Infosec Reading List - April 2018
On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.
Quotes from the Twitterverse
InfoSec
- OSINT: Finding Subdomains - specifically using findsubdomains.com - [link]
- Screwdriving. Locating and exploiting smart adult toys - IoT where the S stands for “security” - [link]
- Python for pentesters, the practical version - [link]
- My $169 development Chromebook - - [link]
- Review: Purism Librem13 laptop - - [link]
- I found a major flaw in Mozilla’s private browsing mode. - [link]
- Use PowerShell to Find the History of USB Flash Drive Usage - [link]
- A bank statement for app activity (and thus personal data) - differentiating when software is malicious and when it’s not – sounds easy, in fact is hard since we lack a proper definition of “malicious” - [link]
- Do You Make Users Rotate Passwords? Well, Cut It Out. - article on whether to enforce regular password changes - [link]
- #BugBounty — How I was able to bypass firewall to get RCE and then went from server shell to get root user account! - enabled by Apache Struts2 - [link]
- NSA reveals how it beats 0-days - this is actually interesting: 24 hours max. after a vuln is published, it’s weaponized against the NSA, they say - phishing and unpatched servers are the main issues still - [link]
Outdoor
N/A
This post is licensed under CC BY 4.0 by the author.