Infosec Reading List – August 2017

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports – but you will also find other recommendations from time to time.

All InfoSec Reading Lists can be found here.

Best of Twitterverse


  • BlackHat 2017: The Shadow Brokers — Cyber Fear Game Changers – interesting timelines + links to PDFs – link
  • “The lack of focus on those more mundane problems came about because often security experts had little interest in or empathy for people, he said.” – Facebook calls for a more people-centric security industry – link
  • Algorithms cannot discern good intentions, so they must be secure against everyone. Going dark: encryption and law enforcement – there is a lot of truth in this article – link
  • Ever get remote code execution by fragging a player? – Remote Code Execution In Source Gameslink
  • LinkedIn reveals your personal email to your connections – the interesting part of this article is the discussion around the contextual integrity (CI) theory by Helen Nissenbaum – link
  • Black Hat 20 & DEFCON 25 – summary and recommended talks – link
  •  Top 10 Most Obvious Hacks of All Time (v0.9) – growing list – link
  • Breaking the Security Model of Subgraph OS – interesting discussion around the sandboxing capabilities of Qubes OS and Subgraph OS – definitively worth a read – link
  • “I break things, I don’t fix them” – we all should learn more about defense – link
  • Be Prepared: Journalists and Security Researcherslink and related to that – Media Training is an OPSEC skilllink
  • Ross Anderson on Compartmentation is hard, but the Big Data playbook makes it harder stilllink
  • Windows DRM Social Engineering Attacks & TorBrowser – important to consider when using anonymization techniques – link

Layer 7

  • How the Twitter App Bypasses Paywalls – relying on referer and user-agent for authentication purposes is bad but obviously a desperate try to hold non-tech-savvy users off the free web offers – link
  • How i Hacked into a PayPal’s Server – Unrestricted File Upload to Remote Code Execution – OSINT for vulnerable subdomains, file upload without input validation, bruteforcing folder ID, execute uploaded script, game over – link
  • Blind SSRF on Yahoo owned server – link
  • $10k host header – High School student gets 10,000 USD bug bounty for changing host header information – nice catch – link

IoT (with S for “Security”)

  • Exploiting a weak spot in the power gridlink


  • Mitigations: Completeness/Effectiveness vs Performancelink
  • Learnings from analysing my compromised server – writeup about what can go wrong in case you pick a weak root password for your sshd – link

Mobile Related

  • From Chrysaor to Lipizzan: Blocking a new targeted spyware familylink


  • Whitewater Packrafting 101: 10 Things you need to know to paddle safe + stronglink
  • Arctic Alaska Packrafting Gear Suggestions: an Annotated Photo-list – very helpful post by Roman Dial on packrafting gear based on 50 years of experience – link
  • The Garmin inReach: Merging Navigation & Communication – these are the new devices that merge the traditional Garmin GPS devices and Delorme’s InReach – I’m specifically astonished about the battery: “100 hours in 10-min tracking mode / 30 days in 30-min interval power saving mode” link
  • The man who went on a hike and never stopped walkinglink
  • Vindelfjällens Traverse, a packrafting lesson – interesting report about how quickly things can go wrong when going packrafting – link
  • 400 Miles Jordan Hike – this sounds amazing and I would love to go back to Jordan anytime – I always had amazing times there – link – they even have a nice booklet for thru-hikers – link – now looking forward to being able to download the full GPX


  • Research Shows That Organizations Benefit When Employees Take Sabbaticalslink

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s