Here’s a few of the interesting and useful articles and tools that I’ve come across last week.
Articles and news:
I was recently looking at a desktop application of a large security firm which manages the security of various large buildings around the UK……
Bugs in 2 features enabled mass harvest of single sign on tokens
From the party that is pushing for back doors to encryption…
Cybersecurity researchers at ESET have unveiled what they claim to be the first-ever UEFI rootkit being used in the wild, allowing hackers to implant persistent malware on the targeted computers that could survive a complete hard-drive wipe
This tweet by @svblxyz highlights a google dork that exposes numerous .env files that are leaking credentials
Tools and tech:
This repo contains dumps of Hackerone and Bugcrowd scopes (i.e. the domains that are eligible for bug bounty reports)
Privilege escalation always comes down to proper enumeration. But to accomplish proper enumeration you need to know what to check and look for.
This is release two of three tools from Secarma’s talk “Hacking with git” which was delivered at Glasgow BSides in 2018.
Correlate data between domains, ips and email addresses, present it as a graph and store everything into Elasticsearch and JSON files.