Here’s a few of the interesting and useful articles and tools that I’ve come across last week.
Articles and news:
Dark Web Report + TorGhost + EyeWitness == Goodness
Outlining the automated tools and process used to grab screenshots of Dark Web sites.
Caveat Emptor: Be very aware that blindly collecting screen grabs from Dark Web sites can expose you to content you would rather didn’t appear on your system, and be associated with you!
California is making it illegal for devices to have lousy passwords
The law only applies to passwords that come pre-programmed into devices, but it’s still a step in the right direction.
Bug Bounty scheme uncovers 150 vulnerabilities in US Marine Corp websites
Bug bounty is a great thing: Nearly 150 security vulnerabilities have been discovered in US Marine Corps websites and related services during a bug bounty challenge that saw ethical hackers awarded over $150,000.
The UK blames Russia for 4 major cyber attacks
The attacks aren’t new and Russia has long been suspected of launching them, but attribution by the UK government is a significant moment
Cisco update addresses 36 vulnerabilities, 3 of them critical
Cisco released several security patches addressing 36 vulnerabilities on 3-4 October, three of which were rated “critical” and eight of which were rated “high” with some of the exploits allowing an attacker to take control of an affected system
Tools and tech:
EyeWitness is designed to take screenshots of websites, RDP services, and open VNC servers, provide some server header info, and identify default credentials if possible.
Hacker Andrea Fortuna’s list of essential NMAP commands
over 4500 Google dorks to improve your OSINT and vulnerability searching
LinkFinder is a python script written to discover endpoints and their parameters in JavaScript files. This way penetration testers and bug hunters are able to gather new, hidden endpoints on the websites they are testing.
NSE script using some well-known service to provide info on vulnerabilities