by Bill Sempf
12. July 2020 12:13
Big news this week was the F5 zero day, of course, but on the application side you should review the code for the exploit, which is public. I am not gonna link it here but y'all can google. DO NOT run this on your corporate machines, use your test box and a VM, and just look. Here is a link to the CVE:
https://us-cert.cisa.gov/ncas/current-activity/2020/07/04/f5-releases-security-advisory-big-ip-tmui-rce-vulnerability-cve
Bestill my heart, an API driven HTTP server. Haven't played with it yet but I looks super sexy.
https://httpie.org/
Common thread on this newsletter - DNS is dangerous. Review your records.
https://www.theregister.com/2020/07/07/microsoft_azure_takeovers/
Very nice collection of testing scripts - well worth the clone and the hour it takes to learn to use them. I'm integrating them into my test scenarios.
https://github.com/wintrmvte/Citadel
That's the news, folks!
8913d770-46f8-463b-a3e7-088932a2b71b|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags: