Infosec Reading List - April 2017

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

Quotes from the Twitterverse

Desktop View

Desktop View

Desktop View


  • Cybersecurity is terrible, and will get worse. - Adi Shamir with fifteen predictions for 15 years - [link]
  • USENIX Enigma 2016 - NSA TAO Chief on Disrupting Nation State Hackers - [link]
  • The hackers trying to build a hack-proof operating system - [link]
  • We asked 86 burglars how they broke into homes - this is actually an interesting read although more focusing on layer 8 - [link]
  • The cost of launching a DDoS attack - a SLA that most enterprises can solely dream of – “The price may change if the resource has political status” - [link]
  • Publicly available PCAP files - great for research purposes - [link]
  • Security Engineering - Third Edition - The Book by Ross Anderson - [link]
  • Browsable content of eqgrp-auction-file.tar.xz - the Shadowbroker NSA leak - [link] - [link]
  • CVE-2017-2416 Remote code execution triggered by malformed GIF in ImageIO framework, affecting most iOS/macOS apps - [link]
  • Awesome Incident Response - A curated list of tools and resources for security incident response, aimed to help security analysts and DFIR teams. - [link]
  • Hardentools - utility that disables a number of risky Windows features - [link]
  • HITB Amsterdam 2017 Slides - [link]
  • The Doxing of Equation Group Hackers Raises Questions about the Legal Role of Nation-State Hackers - In other words, ShadowBrokers did something the Snowden releases and even WikiLeaks’ Vault 7 releases have avoided: revealing the people behind America’s state-sponsored hacking. - [link]
  • A quick analysis of the latest Shadow Brokers dump - [link]
  • Here’s where the Apple accounts hackers are threatening to wipe came from - as it tuned out it wasn’t the big story everybody was expecting - [link]
  • The story of getting SSH port 22 - [link]
  • Operational Signal - Using Signal pseudonymously - [link]
  • 12k$ for simple path traversal on - [link]
  • That sound you hear is Splunk leaking data - [link]
  • Internet Noise - Click this button, and your browser will start passively loading random sites in browser tabs. Leave it running to fill their databases with noise. Just quit your browser when you’re done. - [link]
  • TLS client fingerprinting with Bro - [link]
  • Hack LinkedIn to find who visits your website. - “You can leverage a LinkedIn CSRF weakness to know exactly WHO is visiting your website” - [link]
  • Black box discovery of memory corruption RCE on - [link]
  • Ok Google, Give Me All Your Internal DNS Information! - [link]
  • Dishwasher has directory traversal bug - this is not a joke - [link]
  • Wi-Fly? : Detecting Privacy Invasion Attacks by Consumer Drones - [pdf] - [link]
  • Car Hacking: The definitive source - Valasek’s and Miller’s total guide to car hacking - available for free - amazing source in case you are interested in car hacking fundamentals - [link]
  • Computer hack sets off 156 emergency sirens across Dallas - engineers needed to shut them down manually - [link]
  • Operation Cloud Hopper - [pdf] - [link]
  • The History of Fileless Malware – Looking Beyond the Buzzword - [link]


  • Live Happier: Four Lessons From Round-The-World Cyclist - [link]
  • New hiking route connects Los Angeles to 67 miles of backcountry bliss - called Backbone Trail, 108 km of total distance, GPS points available on the website, close to LA - [link]
  • Tested: Ultralight Anfibio ‘Alpha XC’ Packraft - 1,5 kg is an aggressive weight – direct link to the German shop - [link]
  • GPS Navigation with PDF Maps on Smartphones - works only in North America so I couldn’t test it on my own - [link]
  • Total Isolation - What isolation taught me about the need for others - “To be shown the true version of yourself without clouding the issue with other people’s opinions, is one of the most valuable lessons I’ve ever been given … We need a shift in consciousness and a reconnection to emotions and instinct to fix our increasingly fractured planet” - [link]
  • Water In The Desert? New Device Makes It Possible - “Pull clean drinking water out of thin air with the power of the sun. Researchers at MIT have made this dream concept a reality.” - not yet available for ordinary users unfortunately - [link]
  • For the first time on record, human-caused climate change has rerouted an entire river - [link]
  • The Secret to Happiness? Simplify. - [link]
This post is licensed under CC BY 4.0 by the author.