Black Hat Arsenal USA 2017 Tool List
by
do son
·
Published July 22, 2017
· Updated October 10, 2021
Android, iOS and Mobile Hacking
Code Assessment
Puma Scan https://github.com/pumasecurity/puma-scan Twitter: @puma_scan Presenter: @curea )Tintorera: Source Code Intelligence (Code not yet uploaded)https://github.com/vulnex/Tintorera Presenter: @simonroses )
Cryptography
Data Forensics and Incident Response
Answering When/Where/Who is my Insider — UserLine https://github.com/THIBER-ORG/userline Presenter: (@sch3m4 )DefPloreX: A Machine-Learning Toolkit for Large-scale eCrime Forensics https://github.com/trendmicro/defplorex Presenters: @phretor ), Marco Balduzzi (@embyte ), Lion Gu, Ryan Flores, Vincenzo CiancagliniHoneyPi https://github.com/mattymcfatty/HoneyPi Presenter: @mattymcfatty )PcapDB: Optimized Full Network Packet Capture for Fast and Efficient Retrieval https://github.com/dirtbags/pcapdb Presenters: @pflarr ), Shannon SteinfadtSCOT (Sandia Cyber Omni Tracker) Threat Intelligence and Incident Response Management System https://github.com/sandialabs/scot Presenters: @toddbruner )Security Monkey https://github.com/Netflix/security_monkey Presenters: @mikegrima ) , Patrick Kelley (@MonkeySecurity )ThreatResponse: An Open Source Toolkit for Automating Incident Response in AWS https://github.com/ThreatResponse Presenter: @andrewkrug )Volatile Memory Analysis at Scale — the Highest Performing and Forensic Platform for Windows x64 https://github.com/ShaneK2/inVtero.net Presenter: @ktwo_K2 )Yalda — Automated Bulk Intelligence Collection (Code not yet uploaded)https://github.com/gitaziabari/Yalda Presenter: @gitaziabri )
Exploitation and Ethical Hacking
Hardware/Embedded
ChipWhisperer https://github.com/newaetech/chipwhisperer Presenter: @colinoflynn )DYODE, a DIY, Low-Cost Data Diode for ICS https://github.com/arnaudsoullie/dyode Presenters: @arnaudsoullie ), Ary Kokos ()FTW: Framework for Testing WAFs https://github.com/fastly/ftw Presenters: @teachemtechy )The Bicho: An Advanced Car Backdoor Maker https://github.com/UnaPibaGeek/CBM Presenters: @holesec ), Sheila Ayelen Berta (@UnaPibaGeek )
Human Factors
IsThisLegit https://github.com/duo-labs/isthislegit Presenters: @jw_sec ), Mikhail Davidov (@sirus )
Internet of Things
Hacker Mode https://github.com/xssninja/Alexa-Hacker-Mode Presenter: Universal Radio Hacker: Investigate Wireless Protocols Like a Boss https://github.com/jopohl/urh Presenter: @jopohl )
Malware Defense
Aktaion v2 — Open Source Machine Learning and Active Defense Tool https://github.com/jzadeh/Aktaion Presenters: @JosephZadeh ), Rod Soto (@rodsoto )Cuckoodroid https://github.com/idanr1986/cuckoo-droid Presenter: @idanr86 )Cuckoo Sandbox https://github.com/cuckoosandbox/cuckoo Twitter: @cuckoosandbox Presenter: @skier_t )LimaCharlie https://github.com/refractionPOINT/limacharlie Twitter: @rp_limacharlie Presenter: @_maximelb )Malboxes https://github.com/GoSecure/malboxes Presenter: @obilodeau )
Malware Offense
A New Take at Payload Generation: Empty-Nest Presenters: @_jbcook ), Tom Steele (@_tomsteele )
Network Attacks
