Hacker News
- Reminder HN: Today DST Root CA X3 Expires (Letsencrypt) https://crt.sh/?id=8395 2 comments
- Symantec Issues Intermediate CA Certificate for Blue Coat Public Services https://crt.sh/?id=19538258 115 comments
- Watch LetsEncrypt issue its millionth certificate live http://crt.sh/?Identity=%25&iCAID=7395 29 comments
- remove ssl registration from public view https://crt.sh/ 5 comments selfhosted
- Creating an internal Certificate Authority in 2022 that is accepted by modern web browsers. https://crt.sh/lintcert 27 comments sysadmin
- Concurrent HTTP requests not releasing fast enough ("too many open files" dilemma) https://crt.sh 12 comments golang
- BlueCoat, a company that specializes in censorship, surveillance and internet infrastructure such as public/corporate wifi, has become a certificate authority, allowing it to initiate man-in-the-middle attacks without warning. https://crt.sh/?id=19538258 65 comments privacy
- Apparently BlueCoat is now a CA. Thanks Symantec/VeriSign, I can't wait to have my public wifi to be MitM'd... https://crt.sh/?id=19538258 250 comments netsec
- Let's Encrypt issues it's first 100k certificates https://crt.sh/?Identity=%25&iCAID=7395 35 comments sysadmin
Linking pages
- GitHub - trimstray/the-book-of-secret-knowledge: A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more. https://github.com/trimstray/the-book-of-secret-knowledge 274 comments
- How to mitigate the Hetzner/Linode XMPP.ru MitM interception incident https://www.devever.net/~hl/xmpp-incident 145 comments
- Early Impacts of Let's Encrypt • Insufficient.Coffee https://tacticalsecret.com/early-impacts-of-letsencrypt/ 94 comments
- A penetration tester’s guide to subdomain enumeration | by Bharath | Appsecco https://blog.appsecco.com/a-penetration-testers-guide-to-sub-domain-enumeration-7d842d5570f6 68 comments
- HTTPS in the real world | Robert Heaton https://robertheaton.com/2018/11/28/https-in-the-real-world/ 66 comments
- 3 Reasons Why You Shouldn't Use Public CAs for Internal Infrastructures. https://smallstep.com/blog/reasons-not-to-use-public-certificate-authorities/ 56 comments
- GitHub - blechschmidt/massdns: A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration) https://github.com/blechschmidt/massdns 53 comments
- GitHub - cipher387/osint_stuff_tool_collection: A collection of several hundred online tools for OSINT https://github.com/cipher387/osint_stuff_tool_collection 27 comments
- GitHub - smicallef/spiderfoot: SpiderFoot automates OSINT for threat intelligence and mapping your attack surface. https://github.com/smicallef/spiderfoot 26 comments
- Keyless signatures with Github Actions https://shibumi.dev/posts/keyless-signatures-with-github-actions/ 20 comments
- thc-tips-tricks-hacks-cheat-sheet/README.md at master · hackerschoice/thc-tips-tricks-hacks-cheat-sheet · GitHub https://github.com/hackerschoice/thc-1001-tips-and-tricks/blob/master/readme.md 17 comments
- OverEncrypt - paranoid HTTPS · GitHub https://gist.github.com/mapmeld/a9bcac46d1f486f81664814a799e5897 15 comments
- GitHub - gfek/Lepus: Subdomain finder https://github.com/gfek/Lepus 15 comments
- Security of Self-Hosted Devops Tools https://www.damow.net/security-of-self-hosted-devops-tools/ 13 comments
- GitHub - gnebbia/pdlist: A passive subdomain finder https://github.com/gnebbia/pdlist 13 comments
- GitHub - trimstray/the-book-of-secret-knowledge: A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more. https://github.com/trimstray/awesome-ninja-admins 10 comments
- GitHub - laramies/theHarvester: E-mails, subdomains and names Harvester - OSINT https://github.com/laramies/theHarvester 10 comments
- Security | TLS (aka SSL) - Docker Mailserver https://docker-mailserver.github.io/docker-mailserver/edge/config/security/ssl/#lets-encrypt-recommended 9 comments
- OSINT and the new perimeter. In this post I explore the uses and… | by Steve Micallef | Medium https://medium.com/@micallst/osint-and-the-new-perimeter-20d19361e18 7 comments
- GitHub - edoardottt/awesome-hacker-search-engines: A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more https://github.com/edoardottt/awesome-hacker-search-engines 4 comments