I read this last week: WC 26 November 2018

By | November 26, 2018

Here’s a few of the interesting and useful articles and tools that I’ve come across last week (after a couple of weeks away on holiday)

Articles and news:

How Azure could be vulnerable to brute force and DOS attacks

One might presume that Azure Active Directory is secure, but is it?


Hacking team hacker Phineas Phisher has gotten away with it

Leaked court documents show that Italian authorities have no idea who hacked the government spyware maker Hacking Team.


DJI Drone vulnerability

In a recent investigation, Check Point Research discovered a vulnerability that, if exploited, would grant an attacker access to a user’s DJI account without the user being aware of it.


XS-searching Google’s bug tracker to find out vulnerable source code

Or how side-channel timing attacks aren’t that impractical


Patching is failing as a security paradigm

Many of the most damaging hacks in recent history were only possible because someone failed to update software



Tools and tech:

ASN Lookup

This tool will search an updated database for a specific organization’s ASN then use the latter to look up all IP addresses (IPv4 and IPv6) registered and owned by the organization.


Passhunt

Passhunt is a simple tool for searching of default credentials for network devices, web applications and more. Search through 523 vendors and their 2084 default passwords


TweetBeaver

TweetBeaver works at a granular level, digging out the information you need from your or any other public account.

TweetBeaver can gather data on any non-private account and returns most searches as a csv for easier filtering and analysis


Awesome BurpSuite extensions list

A curated list of amazingly awesome Burp Extensions


OSINT Stash

This is a curated collection of 90+ free Open Source intelligence tools