Quick Analysis for the SSID Format String Bug: Days ago a twitter post revealed a bug in iOS Wi-Fi service: @vm_call: After joining their personal WiFi with the SSID “%p%s%s%s%s%n”, their iPhone permanently disabled it’s WiFi functionality.

Security Research Device Cohort – 2021: The Security Research Device Cohort (SRD Cohort) operates a Private Slack Channel, Build Infrastructure and provides Code Examples, Cryptex Examples, Loaner Gear and more to increase engagement with the SRD.

codingo_ Shares His Recon Approach Using SecurityTrails, FDNS, Whoxy and more!: Every hacker has a different approach when it comes down to Recon. Check out Codingo's recon methodology using tools like SecurityTrails, FDNS, Whoxy, and more!

Live GitLab Ask a Hacker with Bug Bounty Hunter (vakzz) William Bowling (Public): William is a full time Software Developer and long-time CTF player, based out of Australia, who recently started trying his hand at Bug Bounties in his free time. When not hacking, he likes to go walking with the family and playing little known sports such as underwater hockey.

iOS App Testing Through Burp on Corellium: In recent weeks defparam had an itch to take another look at mobile testing. The last time they looked at mobile testing most of their environment revolved around applications developed for Android.

Dalfox 2.4.0: New payload mode, remote assets, headless browser, bug fixes, and more.

Release InjuredAndroid 1.0.11: Added flag eighteen! This flag is all about File Providers. The intended solution is meant to be difficult, you'll need to leverage another Android application to access internal directories.

Findomain - Introducing Smart Nuclei Alerts (SNA): Implemented a feature that will allow users of the Special and Corporative plans of our platform to receive the vulnerabilities found by Nuclei before anyone else, the feature will be called Smart Nuclei Alerts (SNA).

Okta (virtual) Bug Bash: 2021!: Ever wanted to participate in a Bug Bash, but never got an invite or didn't know how to get on the list? Now's your chance!

Limited edition - 250 pairs STÖK glasses: Release date - 29th of June Price - $60/pair International shipping.

Nicolas Grégoire Burp training: Update on my trainings for Q3/Q4 2021. Out of the 12 seats available for each session, here's what is left: - September French UTC+2: 1 seat - September English UTC+2: 6 seats - October English UTC-4: 5 seats - December English UTC+1: 3 seats.

Josh Christ Memorial Fund: Josh Christ passed away on Monday, June 14 2021 due to complications of Leukemia. Josh was one of the most genuine people anyone could hope to meet. He was very down-to-earth and was very honest with himself and others.

ho • no • ki: reported their first subdomain takeover since starting bug bounty hunting ~3 years ago. Let's go!

Ben Sadeghipour: will be the keynote speaker for this year’s Virtual Recon Village at DEF CON. Can't wait!

Tanner: getting that 'cache money' (credits d0nut). Congrats!

GodFather Orwa: reached their Bugcrowd bug bounty 2021 goals. Aamazing!

Cybersecurity Intern Thread: by Marcus J. Carey 6/15/2021 Edition.

Cybersecurity Jobs Thread: by Marcus J. Carey 6/15/2021 Edition.

Resume That Got Cybersecurity Meg Interviews at IBM X-Force, FireEye, & Cisco Talos + Tips!.

Hiring - Bugcrowd Head of Support.

Hiring - Security Engineer Oxide.

Unauthenticated Gitlab SSRF: Purpose of the CI Lint API is to validate CI/CD YAML configuration for Gitlab.

CVE-2021-31585: Accellion kiteworks - Web administrator to remote code execution: ZX Security performed security testing of Accellion’s kiteworks application.

CCC H1-CTF WRITE-UP: This write-up is co-written by Dexter0us and mass0ma.

Infosec Bugbounty AMA with Mikey.

How I Found A Vulnerability To Hack iCloud Accounts and How Apple Reacted To It: This article is about how they found a vulnerability on Apple forgot password endpoint that allowed them to takeover an iCloud account.

Can I Takeover DNS?: a list of DNS providers and how to claim (sub)domains via missing hosted zones.

LayersOfAwesome: A cold storage Ethereum wallet with a focus on security created using the web3j library.

Blind XSS : setup your self-hosted XSS Hunter with the PwnMachine: Blind XSS is a common vulnerability and can have a significant impact if it reaches internal environments (e.g. backend, internal support tickets).

ItIsMeCall911/Awesome-Telegram-OSINT.

Nightmare: an intro to binary exploitation / reverse engineering course based around ctf challenges.

Binary Exploitation Deep Dive: Return to LIBC (with Matt).

null Ahmedabad Meet 20 June 2021 Monthly Meet: Our most frequent event is the monthly meets where we meet, discuss, talk about security and CTFs(hands-on challenges).

$50,000 0-day RCE on Apple bug bounty program.

Hacker Heroes #1 - samengmg interview: a sit down with Samuel Eng (@samengmg) and they talk about his hacking career.

Bug Bounties Using only Burp & Browser - 30 DAY RESULTS (UNEXPECTED CLICKBAIT): RECON != EVERYTHING.

The three kinds of platforms [Amjad Masad, quoting Marc Andreesen].

True forensics uncovered SE01 E03: too close to home.

#47: "Keep calm, and try it on!" with Soundarya Ramakrishnan of Microsoft | Educative Sessions.