arianvp

Native Secure Enclave backed ssh keys on MacOS

It turns out that MacOS Tahoe can generate and use secure-enclave backed SSH keys! This replaces projects like https://github.com/maxgoedjen/secretive

There is a shared library /usr/lib/ssh-keychain.dylib that traditionally has been used to add smartcard support to ssh by implementing PKCS11Provider interface. However since recently it also implements SecurityKeyProivder which supports loading keys directly from the secure enclave! SecurityKeyProvider is what is normally used to talk to FIDO2 devices (e.g. libfido2 can be used to talk to your Yubikey). However you can now use it to talk to your Secure Enclave instead!

williballenthin

'''
parse SavedState artifacts extracted from OSX.

author: Willi Ballenthin (william.ballenthin@fireeye.com)
license: Apache 2.0
'''
import re
import sys
import json
import struct

talkingmoose

#!/bin/bash

<<ABOUT_THIS_SCRIPT
-----------------------------------------------------------------------

	Written by:William Smith
	Professional Services Engineer
	Jamf
	bill@talkingmoose.net
	https://gist.github.com/talkingmoose/9faf50deaaefafa9a147e48ba39bb4b0

williballenthin

#!/usr/bin/env python3
'''
bling.py - extract keys from macOS keychains.

installation:
  pip install pytz hexdump vivisect-vstruct-wb tabulate argparse pycryptodome

usage:
  python bling.py /path/to/keychain-db <password> ./path/to/output/directory

TarlogicSecurity

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

alanzeino

All the stuff I do to set up a new Mac

Applications

• 1Password (hijacks the Snippety window)
• AirBuddy
• Amphetamine
• BlockBlock
• Cork (much better than Brewer X)
• CotEditor (fastest text editor with multi–line editing)
• DaisyDisk
• Fantastical

williballenthin

'''
parse osx sticky databases.

author: Willi Ballenthin <william.ballenthin@fireeye.com>
license: Apache 2.0

usage:

    $ python extract_stickies.py  /path/to/input.bin  /path/to/output/directory/
'''

fheisler

jpluimers

On OpenVPN:

• https://technofaq.org/posts/2017/08/a-to-z-of-a-secure-hardened-vanilla-openvpn-setup-for-debian-stretch-gnulinux/
• https://forums.freenas.org/index.php?threads/securing-openvpn.54258/
• http://blog.dornea.nu/2015/11/17/openvpn-for-paranoids/
• https://www.linode.com/docs/networking/vpn/set-up-a-hardened-openvpn-server/
• https://community.openvpn.net/openvpn/wiki/Hardening
• https://blog.g3rt.nl/openvpn-security-tips.html
• https://gist.github.com/pwnsdx/8fc14ee1e9f561a0a5b8
• kylemanna/docker-openvpn#276

mackwage

:: Windows 10 Hardening Script
:: This is based mostly on my own personal research and testing. My objective is to secure/harden Windows 10 as much as possible while not impacting usability at all. (Think being able to run on this computer's of family members so secure them but not increase the chances of them having to call you to troubleshoot something related to it later on). References for virtually all settings can be found at the bottom. Just before the references section, you will always find several security settings commented out as they could lead to compatibility issues in common consumer setups but they're worth considering. 
:: Obligatory 'views are my own'. :) 
:: Thank you @jaredhaight for the Win Firewall config recommendations!
:: Thank you @ricardojba for the DLL Safe Order Search reg key! 
:: Thank you @jessicaknotts for the help on testing Exploit Guard configs and checking privacy settings!
:: Best script I've found for Debloating Windows 10: https://github.com/Sycnex/Windows10Debloater
: