Big news this week was the F5 zero day, of course, but on the application side you should review the code for the exploit, which is public. I am not gonna link it here but y’all can google. DO NOT run this on your corporate machines, use your test box and a VM, and just look. Here is a link to the CVE:
Bestill my heart, an API driven HTTP server. Haven’t played with it yet but I looks super sexy.
Common thread on this newsletter – DNS is dangerous. Review your records.
Very nice collection of testing scripts – well worth the clone and the hour it takes to learn to use them. I’m integrating them into my test scenarios.
That’s the news, folks!