Post

Infosec Reading List - March 2025

Posted
Preview Image
By Dominik Birk
4 min read

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

InfoSec

  • Everyone knows your location: tracking myself down through in-app ads - [link]
  • How does DeepSeek work: An inside look - [link]
  • An inside look at NSA (Equation Group) TTPs from China’s lense - My goal in writing this blog is simply to aggregate and share what Chinese sources are publishing about NSA’s cyber operations (APT-C-40) to see if I could learn any new detection techniques or offensive techniques to research for fun. - [link]
  • 8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur - The TL;DR is that this time, we ended up discovering ~150 Amazon S3 buckets that had previously been used across commercial and open source software products, governments, and infrastructure deployment/update pipelines - and then abandoned. - Our intent was twofold; Firstly, to get an idea of just how many people were requesting data from these previously abandoned S3 buckets, and, Secondly, what kind of data/files was requested from these previously abandoned S3 buckets. - [link]
  • Three questions about Apple, encryption, and the U.K. - [link]
  • Post Quantum Cryptography Migration: Time to Get Going - Various organizations will fundamentally struggle with this topic and I fully agree that it will take them years, if not decades even, to migrate. Reasons for this: too busy with keeping the current lights on, lack of strong asset inventory which includes reliable information on cryptographic algorithms in use, no sense of urgency etc. - [link]
  • PsExec’ing the right way and why zero trust is mandatory - In this blog post, we’ll have a glimpse at how PsExec.exe works, we’ll write a python script that allows us to act as a legitimate PsExec.exe client and finally, we’ll see why zero trust is a core requirement of cybersecurity. - [link]
  • Prompt Injection Tricks AI Into Downloading And Executing Malware Hackaday - [link]
  • France’s Encryption Crackdown: Backdoors & VPN Bans - The first contentious bill involves an amendment to France’s Narcotrafic law, requiring providers of encrypted communication services to furnish law enforcement with decrypted messages from suspects within 72 hours of a formal request. - [link]
  • Pegasus spyware infections found on several private sector phones - The fact that business executives are being targeted with Pegasus adds a new dimension to the spyware crisis. These executives have access to secret corporate plans, financial data and speak regularly with other influential private sector leaders doing sensitive work out of the public eye, including on deals that can move financial markets. - [link]
  • Microsoft says malvertising campaign impacted 1 million PCs - [link]
  • Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular Spying - [link]
  • Cybercrime: A Multifaceted National Security Threat - [link]
  • Dear Apple: add “Disappearing Messages” to iMessage right now - Sometimes I have to remind my colleagues that out in the real world, our job is not to solve exciting mathematical problems: it’s to help people communicate securely. - this is spot on and is a nice example of the centuries-old problem between academia and the real world. If academic results are not transferred back into the real world where they can create a positive impact on humanity, what‘s their value? - [link]
  • Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel - Bypassing 2FA:We tried the simplest thing that we could think of: removing the client-side overlay from the UI. - [link]
  • Apple’s Lockdown Mode is good for security — but its notifications are baffling - I, too, have personally heard some people in the offensive security industry complain about Lockdown Mode making their exploits more difficult. - [link]
  • Dutch parliament calls for end to dependence on US software companies - [link]
  • Career Development: What It Really Means to be a Manager, Director, or VP - [link]
  • Virtue or Vice? A First Look at Paragon’s Proliferating Spyware Operations - We analyzed the iPhone of an individual who worked closely with confirmed Android Paragon targets. This person received an Apple threat notification in November 2024, but no WhatsApp notification. Our analysis showed an attempt to infect the device with novel spyware in June 2024. We shared details with Apple, who confirmed they had patched the attack in iOS 18. - [link]
infosec readinglist
This post is licensed under CC BY 4.0 by the author.