Here’s a few of the interesting and useful articles and tools that I’ve come across last week.
Articles and news:
For at least three years, hackers have abused a zero-day in one of the most popular jQuery plugins to plant web shells and take over vulnerable web servers
Pivoting is a set of techniques used during red team/pentest engagements which make use of attacker-controlled hosts as logical network hops with the aim of amplifying network visibility.
The all powerful set of OSINT tools by Michael Bazzell receives an update
A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password
Tools and tech:
Gitleaks provides a way for you to find unencrypted secrets and other unwanted data types in git source code repositories.
Another tool that clones and scans repo’s for secrets.
A huge curated list of OSINT resources
Script to retrieve O365 information with valid credentials
ZeroBin.net is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.