Infosec Reading List – April 2017

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports – but you will also find other recommendations from time to time.

All InfoSec Reading Lists can be found here.

Interesting Tweets



InfoSec

  • “Cybersecurity is terrible, and will get worse.” – Adi Shamir with 15 predictions for 15 years – link
  • USENIX Enigma 2016 – NSA TAO Chief on Disrupting Nation State Hackers – link
  • The hackers trying to build a hack-proof operating system – link
  • We asked 86 burglars how they broke into homes – this is actually an interesting read although more focusing on layer 8link
  • DDOS service with 24/7 support – a SLA that most enterprises can solely dream of – “The price may change if the resource has political status” – link
  • Publicly available PCAP files – link
  • Security Engineering – The Book by Ross Anderson – available for free – link
  • Browsable content of eqgrp-auction-file.tar.xz – the Shadowbroker NSA leak – link – second part – link
  • CVE-2017-2416 Remote code execution triggered by malformed GIF in ImageIO framework, affecting most iOS/macOS apps – link
  • A curated list of tools and resources for security incident response, aimed to help security analysts and DFIR teams – link
  • A tool to perform various OSINT techniques, aggregate all the raw data, visualise it on a dashboard, and facilitate alerting and monitoring on the data – link
  • Hardentools is an utility that disables a number of risky Windows features – link
  • HITB Amsterdam 2017 Slides – link
  • “In other words, ShadowBrokers did something the Snowden releases and even WikiLeaks’ Vault 7 releases have avoided: revealing the people behind America’s state-sponsored hacking.” link
  • Mr Dullien on “Can insurance be a game changer for cybersecurity?” link
  • A quick analysis of the latest Shadow Brokers dump – link
  • Here’s where the Apple accounts hackers are threatening to wipe came from – as it tuned out it wasn’t the big sotry everybody was expecting – link
  • The Story of Getting SSH Port 22 – link
  • “But it’s practical experience and skills which hold the true value and not some hot, trendy security certification.” On the value of security certifications – the problem is not the folks getting certified – its the companies who didn’t get it yet – link
  • Using Signal pseudonymously – link

Layer 7

  • “12k$ for simple path traversal on web.whatsapp.com” – link
  • “That sound you hear is Splunk leaking data” – link
  • “Click this button, and your browser will start passively loading random sites in browser tabs. Leave it running to fill their databases with noise. Just quit your browser when you’re done.”link
  • TLS client fingerprinting with Bro – link
  • “You can leverage a LinkedIn CSRF weakness to know exactly WHO is visiting your website”link
  • Black box discovery of memory corruption RCE on box.com – link
  • “Ok Google, Give Me All Your Internal DNS Information!”link
  • Details on the FlexiSpy compromise – link

IoT

  • Dishwasher has directory traversal bug – no kidding – link
  • [pdf]  “Wi-Fly? : Detecting Privacy Invasion Attacks by
    Consumer Drones” – we will need more research like this in the future – link
  • Valasek’s and Miller’s total guide to car hacking – available for free – amazing source in case you are interested in car hacking fundamentals – link
  • “Hacker sets off all 156 emergency sirens in Dallas” – engineers needed to shut them down manually – link

Malware/Phishing

  • [pdf] Operation Cloud Hopper – link
  • iOS Malware Overview – link
  • The History of Fileless Malware – Looking Beyond the Buzzword – link

Politics Related

  • 2017: The year in which nuclear weapons could be banned? – link
  • Congress Removes FCC Privacy Protections on Your Internet Usage – Schneier on selling browser data – link
  • Don’t Forget Your Base – TheShadowBrokers message to Trump – link

Outdoors

  • Live Happier: Four Lessons From Round-The-World Cyclist – link
  • “New hiking route connects Los Angeles to 67 miles of backcountry bliss” – called Backbone Trail, 108 km of total distance, GPS points available on the website, close to LA – link
  • Review of a German Packraft version called Anfibio Alpha XC – 1,5 kg is an aggressive weight – direct link to the German shop – link – article – link
  • GPS Navigation with PDF Maps on Smartphones – works only in North America so I couldn’t test it on my own – link
  • Royal Geographical Society Expedition Handbook – pdfs are available for download – covering all different kinds of topics like fundraising, camels, assessing risks, planning properly etc. – link
  • “To be shown the true version of yourself without clouding the issue with other people’s opinions, is one of the most valuable lessons I’ve ever been given … […] … We need a shift in consciousness and a reconnection to emotions and instinct to fix our increasingly fractured planet” link
  • “Pull clean drinking water out of thin air with the power of the sun. Researchers at MIT have made this dream concept a reality.” – not yet available for ordinary users unfortunately – link
  • For the first time on record, human-caused climate change has rerouted an entire river – link
  • Simplify! From an outdoor perspective – link

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s