Scott Mortimer @ScottMortimer@infosec.exchange

Setting up a flat-file CMS...quick poll, which one?

Top 30+ Best Blue Team Tools

A collection of best blue team tools to enrich your security toolkit. Discover different honeypots, incident response, threat hunting and other defensive tools.

https://securitytrails.com/blog/blue-team-tools

Being attacked by sources using Tor? Maintain your ACLs using this.

Tor Project’s Exit List Service

https://blog.torproject.org/changes-tor-exit-list-service

~Open Source Security Tool of the Day~

#osstotd

Sifter is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the 'blue' vulnerabilities within microsft and if unpatched, exploit them. It uses tools like blackwidow and konan for webdir enumeration and attack surface mapping rapidly using ASM.

https://github.com/s1l3nt78/sifter/

Cloudskew — Draw cloud architecture diagrams

Free AWS, Azure, GCP, Kubernetes Architecture Diagram Tool

https://www.cloudskew.com/

Microsoft quietly created a Windows 10 File Recovery tool, how to use

Microsoft has created a Windows 10 File Recovery Tool that recovers deleted files and forgot to tell anyone.

https://www.bleepingcomputer.com/news/microsoft/microsoft-quietly-created-a-windows-10-file-recovery-tool-how-to-use/

I definitely trust my DNS provider - NextDNS - more than my ISP. This is because I willfully chose them after doing research and I also pay for the service to support them and keep them providing me with the tools to filter out crap and transparently show me what is happening on my networks.

Encrypted DNS Query Transports and Their Trust Models – Asinine Tech

https://asininetech.com/2020/06/26/encrypted-dns-query-transports-and-their-trust-models/

The top 10 best hacking documentaries of all time

Popcorn and pwnage

https://portswigger.net/daily-swig/the-top-10-best-hacking-documentaries-of-all-time

Universal Plug and Pray is even more cringe-worthy than we thought

https://arstechnica.com/information-technology/2020/06/upnp-flaw-exposes-millions-of-network-devices-to-attacks-over-the-internet/

I will soon be studying for, and taking, the Certified Cloud Security Professional certification. Anybody have any good recommendations they could pass along?

https://www.isc2.org/Certifications/CCSP

~Open Source Security Tool of the Day~

#osstotd

TigerVNC is a high-performance, platform-neutral implementation of VNC (Virtual Network Computing), a client/server application that allows users to launch and interact with graphical applications on remote machines. TigerVNC also provides extensions for advanced authentication methods and TLS encryption.

https://tigervnc.org/

"It is unlikely that many people need to make such a printer accessible to everyone – these devices should be firewalled and/or have an authentication mechanism enabled."

Ya think??!! 🙄

Open IPP Report – Exposed Printer Devices on the Internet | The Shadowserver Foundation

https://www.shadowserver.org/news/open-ipp-report-exposed-printer-devices-on-the-internet/

Dungeon Scrawl

OLD SCHOOL MAPS IN MINUTES

Dungeon Scrawl is a mapping tool developed by Keir, aka @ProbableTrain. It aims to be an easy-to-grasp tool with a high skill ceiling, empowering artists by automatically taking care of the most time-consuming stuff

https://dungeonscrawl.com/

In bid to please users (READ: not get fined by the EU) Apple will now allow you to do what Android has been able to do since almost the beginning of the OS.

https://9to5mac.com/2020/06/22/ios-14-default-apps/