Big news this week was the F5 zero day, of course, but on the application side you should review the code for the exploit, which is public.  I am not gonna link it here but y’all can google.  DO NOT run this on your corporate machines, use your test box and a VM, and just look.  Here is a link to the CVE:

https://us-cert.cisa.gov/ncas/current-activity/2020/07/04/f5-releases-security-advisory-big-ip-tmui-rce-vulnerability-cve

Bestill my heart, an API driven HTTP server. Haven’t played with it yet but I looks super sexy.

https://httpie.org/

Common thread on this newsletter – DNS is dangerous.  Review your records.

https://www.theregister.com/2020/07/07/microsoft_azure_takeovers/

Very nice collection of testing scripts – well worth the clone and the hour it takes to learn to use them. I’m integrating them into my test scenarios.

https://github.com/wintrmvte/Citadel

That’s the news, folks!