Here’s a few of the interesting and useful articles and tools that I’ve come across last week (after a couple of weeks away on holiday)
Articles and news:
How Azure could be vulnerable to brute force and DOS attacks
One might presume that Azure Active Directory is secure, but is it?
Hacking team hacker Phineas Phisher has gotten away with it
Leaked court documents show that Italian authorities have no idea who hacked the government spyware maker Hacking Team.
In a recent investigation, Check Point Research discovered a vulnerability that, if exploited, would grant an attacker access to a user’s DJI account without the user being aware of it.
XS-searching Google’s bug tracker to find out vulnerable source code
Or how side-channel timing attacks aren’t that impractical
Patching is failing as a security paradigm
Many of the most damaging hacks in recent history were only possible because someone failed to update software
Tools and tech:
This tool will search an updated database for a specific organization’s ASN then use the latter to look up all IP addresses (IPv4 and IPv6) registered and owned by the organization.
Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords
TweetBeaver works at a granular level, digging out the information you need from your or any other public account.
TweetBeaver can gather data on any non-private account and returns most searches as a csv for easier filtering and analysis
Awesome BurpSuite extensions list
A curated list of amazingly awesome Burp Extensions
This is a curated collection of 90+ free Open Source intelligence tools