Infosec Reading List – November 2017

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports – but you will also find other recommendations from time to time.

All InfoSec Reading Lists can be found here.

Best of Twitterverse


  • The Dark Web’s Most Notorious Thief, Phishkingz, Gets Doxxed – OpSec principles apply to ordinary users and bad guys alike – don’t reuse passwords – link
  • Infosec and Failure – 2017 Keynote from Ange Albertini around some of the most important issues the infosec industry / community faces nowadays – and no, they are not technical – link
  • News Feature: Google Security interview “human solutions – the way to go.” – “I think it’s very unfair to expect users to shoulder all the burden. As information security as a discipline has grown over the years, we’ve focussed a lot on the technology because we’re technologists, so we created layers of technology to protect the technology and it all works very well unless there’s humans involved. But the thing is the humans are the point.”link
  • The Problem with “The Seven Keys” – “Let’s be absolutely clear: there are no keys that cause the Internet to function (or not to function).” link
  • Your TL;DR Summary of The CERT Guide to Coordinated Vulnerability Disclosurelink
  • Attack of the week: DUHK – yet another case for: true-randomness-is-hard to implement – link
  • Largest cybersecurity venture capital deals in 2017link

Layer 7

  • How to use a single download to remotely steal proprietary files from MacOS – story focusing specifically on Safari on MacOS – link
  • How i found an SSRF in Yahoo! Guesthouselink
  • Messing with the Google Buganizer System for $15,600 in Bounties – I specifically consider the logical flaws as interesting – link

IoT (with S for “Security”)

  • An Introduction to the CAN Bus: How to Programmatically Control a Car – link


  • Windows 10 platform resilience against the Petya ransomware attacklink


  • A new age of discoverylink


  • The scientists persuading terrorists to spill their secrets – “From NYPD Blue to 24 and Zero Dark Thirty, we are trained in the idea that interrogators get the job done by intimidating, demoralising and, when necessary, brutalising their subjects.”link

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s