Infosec Reading List – June 2020

The road less travelled

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports.

All InfoSec Reading Lists can be found here.

Best of Twitterverse






  • Zero-day in Sign in with Apple “For this vulnerability, I was paid $100,000 by Apple under their Apple Security Bounty program.” – “I found I could request JWTs for any Email ID from Apple and when the signature of these tokens was verified using Apple’s public key, they showed as valid.”link
  • Blur tools for Signal“One immediate thing seems clear: 2020 is a pretty good year to cover your face.”link
  • Looking back at how Signal works, as the world moves forward“The only Signal user data we have, and the only data the US government obtained as a result, was the date of account creation and the date of last use not user messages, groups, contacts, profile information, or anything else.”“We do not believe that security and privacy are about “responsibly” managing your data under our control, but rather about keeping your data out of anyone else’s hands including our own.”link
  • Privilege Escalation in Google Cloud Platform’s OS Loginlink
  • Top #10 Vulnerabilities: Internal Infrastructure Pentestlink
  • How I made $31500 by submitting a bug to Facebooklink
  • Analysing the (Alleged) Minneapolis Police Department “Hack”“Thirdly, this is getting traction because emotions are high; public outrage is driving a desire for this to be true, even if it’s not.”link
  • Discord client turned into a password stealer by updated malwarelink
  • Pinebook Pro reviewa $200 FOSS-to-the-hilt magnesium-chassis laptoplink
  • Hidden Profits How Criminals are Using Cyber Attacks for Stock Market Gainlink
  • The A1 Telekom Austria Hack – they came in through the web shells“A1 confirmed the existence of webshells and the validity of the passwords, although they were old and most of them not used anymore.”link
  • Thai Database Leaks 8.3 Billion Internet Recordslink
  • Guy Who Reverse-Engineered TikTok Reveals The Scary Things He Learned, Advises People To Stay Away From Itlink
  • Promotions. The reward for good work is more work. link
  • Fixers Know What ‘Repairable’ MeansNow There’s a Standard for It“The problem is, industry won’t do this by itself. Managers get ahead by showing quarterly sales growth, not increased product lifespans.”link
  • What’s The Deal With Snap Packages?link
  • Hacking Starbucks and Accessing Nearly 100 Million Customer Records“By adding a the “$count” parameter from Microsoft Graph URL, we could determine that the service had nearly 100 million records. An attacker could steal this data by adding parameters like “$skip” and “$count” to enumerate all user accounts.”link
  • Report: Facebook Helped the FBI Exploit Vulnerability in a Secure Linux Distro for Child Predator Sting“But they did so quietly and without notifying the developers of Tails afterwards of the major security flaw, potentially violating security industry norms while handing over a surveillance backdoor to federal agents.” – “Facebook also never notified the Tails team of the flawbreaking with a long industry tradition of disclosure in which the relevant developers are notified of vulnerabilities in advance of them becoming public so they have a chance at implementing a fix.”link


  • Hikers Survive 19 Days Lost in New Zealand Bush link
  • Surviving the Desert: Pt 1 The approach: My strategies & fears – great article, the author uses the Monowalker in South America, very interesting for me to see it in use – link

One Comment on “Infosec Reading List – June 2020

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s