BloodHound 1.3 https://github.com/BloodHoundAD/BloodHound Presenters: @_wald0 ), Rohan Vazarkar (@CptJesus ), Will Schroeder (@harmj0y )CrackMapExec v4 https://github.com/byt3bl33d3r/CrackMapExec Presenter: @byt3bl33d3r )DELTA: SDN Security Evaluation Framework https://github.com/OpenNetworkingFoundation/DELTA Presenters: eaphammer https://github.com/s0lst1c3/eaphammer Presenter: @s0lst1c3 )GoFetch https://github.com/GoFetchAD/GoFetch Presenter: (@talthemaor )gr-lora: An Open-Source SDR Implementation of the LoRa PHY https://github.com/BastilleResearch/gr-lora Presenter: @embeddedsec )Yasuo https://github.com/0xsauby/yasuo Presenter: @0xsauby )
Network Defense
Assimilator https://github.com/videlanicolas/assimilator Presenter: @jsusvidela )Noddos https://github.com/noddos/noddos Presenter: SITCH: Distributed, Coordinated GSM Counter-Surveillance https://github.com/sitch-io/sensor Twitter: @sitch_io Presenter: @ashmastaflash )Sweet Security https://github.com/TravisFSmith/SweetSecurity Presenter: @MrTrav )
OSINT — Open Source Intelligence
Datasploit — Automated Open Source Intelligence (OSINT) Tool https://github.com/DataSploit/datasploit Twitter: @datasploit Presenter: @upgoingstar )Dradis: 10 Years Helping Security Teams Spend More Time Testing and Less Time Reporting https://github.com/dradis/dradis-ce Twitter: @dradisfw Presenter: @etdsoft )OSRFramework: Open Sources Research Framework https://github.com/i3visio/osrframework Presenters: @febrezo ), Yaiza Rubio Viñuela (@yrubiosec )
Reverse Engineering
BinGrep https://github.com/m4b/bingrep Presenter: FLARE VM https://github.com/fireeye/flare-vm Presenter: @_iphelix )
Vulnerability Assessment
Aardvark and Repokid https://github.com/Netflix-Skunkworks/aardvark https://github.com/Netflix/repokid Presenters: @MonkeySecurity ), Travis McPeak (@travismcpeak )Hack/400 and IBMiScanner Tooling for Checking Your IBM i (aka AS/400) Machines ! https://github.com/hackthelegacy/hack400tool Presenter: @bartholozz )PowerSAP: Powershell Tool to Assess SAP Security https://github.com/airbus-seclab/powersap Presenter: @Sn0rkY )SERPICO https://github.com/SerpicoProject/Serpico Twitter: @SerpicoProject Presenters: @thebokojan ), Will Vandevanter (@0xRST )SimpleRisk https://github.com/simplerisk/code Twitter: @simpleriskfree Presenter: @joshsokol )
Web AppSec
BurpSmartBuster: A Smart Way to Find Hidden Treasures https://github.com/pathetiq/BurpSmartBuster Presenter: @pathetiq )CSP Auditor https://github.com/GoSecure/csp-auditor Presenter: @h3xstream )Easily Exploit Timing Attacks in Web Applications with the ‘timing_attack’ Gem https://github.com/ffleming/timing_attack Presenter: @ffleming )Fuzzapi — Fuzzing Your RESTAPIs Since Yesterday https://github.com/lalithr95/fuzzapi Twitter: @Fuzzapi0x00 Presenters: @abhijeth ), Lalith Rallabhandi (@lalithr95 ), Srinivas Rao (@srini0x00 )Offensive Web Testing Framework (OWASP OWTF) https://github.com/owtf/owtf Twitter: @owtfp Presenter: @viyat )PyMultiTor https://github.com/realgam3/pymultitor Presenter: @realgam3 )ThreadFix Web Application Attack Surface Calculation https://github.com/denimgroup/threadfix Twitter: @ThreadFix Presenter: @danielcornell )WaToBo — The Web Application Toolbox https://github.com/siberas/watobo Presenter: @_znow )WSSiP: A WebSocket Manipulation Proxy https://github.com/nccgroup/wssip Presenter:
