Here’s a few of the interesting and useful articles and tools that I’ve come across last week.
Articles and news:
Inside the Magecart breach of British Airways: How 22 lines of code claimed 380,000 victims
A report by RiskIQ into the ba.com data breach
From OSINT to Internal: Gaining domain admin from outside the permiter
A write up of how initial OSINT gathered the right information that resulted in DA compromise.
Active directory penetration Dojo – Setup of AD Penetration Lab: Part 1
This series is for people who’ve used Windows but haven’t worked on Active Directory. This blog will be focusing primarily on understanding AD environment so that we can perform AD enumeration and simulate AD attacks as one would do when doing a Red Team Assessment
Open source intelligence tools and resources handbook
A huge list of OSINT resources.
Tools and tech:
Simple Bash Script To Take A Long List Of Domains And Return Only Ones With Webpages.
dirsearch is a simple command line tool designed to brute force directories and files in websites.
web-based tool to find subdomains. Useful for when you do not have access to your usual tools.
A low cost RFID Field Detector that can be used to identify the presence of an rfid field. You can easily identify the frequency and unknown reader is operating at.
A fast CORS misconfiguration vulnerabilities scanner