There’s been a LOT of noise about this incident in the past day or two, the very definition of a cloud nightmare. Git/SVN & Project Management SaaS Code Spaces has been hacked and completely deleted by a hacker. It started off with a large scale DDoS attack (the likes of which Feedly and Evernote have […]
Social Engineering
A Story Of Social Engineering – How @N Lost His $50,000 Twitter Handle
So last week I read an interesting tale about social engineering on Medium, a story by a chap named Naoki Hiroshima and his Twitter handle, which was @N. Yes just one letter, a pretty rare and it seems valuable handle as he had offers of up to $50,000 for it. In the end though, someone […]
FoxOne Free OSINT Tool – Server Reconnaissance Scanner
FoxOne is a free OSINT tool, described by the author (th3j35t3r) as a Non-Invasive and Non-Detectable Server Reconnaissance Scanner. Bypassing API limitations and currently detecting 6500+ vulnerable server paths/files – without ever touching the target server. Very good for getting hold of intel on a given domain (example.com). The intel gained serves both as actionable […]
Social Engineering Vulnerability Evaluation and Recommendation Project
Social engineering has been around for tens of thousands of years so it is time we approach the topic in a professional manner. The Social Engineering Vulnerability Evaluation and Recommendation (SEVER) Project is one way to help penetration testers become more consistent. It is also intended to be the best way to teach novices about […]
VeriSign Demands The Power To Take Down Websites/Domains
I was scanning the news today, and nothing much was going on. There were some half-arsed stories about Anonymous and LulzSec – but nothing really worth writing about. And then, and then I spotted this, which quite frankly scares the shit out of me. As much as it may well have a use in law […]