December 2016
Beginner
494 pages
12h 34m
English
Content preview from Network Security Assessment, 3rd Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Appendix B. Sources of Vulnerability Information
You can keep abreast of emerging threats and vulnerabilities via Twitter, bug trackers, and mailing lists to maintain a safe environment. In this appendix, I’ve assembled some short lists of sources that consultants and hackers use on a daily basis.
Twitter Accounts
Through observing Twitter, you can track significant emerging threats and security trends. The following handles provide particularly useful insight across many domains:
| @hdmoore | @thegrugq | @ivanristic | @halvarflake | @thezdi | @daniel_bilar | @shodanhq |
| @mdseclabs | @jduck | @exploitdb | @mattblaze | @taviso | @cyberwar | @haroonmeer |
| @dinodaizovi | @trailofbits | @hashbreaker | @jonoberheide | @subTee | @4Dgifts | @dlitchfield |
| @mikko | @mdowd | @carnal0wnage | @cBekrar | @jgrusko | @daveaitel | @sensepost |
Bug Trackers
The Google Project Zero team and ZDI operate publicly accessible bug trackers that detail upcoming disclosures and unpatched vulnerabilities, as follows:
Open projects including OpenSSL and the Linux kernel also run public bug trackers that reveal useful details of unpatched flaws. During testing, it is also worth reviewing release notes to understand known weaknesses in software packages.
Mailing Lists
The following mailing lists are used to discuss security vulnerabilities and issues:
Security Events and Conferences
The sites of popular security conventions ...