Panopticon Project

Tools and Techniques

This is not a comprehensive list, just a list of resources that might be useful to people working on P2

Table of Contents

• Other databases
• Lists of tools and tutorials
• Exploits
• Shellcode
• Penetration Testing
• OSINT investigations
• OSINT techniques
• Takedowns, hacks and arrests
• Understanding your online presence and tracking
• Operational Security (OPSEC)
• Encrypted communication
• Government influence
• Abusing Open Source packages
• Abusing app stores
• Urban science
• Fighting fake news
• Phishing
• Malware
• Malware Analysis
• Surveillance flights and satelites
• Physical security
• Satellite imagery
• Experimental attacks
• Ideas

Other databases

• Airtable
• Google Docs

Lists of tools and tutorials

The OSINT framework

All the tools demoed at the 2018 Black Hat Conference

Malc0de - Useful resources for malware analysis

List of open source research tools

List of privacy resources

Top 5 Publicly Available Tools Seen in Cyber Incidents Worldwide

Google Chrome tools for website analysis

Exploring the Burp Suite API

CyberChef for BASE64/XOR decoding

Command-line utility for using websites that can perform port scans

check Event Logs manipulated with NSA Hacking Tool

Finding Twitter bots

Troll hunting

Exploits

EQGRP

Fuzzbunch

Shellcode

https://azeria-labs.com/tcp-bind-shell-in-assembly-arm-32-bit/

Penetration Testing

All types of payloads

Security tester's companion

OSINT investigations

Things to remember while investigating

OSINT techniques

Bellingcat guides

OSINT overview

Studying the Internet's "trash"

Discovering and triangulating rogue cell towers

Tracking down abused children

Track bitcoin payments

Investigating data breach

Research into fake net neutrality comments

An OSINT investigation into the personnel of APT 3 - subsequent charges were laid

Open-Source Information Reveals Pro-Kremlin Web Campaign

Automatically discover website connections through tracking codes

Using Google Analytics codes connect websites

Connecting malware campaigns

Connecting cybercrime campaigns

Finding APT infrastructure 1

Finding APT infrastructure 2

Finding hidden email gateways

Tracking military deployments - google maps is open out of date but easily accessable satellite images

Operational security mistakes to look for 1

Operational security mistakes to look for 2

Uncovering social media profiles of threat actors

Who is tessa88?

Finding Twitter Bots

Google dorking

Twitter geotags

Identifying Information Operations Infrastructure

Discover IP addresses for suspicious Wikipedia edits

How to use Tweet Deck for investigations

Takedowns, hacks and arrests

Taking down a dark web marketplace

Taking down Scan4You

Fin7 arrests

Taking down Hacking Team

Arrest of Vault 7 leaker

Disovering who is behind attacks on Telegram users

Dismantling supply chain attacks

Understanding your online presence and tracking

Data Selfie explores our relationship to the online data we leave behind as a result of media consumption and social networks.

Psychographics - if someone could download these slides and save it to the repo so we don't lose it that would be great!

Anti-Tracking Bots Radios and Keystroke Injection - if someone can find the presentation that would be great! If someone can also download the presentation so we don't lose it, also great!

Dark Data - if someone can find the presentation that would be great! If someone can also download the presentation so we don't lose it, also great!

Receptiviti - Analyze language across contexts and over time

Hiding from the Internet - Eliminating Personal Online Information - If someone could download this and load it onto the repo so we don't lose it that would be great!

Stylometry

Operational Security (OPSEC)

Operational security overview

The Art of Invisibility

Encrypted communication

Run your end-to-end encrypted chat server using Matrix and Riot

Using PGP on Tails

PGP tutorials

Government influence

Hamiltion 68 - Tracking Russian influence operations on Twitter

An article on Hamilton 68

Abusing Open Source packages

An example

Abusing app stores

An example

Urban science

An overview of urban science

A global map of video cameras

Fighting fake news

InVID Verification Plugin for detecting fake news

Media Literacy Training

Check if you've liked a Facebook Page created by Russian trolls

Anatony of a fake news scandal

SurfSafe browser extension for spotting fake photos

Newsguard browser extension for spotting fake news

Phishing

Investigating phishing kits - if someone could download it and save it to the repo so we don't lose it that would be great!

Collection of phishing kits

Anatomy of a phishing kit

Malware

Track ransomware

Track spam and related threats

Analyze suspicious files and URLs to detect types of malware

Repository of malware samples

Machine-code decompiler

Scan samples with YARA rules

Malware Analysis

Getting started

Ghidra

Reversing example

Surveillance flights and satelites

Sky Spy Watch - Convert flight path data collected from Virtual Radar Server and filter for potential surveillance activity

A presentation on Sky Spy Watch - if someone could download it and save it to the repo so we don't lose it that would be great!

A story on tracking spy satelites

Physical security

Detecting microphones

Disguises

Satellite imagery

Copernicus

Experimental attacks

Steal Data From Air-Gapped Industrial Networks via PLCs - If someone can link to the actual material that would be amazing!

Ultrasonic sound side channel attack - If someone can link to the actual material that would be amazing!

Ideas

Defensive worms

Post TheShadowBrokers

Crypto anchors

Neural fuzzing

DeepLocker