The InfoSec community needs you (yes, you). Why you should be writing blogs, appearing on podcasts, and presenting at conferences… and how to get started! more

A three day course on Android Malware Analysis presented by Dartmouth and the Android security team. day 1 | day 2 | day 3

Hussein Daher talks about “Bug Bounty On Steroids” at BSides Ahmedabad 0x03. more

Yassine, the keynote speaker at BSides Ahmedabad 2022 talks about bug bounty hunter mindset. more | slides

Unleashing the power of CSS injection: The access key to an internal API. The vulnerability was a CSS injection flaw that could be exploited in the application’s PDF generator. more

Geekboy announced Nuclei Cloud, a SaaS platform built on the top of Project Discovery Nuclei open-source project to ease the automation experience at scale for everyone. more

gwen001/github-endpoints v1.2.2 - Find endpoints on GitHub. more

gwen001/github-search v2.0.1 - A collection of tools to perform searches on GitHub. more

ffuf v2.0 is out. There are two major features introduced with this release: scraper and FFUFHASH. more

In Hive Five 106 I shared the awesome Fearless CORS blog post. However, it was still being edited. Here’s the finished version of the blog post. more

The annual Women Cyberjutsu nominations are open. more

The defcon 31 Call for Policy Proposals is are open (due May 1). more

Sebastian Wieseler became a Senior Security Engineer. Congrats! more

TESS and team won Bugcrowd’s HackerCup2022. Let’s go! more

d0nut reached 20k followers on Twitter which means another challenge. Looking forward to it! more

Olivia announced that she joined a vulnerability research team, focusing on offensive security and open source software. Awesome! more

Meta’s bug bounty program is hiring for a analyst position. more

Jessica Crosby got laid off from Zoom and is looking for Offensive Application Security Engineer work. more

André is looking for a content creator who wants to join the mission of securing technology at Ethiack. more

Master Salary Negotiations with this Mind Map to showcase your contributions, achievements, outputs and strengths to demonstrate your value to your boss, and ultimately getting what you want. more

Here’s a bunch of helpful resources for finding a new job. more

Katie Paxton-Fear and Yassine join the HackerOne Hacker Advisory Board. more | tweet

shubs deeply appreciates all the people that he has had the chance to work with positively. more

Six2dez experiencing some firsts: landing in Helsinki, attending Disobey, giving a 4-hour workshop with joohoi, and more. more

Lilly looking further into permaculture. more

Reversing UK mobile rail tickets. What data is inside the barcode of a mobile ticket, and how do they work? more

Why are you getting indexed by crawlers. Addressing concerns over privacy and security, and offering solutions. more

Azuredly attacking Azure… For the second part in this attacking cloud series, they will attack AzureGoat which is an intentionally vulnerable Azure lab environment with multiple paths to privilege escalation. more

How Dawid and Klaudia made $120k bug bounty in a year with good automation. more

What hackers invest their bug bounty earnings in. more

What Should You Do After Recon?! One of the most popular questions Ben gets asked. more

RustCrypto/formats: Cryptography-related format encoders/decoders: DER, PEM, PKCS, PKIX. more

Hunter is a search engine for security researchers. more

Burp Suite Certified Practitioner Exam study notes. more

HackTheBox - Photobomb walkthrough (a ruby Sinatra Web App).more

Broken Access Control - Lab #3 User role controlled by request parameter. This lab has an admin panel at /admin, which identifies administrators using a forgeable cookie. more

How Hackers Run For The Money. more

Generating ETH from thin air. This video is an explanation of a vulnerability in Aurora’s Rainbow bridge. It could allow a malicious attacker to generate Ethereum from thin air. It was rewarded $1 mln bug bounty. more

Day[0] Binary Exploitation Podcast 186 - An XNU Exploit and a Chrome Heap Overflow. more

Day[0] Bug Bounty Podcast 185 - Facebook Account Takeovers and a vBulletin RCE. Is it possible to escalate a self-XSS into an account takeover? more

Risky Business #694 - Cleansing fire claims ESXi, GoAnywhere servers. more

Critical Thinking Bug Bounty Podcast Episode 6 - A sit down with mobile hacking legend Joel Margolis and get the scoop on his approach to popping bugs on Android. more

The Privacy, Security, & OSINT Show 289 - Combo Lists & Extreme Privacy Series. In this episode they discuss the risks (and benefits) of combo lists and introduce our new Extreme Privacy Series. more