Here’s a few of the interesting and useful articles and tools that I’ve come across last week.
Articles and news:
Outlining the automated tools and process used to grab screenshots of Dark Web sites.
Caveat Emptor: Be very aware that blindly collecting screen grabs from Dark Web sites can expose you to content you would rather didn’t appear on your system, and be associated with you!
The law only applies to passwords that come pre-programmed into devices, but it’s still a step in the right direction.
Bug bounty is a great thing: Nearly 150 security vulnerabilities have been discovered in US Marine Corps websites and related services during a bug bounty challenge that saw ethical hackers awarded over $150,000.
The attacks aren’t new and Russia has long been suspected of launching them, but attribution by the UK government is a significant moment
Cisco released several security patches addressing 36 vulnerabilities on 3-4 October, three of which were rated “critical” and eight of which were rated “high” with some of the exploits allowing an attacker to take control of an affected system
Tools and tech:
EyeWitness is designed to take screenshots of websites, RDP services, and open VNC servers, provide some server header info, and identify default credentials if possible.
Hacker Andrea Fortuna’s list of essential NMAP commands
over 4500 Google dorks to improve your OSINT and vulnerability searching
NSE script using some well-known service to provide info on vulnerabilities