Scott Mortimer :mastodon:​

Information Security geek, Old School RPG nerd, and wannabe fiction writer.

NOTE: I don't accept follow requests from accounts that are likely to be bots/trolls.

Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

Don't forget to check out his Awesome adblock list

coryd.dev/posts/2023/i-block-a

4 days ago
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

Very interesting advisory showing the TTPs of a real-world espionage campaign.

media.defense.gov/2023/May/24/

5 days ago
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

~Open Source Security Tool of the Day~

Sniffnet

Application to comfortably monitor your network traffic
Multithreaded, cross-platform, reliable

github.com/GyulyVGC/sniffnet

May 20, 2023
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

Just realized that yesterday was the anniversary of me joining infosec.exchange.

My how time flies ⌛​🪰🪰

May 04, 2023
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange
May 04, 2023
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

How to Yubikey: a configuration cheatsheet

debugging.works/blog/yubikey-c

April 20, 2023
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

Cloud Security Atlas -- a searchable database of real-world attacks, vulnerabilities, and misconfigurations designed to help you understand and remediate risk in cloud environments. You can search and filter on your cloud provider platform, risk type, and sort by impact, exploitability, and recency.

securitylabs.datadoghq.com/clo

April 07, 2023
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

~Open Source Security Tool of the Day~

Offensive AI Compilation

A curated list of useful resources that cover Offensive AI.

github.com/jiep/offensive-ai-c

March 21, 2023
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

Whether you use a PiHole, NextDNS, or some other DNS-based security solution (and you really should), it is important to curate some of the best blocklists for your use. Here is a good guide about doing just that.

avoidthehack.com/best-pihole-b

March 18, 2023
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

One of the best simple and well thought-out home network security guides that I have come across to date.

media.defense.gov/2023/Feb/22/

March 09, 2023
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

Glad to see that the folks at Bitwarden are still doing a bang-up job. Now let's hope that their DevOps team aren't running unpatched version of Plex on their dev boxes.

- - Looking at you LastPass 🧐 --

Are you using a secure password manager? Find out why Bitwarden passed its annual audit with flying colors - gHacks Tech News ghacks.net/2023/03/02/bitwarde
>Bitwarden, maker of the password management solution, has published the results of two third-party security audits.

March 09, 2023
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

~Open Source Security Tool of the Day~

BBOT

BBOT is a recursive, modular OSINT framework inspired by Spiderfoot and written in Python.
Capable of executing the entire OSINT process in a single command, BBOT does subdomain enumeration, port scanning, web screenshots (with its gowitness module), vulnerability scanning (with nuclei), and much more.

BBOT currently has over 70 modules and counting.

github.com/blacklanternsecurit

March 07, 2023
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

Awesome Docker Compose Examples

Various Docker Compose examples of selfhosted FOSS and proprietary projects.

github.com/Haxxnet/Compose-Exa

March 04, 2023
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

~Open Source Security Tool of the Day~

Faraday

### Open Source Vulnerability Manager

Security has two difficult tasks: designing smart ways of getting new information, and keeping track of findings to improve remediation efforts. With Faraday, you may focus on discovering vulnerabilities while we help you with the rest. Just use it in your terminal and get your work organized on the run. Faraday was made to let you take advantage of the available tools in the community in a truly multiuser way.

Faraday aggregates and normalizes the data you load, allowing exploring it into different visualizations that are useful to managers and analysts alike.

github.com/infobyte/faraday

March 01, 2023
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange
February 24, 2023
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

This is most of the online infosec influencer-sphere these days

twitter.com/i/status/162336922

February 23, 2023
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

Open Software Supply Chain
Attack Reference (OSC&R)

pbom.dev

February 16, 2023
Scott Mortimer :mastodon:​
ScottMortimer@infosec.exchange

Consider swiching to KeyPassXC if you are concerned about this vulnerability.

KeePass Password Manager Vulnerability: Is Your Data at Risk? - gHacks Tech News ghacks.net/2023/02/01/keepass-
>A disputed KeePass vulnerability was disclosed recently. It allows attackers with write access to export the entire password database.,

February 02, 2023