Here’s a few of the interesting and useful articles and tools that I’ve come across last week.
Articles and news:
Investigating eCommerce scammers on Amazon using OSINT
OSINT expert Jake Creps takes deep dive into the OSINT tools available to identify fraudulent and scamming vendors on Amazon
Automation of parsing hundreds of declassified CIA documents to uncover coverterms
Using Python and NLP to scrape the really interesting data from over 90Gb of declassified CIA documents
Over half a billion Marriot/Starwod guest details breached over a 4 year period
US hotel chain Marriott has admitted that a breach of its Starwood subsidiary’s guest reservation network has exposed the entire database – all 500 million guest bookings over four years, making this one of the biggest hacks of an individual org ever.
Node module steals cryptocurrency
A npm package called event-stream which you probably didn’t use directly but which was a dependency of some popular packages (e.g. nodemon, copay-dash) had malicious code in it.
GCHQ and the NCSC publish the UK Equities Process
To disclose or not disclose, that is the question
Tools and tech:
Tools and Dorks
Subdomain enumeration tools, wordlists and online DNS tools
This huge list has plenty that you’ve maybe not been aware of before
TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
Fantastic one-stop-shop providing numerous links, tools, and inspiration
Extractor is a Burp Suite tool that allows users to define one or more decode steps and automatically apply them to all requests and responses.