Infosec Reading List – September 2017

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports – but you will also find other recommendations from time to time.
All InfoSec Reading Lists can be found here.
Best of Twitterverse
InfoSec
- Let’s get fancy with false flags – attribution is hard in the cyber field – don’t get fooled by evidence that isn’t any – link
- Breaking Out of Citrix and other Restricted Desktop Environments – including RDP sessions – nice overview – link
- How My Instagram Hacker Changed My Life – “But by robbing me of my online identity, my hacker had unshuttered a window to life in the country of my birth. “ – link
- 2017 Internet Organised Crime Threat Assessment
(IOCTA) Report – [pdf] – link - Equihax: fact enabled wild speculation – The important things are always simple. The simple things are always hard. The easy way is always mined. Murphy’s Laws of Enterprise Information Security – link
Layer 7
- How I hacked hundreds of companies through their helpdesk – logical flaw in several social media & communication pages – link
- How I got $13337 bounty From Google – as mentioned above, the simple things are always hard – link
- Chrome’s Plan to Distrust Symantec Certificates – this happens if you constantly fail to comply with industry standards – especially this list demonstrates the big issue Symantec has – link
IoT (with S for “Security”)
- An RTSP surveillance camera access multitool – link
Mobile Related
- Analysis of the Facebook.app for iOS [v. 87.0] – including FBNativeAppModule_DO_NOT_USE_OR_YOU_WILL_BE_FIRED – link
- Hacking iOS Applications – a detailed testing guide – [pdf] – link