Infosec Reading List – April 2018
On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports – but you will also find other recommendations from time to time.
All InfoSec Reading Lists can be found here.
Best of Twitterverse
- Finding subdomains for open source intelligence and pentest – specifically using findsubdomains.com – link
- Screwdriving. Locating and exploiting smart adult toys – IoT where the S stands for “security” – link
- Python for pentesters, the practical version – link
- My $169 development Chromebook – link
- Review: Purism Librem13 laptop – link
- Breaking bad to make good: Firefox CVE-20177843 – link – doesn’t matter with Qubes Disposable VMs
- Use PowerShell to Find the History of USB Flash Drive Usage – link
- A bank statement for app activity (and thus personal data) – differentiating when software is malicious and when it’s not – sounds easy, in fact is hard since we lack a proper definition of “malicious” – link
- Do You Make Users Rotate Passwords? Well, Cut It Out. – article on whether to enforce regular password changes – link
- Considering an RSAC Expo booth? Our Experience, in 5,000 words or less – interesting read on the RSAC business model and beyond – link
- #BugBounty How I was able to bypass firewall to get RCE and then went from server shell to get root user account! – enabled by Apache Struts2 – link
- NSA reveals how it beats 0-days – this is actually interesting – 24 hours max. after a vuln is publish, it’s weaponized against the NSA, they say – phishing and unpatched servers are the main issues still – also check out the Top 5 recommendations on nsa.gov – #1 establish a defendable perimeter, so the perimeter is dead, long live the perimeter – link