This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.


I have been using Fastmail for years because they block this kind of tracking. Choose an email provider who takes user privacy seriously.

'Spy pixels in emails have become endemic'


I totally agree with this article and it's the reason why I will always prefer to learn by reading rather than video.

Text is the most efficient communication technology. By orders of magnitude. This blog post is likely to take perhaps 5000 bytes of storage, and could compress down to maybe 2000; by comparison the following 20-pixel-square image of the silhouette of a tweeting bird takes 4000 bytes:

graydon2 | always bet on text


Check your Chrome security

Every Google Chrome user should click this button now | ZDNet

Whether you're using Google Chrome on a Windows system or on a Mac, you should go find and click this button now.


The Best Chrome Extensions for OSINT Professionals, Researchers and Journalists in 2021–i-intelligence

An index of Chrome extensions to support research, intelligence and investigations.


Hope nobody is still using this

Google has forcibly uninstalled the immensely popular 'The Great Suspender' extension from Google Chrome and classified it as malware.


"This vulnerability allows a website to host malicious scripts that send a specially crafted response that bypasses the visitor's NAT firewall to access any TCP/UDP port on the visitor's internal network."

Google Chrome now blocks access to websites on an additional seven TCP ports to protect against the NAT Slipstreaming 2.0 vulnerability.


Herpaderping? I thought it was a typo at first. Learned something new today.

Microsoft Sysmon now detects malware process tampering attempts

Microsoft has released Sysmon 13 with a new security feature that detects if a process has been tampered using process hollowing or process herpaderping techniques.



Go directly to Jail
Do not pass GO,
Do not collect $200

SolarStorm Timeline: Details of the Software Supply-Chain Attack

The SolarStorm timeline summarized here is based on the information available to us and our direct experience defending against this threat.


Snyk to automatically check Docker Official Images for security problems | ZDNet

The lazy sysadmin's solution has been to grab container images for production without checking them for security holes. Synk and Docker are making sure those images are safe for use.



Baltimore students told to ditch Windows PCs after ransomware attack

Baltimore County Public Schools (BCPS) urged students and staff to stop using their school-issued Windows computers and only use Chromebooks and Google accounts following a ransomware attack that hit the district's network last Wednesday.


It's all about the Perfect Forward Secrecy.

What Is the Signal Encryption Protocol?

As the Signal protocol becomes the industry standard, it's worth understanding what sets it apart from other forms of end-to-end encrypted messaging.



A curated list of awesome Microsoft Azure Security tools, guides, blogs, and other resources. - kmcquade/awesome-azure-security


"Apple may run Linux in their cloud, but their laptops don't ;("

Linus Torvalds would like to use an M1 Mac for Linux, but....

Yes, Torvalds said he'd love to have one of the new M1-powered Apple laptops, but it won't run Linux and, in an exclusive interview he explains why getting Linux to run well on it isn't worth the trouble.


New browser; old problems

Abusive add-ons aren’t just a Chrome and Firefox problem. Now it’s Edge’s turn

Edge users take to social media to report their Web searches are being hijacked.


Introducing another free CA as an alternative to Let's Encrypt

Let's Encrypt is an amazing organisation doing an amazing thing by providing certificates at scale, for free. The problem though was that they were the only such organisation for a long time, but I'm glad to say that the ecosystem is changing. It's always a good idea to have another


Want to Encrypt All The Things? Firefox has you covered with HTTPS-Only Mode!

We are currently powering towards an encrypted Web and in recent years we've made tremendous progress on that journey. In the latest version of Firefox, a browser that's been at the forefront of the drive towards more encryption, we get a new "HTTPS-Only Mode" Goodbye plaintext trafficIf you're a security


Show older

Scott Mortimer's choices:

Infosec Exchange

A Mastodon instance for info/cyber security-minded people.