On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports – but you will also find other recommendations from time to time.

All InfoSec Reading Lists can be found here.

Best of Twitterverse

InfoSec

• Finding subdomains for open source intelligence and pentest – specifically using findsubdomains.com – link
• Screwdriving. Locating and exploiting smart adult toys – IoT where the S stands for “security” – link
• Python for pentesters, the practical version – link
• My $169 development Chromebook – link
• Review: Purism Librem13 laptop – link
• Breaking bad to make good: Firefox CVE-20177843 – link – doesn’t matter with Qubes Disposable VMs
• Use PowerShell to Find the History of USB Flash Drive Usage – link
• A bank statement for app activity (and thus personal data) – differentiating when software is malicious and when it’s not – sounds easy, in fact is hard since we lack a proper definition of “malicious” – link
• Do You Make Users Rotate Passwords? Well, Cut It Out. – article on whether to enforce regular password changes – link
• Considering an RSAC Expo booth? Our Experience, in 5,000 words or less – interesting read on the RSAC business model and beyond – link
• #BugBounty  How I was able to bypass firewall to get RCE and then went from server shell to get root user account! – enabled by Apache Struts2 – link
• NSA reveals how it beats 0-days – this is actually interesting – 24 hours max. after a vuln is publish, it’s weaponized against the NSA, they say – phishing and unpatched servers are the main issues still – also check out the Top 5 recommendations on nsa.gov – #1 establish a defendable perimeter, so the perimeter is dead, long live the perimeter – link