenters: Lee Fisher (@LeeFisher_PreOS), Paul English
• MaliceIO
  https://github.com/maliceio/malice
  Twitter: @maliceio
  Presenter: Josh Maine
• Objective-See’s MacOS Security Tools
  https://github.com/objective-see
  Twitter: @objective_see
  Presenter: Patrick Wardle (@patrickwardle)

Malware Offense

• BloodHound 1.5
  https://github.com/BloodHoundAD/BloodHound
  Presenters: Andy Robbins (@_wald0), Rohan Vazarkar (@CptJesus)

Network Attacks

• Armory
  https://github.com/depthsecurity/armory
  Presenter: Daniel Lawson (@fang0654)
• Chiron: An Advanced IPv6 Security Assessment and Penetration Testing Framework
  https://github.com/aatlasis/Chiron
  Presenter: Antonios Atlasis (@AntoniosAtlasis)
• DELTA: SDN Security Evaluation Framework
  https://github.com/OpenNetworkingFoundation/DELTA
  Presenters: Jinwoo Kim, Seungsoo Lee, Seungwon Shin, Seungwon Woo
• Mallet: An Intercepting Proxy for Arbitrary Protocols
  https://github.com/sensepost/mallet
  Presenter: Rogan Dawes (@RoganDawes)
• PowerUpSQL: A PowerShell Toolkit for Attacking SQL Servers in Enterprise Environments
  https://github.com/NetSPI/PowerUpSQL
  Presenters: Antti Rantasaari, Scott Sutherland (@_nullbind)
• ??? WarBerryPi
  https://github.com/secgroundzero/warberry
  Presenters: Stella Constantinou, Yiannis Ioannides

Network Defense

• ANWI (All New Wireless IDS): The $5 WIDS
  https://github.com/SanketKarpe/anwi
  Presenters: Rishikesh Bhide, Sanket Karpe
• CHIRON: Home-Based Network Analytics & Machine Learning Threat Detection Framework
  https://github.com/jzadeh/chiron-elk
  Presenters: Joseph Zadeh (@JosephZadeh), Rod Soto (@rodsoto)
• Cloud Security Suite: One Stop Tool for AWS/GCP/Azure Security Audit
  https://github.com/SecurityFTW/cs-suite
  Twitter: @CS_Suite
  Presenters: Divya John, Jayesh Chauhan (@jayeshsch), Shivankar Madaan (@shivankarmadaan)
• DejaVu: An Open Source Deception Framework
  https://github.com/bhdresh/Dejavu
  Presenters: Bhadreshkumar Patel (@bhdresh), Harish Ramadoss (@hramados)

OSINT?—?Open Source Intelligence

• DataSploit 2.0
  https://github.com/DataSploit/datasploit
  Twitter: @datasploit
  Presenter: Shubham Mittal (@upgoingstar)
• ??? Dradis Framework: Learn How to Cut Your Reporting Time in Half
  https://github.com/dradis/dradis-ce
  Twitter: @dradisfw
  Presenter: Daniel Martin (@etdsoft)

Reverse Engineering

• Snake: The Malware Storage Zoo
  https://github.com/countercept/snake
  Presenter: Alex Kornitzer (@AlexKornitzer)

Smart Grid / Industrial Security

• ??? GRFICS: A Graphical Realism Framework for Industrial Control Simulations
  https://github.com/djformby/GRFICS
  Presenter: David Formby

Vulnerability Assessment

• ??? Adversarial Robustness Toolbox for Machine Learning Models
  https://github.com/IBM/adversarial-robustness-toolbox
  Presenter: Irina Nicolae
• Android Dynamic Analysis Tool (ADA)
  https://github.com/ANELKAOS/ada
  Presenter: Anelkaos (@ANELKAOS1)
• ??? Archery: Open Source Vulnerability Assessment and Management
  https://github.com/archerysec/archerysec
  Twitter: @ArcherySec
  Presenter: Anand Tiwari (@anandtiwarics)
• boofuzz
  https://github.com/jtpereyda/boofuzz
  Presenter: Joshua Pereyda (@jtpereyda)
• BTA
  https://github.com/airbus-seclab/bta
  Presenter: Joffrey Czarny (@_Sn0rkY)
• Deep Exploit
  https://github.com/13o-bbr-bbq/machine_learning_security/tree/master/DeepExploit
  Presenter: Isao Takaesu (@bbr_bbq)
• Halcyon IDE: For Nmap Script Developers
  https://github.com/s4n7h0/Halcyon
  Presenter: Sanoop Thomas (@s4n7h0)
• ??? SimpleRisk
  https://github.com/simplerisk
  Twitter: @simpleriskfree
  Presenter: Josh Sokol (@joshsokol)
• ??? TROMMEL
  https://github.com/CERTCC/trommel
  Presenter: Kyle O’Meara

Web AppSec

• A Look at ModSec 3.0 for NGINX: A Software Web Application Firewall
  https://github.com/SpiderLabs/ModSecurity
  Presenter: Kevin Jones
• Astra: Automated Security Testing For REST APIs
  https://github.com/flipkart-incubator/Astra
  Presenters: Ankur Bhargava (@_AnkurB), Sagar Popat (@popat_sagar)
• Burp Replicator: Automate Reproduction of Complex Vulnerabilities
  https://github.com/PortSwigger/replicator
  Presenter: Paul Johnston (@paulpaj)
• OWASP Offensive Web Testing Framework
  https://github.com/owtf/owtf
  Twitter: @owtfp
  Presenter: Viyat Bhalodia (@viyat)
• OWASP JoomScan Project
  https://github.com/rezasp/joomscan
  Twitter: @OWASP_JoomScan ?
  Presenters: Babak Amin Azad, Mohammad Reza Espargham (@rezesp) , Vahid Behzadan (@vbehzadan)
• WSSAT
  https://github.com/YalcinYolalan/WSSAT
  Presenters: Mehmet Yalcin YOLALAN (@yyolalan), Salih TALAY

---

If you haven’t looked at the selected tools, check the below embed to view the complete details of the tools and its presenters.