Scott Mortimer :mastodon:
Information Security geek, Old School RPG nerd, and wannabe fiction writer.
NOTE: I don't accept follow requests from accounts that are likely to be bots/trolls.
Information Security geek, Old School RPG nerd, and wannabe fiction writer.
NOTE: I don't accept follow requests from accounts that are likely to be bots/trolls.
Very interesting advisory showing the TTPs of a real-world espionage campaign.
https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF
~Open Source Security Tool of the Day~
Sniffnet
Application to comfortably monitor your network traffic
Multithreaded, cross-platform, reliable
Just realized that yesterday was the anniversary of me joining infosec.exchange.
My how time flies ⌛🪰🪰
Cloud Security Atlas -- a searchable database of real-world attacks, vulnerabilities, and misconfigurations designed to help you understand and remediate risk in cloud environments. You can search and filter on your cloud provider platform, risk type, and sort by impact, exploitability, and recency.
~Open Source Security Tool of the Day~
Offensive AI Compilation
A curated list of useful resources that cover Offensive AI.
Whether you use a PiHole, NextDNS, or some other DNS-based security solution (and you really should), it is important to curate some of the best blocklists for your use. Here is a good guide about doing just that.
One of the best simple and well thought-out home network security guides that I have come across to date.
Glad to see that the folks at Bitwarden are still doing a bang-up job. Now let's hope that their DevOps team aren't running unpatched version of Plex on their dev boxes.
- - Looking at you LastPass 🧐 --
Are you using a secure password manager? Find out why Bitwarden passed its annual audit with flying colors - gHacks Tech News https://www.ghacks.net/2023/03/02/bitwarden-passes-third-annual-security-audit-with-flying-colors/
>Bitwarden, maker of the password management solution, has published the results of two third-party security audits.
~Open Source Security Tool of the Day~
BBOT
BBOT is a recursive, modular OSINT framework inspired by Spiderfoot and written in Python.
Capable of executing the entire OSINT process in a single command, BBOT does subdomain enumeration, port scanning, web screenshots (with its gowitness module), vulnerability scanning (with nuclei), and much more.
BBOT currently has over 70 modules and counting.
Awesome Docker Compose Examples
Various Docker Compose examples of selfhosted FOSS and proprietary projects.
~Open Source Security Tool of the Day~
Faraday
### Open Source Vulnerability Manager
Security has two difficult tasks: designing smart ways of getting new information, and keeping track of findings to improve remediation efforts. With Faraday, you may focus on discovering vulnerabilities while we help you with the rest. Just use it in your terminal and get your work organized on the run. Faraday was made to let you take advantage of the available tools in the community in a truly multiuser way.
Faraday aggregates and normalizes the data you load, allowing exploring it into different visualizations that are useful to managers and analysts alike.
Consider swiching to KeyPassXC if you are concerned about this vulnerability.
KeePass Password Manager Vulnerability: Is Your Data at Risk? - gHacks Tech News https://www.ghacks.net/2023/02/01/keepass-password-manager-vulnerability-what-you-need-to-know/
>A disputed KeePass vulnerability was disclosed recently. It allows attackers with write access to export the entire password database.,
