Here’s a few of the interesting and useful articles and tools that I’ve come across last week.
Articles and news:
Setting up a penetration testing lab from scratch
A primer for cloud services, focusing on security issues related to storage and VM’s
A Twitter thread by @da_667, listing a lot of InfoSec training resources
Following the concerns that a large number of DefCon attendees had this year regarding the security of their hotel room, this article offers some useful tips, techniques and tools you can use to improve your safety when staying at a hotel.
When reading material on XSS subject we usually see the classical <script>alert(1)</script> as an demonstration of such vulnerability (PoC – Proof of Concept). While very true, it doesn’t go much beyond this, making the novice in this field to look for more in order to deal with real world scenarios.
So here are the 7 cases everyone should know to be able to exploit the vast majority of XSS flaws out there.
Tools and tech:
Useful for your OSINT; Check username usage across 170+ social networks.
FuzzDB was created to increase the likelihood of causing and identifying conditions of security interest through dynamic application security testing. It’s the first and most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses.
A Burp Suite plugin that makes JSON data easy to view in requests and responses
SleuthQL is a python3 script for Burp Suite to identify parameters and values that contain SQL-like syntax. Once identified, SleuthQL will then insert SQLMap identifiers (*) into each parameter where the SQL-esque variables were identified.
The World’s Largest Repository of historical DNS data
DNS archive with over 3.4 trillion historical dns records at your fingertips