Infosec Reading List – April 2018

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports – but you will also find other recommendations from time to time.

All InfoSec Reading Lists can be found here.

Best of Twitterverse







  • Finding subdomains for open source intelligence and pentest – specifically using – link
  • Screwdriving. Locating and exploiting smart adult toys – IoT where the S stands for “security” – link
  • Python for pentesters, the practical versionlink
  • My $169 development Chromebooklink
  • Review: Purism Librem13 laptoplink
  • Breaking bad to make good: Firefox CVE-20177843link – doesn’t matter with Qubes Disposable VMs
  • Use PowerShell to Find the History of USB Flash Drive Usagelink
  • A bank statement for app activity (and thus personal data) – differentiating when software is malicious and when it’s not – sounds easy, in fact is hard since we lack a proper definition of “malicious” – link
  • Do You Make Users Rotate Passwords? Well, Cut It Out. – article on whether to enforce regular password changes – link
  • Considering an RSAC Expo booth? Our Experience, in 5,000 words or less – interesting read on the RSAC business model and beyond – link
  • #BugBounty  How I was able to bypass firewall to get RCE and then went from server shell to get root user account! – enabled by Apache Struts2 – link
  • NSA reveals how it beats 0-days – this is actually interesting – 24 hours max. after a vuln is publish, it’s weaponized against the NSA, they say – phishing and unpatched servers are the main issues still – also check out the Top 5 recommendations on – #1 establish a defendable perimeter, so the perimeter is dead, long live the perimeter – link

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s