I read this last week: WC 3 December 2018

By | December 3, 2018

Here’s a few of the interesting and useful articles and tools that I’ve come across last week.

Articles and news:

Investigating eCommerce scammers on Amazon using OSINT

OSINT expert Jake Creps takes  deep dive into the OSINT tools available to identify fraudulent and scamming vendors on Amazon


Automation of parsing hundreds of declassified CIA documents to uncover coverterms

Using Python and NLP to scrape the really interesting data from over 90Gb of declassified CIA documents


Over half a billion Marriot/Starwod guest details breached over a 4 year period

US hotel chain Marriott has admitted that a breach of its Starwood subsidiary’s guest reservation network has exposed the entire database – all 500 million guest bookings over four years, making this one of the biggest hacks of an individual org ever.


Node module steals cryptocurrency

A npm package called event-stream which you probably didn’t use directly but which was a dependency of some popular packages (e.g. nodemon, copay-dash) had malicious code in it.


GCHQ and the NCSC publish the UK Equities Process

To disclose or not disclose, that is the question



Tools and tech:

Github recon resources

Tools and Dorks


Subdomain enumeration tools, wordlists and online DNS tools

This huge list has plenty that you’ve maybe not been aware of before


MassScan

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.


OSINT tools and resources

Fantastic one-stop-shop providing numerous links, tools, and inspiration


Extractor

Extractor is a Burp Suite tool that allows users to define one or more decode steps and automatically apply them to all requests and responses.