Summary: <p>Sorry the podcast is late this week - but it's all for good reasons! I'm busy as a bee doing a ton of pentesting so I have a smattering of random security stuff to share with you:</p> <h2>Mac High Sierra root bug</h2> <p>Did you hear about this? Basically anybody could log in as user <em>root</em> on your system without a password because...there isn't a password! Read the Twitter thread where I originally read the news <a href="https://twitter.com/lemiorhan/status/935578694541770752" rel="nofollow noreferrer noopener" target="_blank">here</a>, read about the root account madness <a href="https://www.theguardian.com/technology/2017/nov/29/macos-high-sierra-bug-apple-mac-unlock-blank-password-security-flaw" rel="nofollow noreferrer noopener" target="_blank">here</a>, and then read how the fix broke file sharing <a href="http://appleinsider.com/articles/17/11/29/apple-explains-how-to-fix-macos-high-sierra-file-sharing-after-security-update-breaks-feature" rel="nofollow noreferrer noopener" target="_blank">here</a>.</p> <h2>BPATTY ROCKS!</h2> <p>I tried to wiki-fy my <a href="https://github.com/braimee/bpatty" rel="nofollow noreferrer noopener" target="_blank">BPATTY</a> project to make it a bit easier to read, so head to <a href="http://bpatty.rocks" rel="nofollow noreferrer noopener" target="_blank">bpatty.rocks</a> and let me know what you think!</p> <h2>I'm BURPing a lot</h2> <p>I can't tell you how fun it has been to get back in the pentesting saddle and hack some Web sites these past few weeks. Here are a few tips/tricks others taught me that have helped me get back in the swing of things:</p> <ul> <li> <p>In Burp, state files are being depreciated in favor of project files. Read more <a href="https://portswigger.net/burp/help/suite_functions_savingstate" rel="nofollow noreferrer noopener" target="_blank">here</a></p> </li> <li> <p>For BApp extensions, here are a few that help you get the job done:</p> <ul> <li> <a href="https://github.com/h3xstream/burp-retire-js" rel="nofollow noreferrer noopener" target="_blank">retire.js</a> looks for old/outdated/vulnerable Javascript libraries</li> <li> <a href="https://portswigger.net/bappstore/c9fb79369b56407792a7104e3c4352fb" rel="nofollow noreferrer noopener" target="_blank">Software vulnerability scanner</a> helps you find vulnerable software, such as old versions of IIS</li> <li> <a href="https://github.com/JGillam/burp-co2" rel="nofollow noreferrer noopener" target="_blank">CO2</a> has a bunch of tricks up its sleeve - my favorite of which is helping you craft <em>sqlmap</em> commands with the right flags</li> </ul> </li> </ul><p>More on today's show!</p>
