Here’s a few of the interesting and useful articles and tools that I’ve come across last week.
Articles and news:
30 years ago, the world’s first cyberattack set the stage for modern cybersecurity challenges
Back in November 1988, Robert Tappan Morris, was a 20-something graduate student at Cornell who wanted to know how big the internet was, so he wrote a program that would travel from computer to computer and ask each machine to send a signal back to a control server, which would keep count.
Considering or currently undertaking OSCP? This write up documents one pentester’s journey. Check out their follow up post that outlines the exam experience
How misconfigured API leaked private user information
A simple edit to a GET request allowed a user to view the sensitive information of other users
A very useful technique to bypass the CSRF protection
Intercepting a POST request to bypass CSRF protection
Tools and tech:
Huge list of payloads to detect open redirects
How to proxy phone traffic via Burpsuite
Extremely useful when you’re testing a mobile app or site
Uncover interesting files in old commits; the new Gitrob drills deep into the commit history of a repository to surface files that might contain interesting or sensitive information.
This is a XSS Hunter client plugin for Burp to assist in blind XSS testing. It will perform injection replacements and record the requests at the specified XSS Hunter domain for correlation if the injection executes.
Open Source Wireless Stumbling And Security Tool For Mac OS X