On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here.
Quotes from the Twitterverse
InfoSec
- OSINT: Finding Subdomains - specifically using findsubdomains.com - [link]
- Screwdriving. Locating and exploiting smart adult toys - IoT where the S stands for “security” - [link]
- Python for pentesters, the practical version - [link]
- My $169 development Chromebook - - [link]
- Review: Purism Librem13 laptop - - [link]
- I found a major flaw in Mozilla’s private browsing mode. - [link]
- Use PowerShell to Find the History of USB Flash Drive Usage - [link]
- A bank statement for app activity (and thus personal data) - differentiating when software is malicious and when it’s not – sounds easy, in fact is hard since we lack a proper definition of “malicious” - [link]
- Do You Make Users Rotate Passwords? Well, Cut It Out. - article on whether to enforce regular password changes - [link]
- #BugBounty — How I was able to bypass firewall to get RCE and then went from server shell to get root user account! - enabled by Apache Struts2 - [link]
- NSA reveals how it beats 0-days - this is actually interesting: 24 hours max. after a vuln is published, it’s weaponized against the NSA, they say - phishing and unpatched servers are the main issues still - [link]
Outdoor
N/A