I read this last week: WC 17 September 2018

By | September 17, 2018

Here’s a few of the interesting and useful articles and tools that I’ve come across last week.

Articles and news:

Basic penetration testing lab – 1

Setting up a penetration testing lab from scratch


Head in the clouds

A primer for cloud services, focusing on security issues related to storage and VM’s


List of InfoSec training resources

A Twitter thread by @da_667, listing a lot of InfoSec training resources


Safety in and around your hotel

Following the concerns that a large number of DefCon attendees had this year regarding the security of their hotel room, this article offers some useful tips, techniques and tools you can use to improve your safety when staying at a hotel.


The 7 main XSS cases everyone should know

When reading material on XSS subject we usually see the classical <script>alert(1)</script> as an demonstration of such vulnerability (PoC – Proof of Concept). While very true, it doesn’t go much beyond this, making the novice in this field to look for more in order to deal with real world scenarios.

So here are the 7 cases everyone should know to be able to exploit the vast majority of XSS flaws out there.



Tools and tech:

CheckUserNames

Useful for your OSINT; Check username usage across 170+ social networks.


FuzzDB

FuzzDB was created to increase the likelihood of causing and identifying conditions of security interest through dynamic application security testing. It’s the first and most comprehensive open dictionary of fault injection patterns, predictable resource locations, and regex for matching server responses.


JSON Beautifier

A Burp Suite plugin that makes JSON data easy to view in requests and responses


SleuthQL

SleuthQL is a python3 script for Burp Suite to identify parameters and values that contain SQL-like syntax. Once identified, SleuthQL will then insert SQLMap identifiers (*) into each parameter where the SQL-esque variables were identified.


DNS Trails

The World’s Largest Repository of historical DNS data

DNS archive with over 3.4 trillion historical dns records at your fingertips