I read this last week: WC 29 October 2018

By | November 4, 2018

Here’s a few of the interesting and useful articles and tools that I’ve come across last week.

Articles and news:

30 years ago, the world’s first cyberattack set the stage for modern cybersecurity challenges

Back in November 1988, Robert Tappan Morris, was a 20-something graduate student at Cornell who wanted to know how big the internet was, so he wrote a program that would travel from computer to computer and ask each machine to send a signal back to a control server, which would keep count.


OSCP Journey: PWK/OSCP Review

Considering or currently undertaking OSCP?  This write up documents one pentester’s journey. Check out their follow up post that outlines the exam experience


How misconfigured API leaked private user information

A simple edit to a GET request allowed a user to view the sensitive information of other users


A very useful technique to bypass the CSRF protection 

Intercepting a POST request to bypass CSRF protection



Tools and tech:

Open redirect cheat sheet

Huge list of payloads to detect open redirects


How to proxy phone traffic via Burpsuite

Extremely useful when you’re testing a mobile app or site


Gitrob

Uncover interesting files in old commits; the new Gitrob drills deep into the commit history of a repository to surface files that might contain interesting or sensitive information.


Burp Hunter

This is a XSS Hunter client plugin for Burp to assist in blind XSS testing. It will perform injection replacements and record the requests at the specified XSS Hunter domain for correlation if the injection executes.


KisMac

Open Source Wireless Stumbling And Security Tool For Mac OS X