HacktivityCon 2021 talks are available.

How to Create a Better Infosec Resume (with jhaddix): This episode of Live Recon was not focused so much on the guest or doing any actual recon, but instead a workshop to help people with their resume. Whether you are a bug bounty hunter, someone with some IT or hacking.

Training XSS Muscles: XSS is all about practice. It requires a lot of time to print in the mind all vectors, payloads and tricks at our disposal. There are lots of XSS cases, each one requiring a different approach and construct to pop the alert box.

Prototype Pollution: An interesting vulnerability, either it is server-side or client-side. Based on the application logic, prototype pollution leads to other vulnerabilities.

Chasing a Dream - Pre-authenticated Remote Code Execution in Dedecms: a technical review of Dedecms (or “Chasing a Dream” CMS as translated to English) including its attack surface and how it differs from other applications.

PentesterLab: Five new videos are available in the RECON badge, RECON_16 to RECON_20.

Dalfox v.2.5.0 release: Improved scanning, mining, logger and output, silence mode (progress), structure of the document page, and add contents.

Cyber Detective added 45 new tools to OSINT collection: Now there are 550 of them (22 categories, 38 subcategories).

Bugcrowd platform behavior standards: These straightforward company standards define not only the platform operating principles but also the culture at Bugcrowd.

jwt-hack 1.1.0 released: Improved the functionality of jku x5u payload (custom trust, attack url can be use) * Support M1 Macbook.

BSides Ahmedabad 0x02 CFP is open: Share your dexterity with infosec community. CFP ends: 24 Oct, 2021.

reconFTW is hacktoberfest friendly: Help them to improve the tool and get awesome swag thanks to digitalocean and feel free to contribute any other open source project during the month.

shubs will talk at Jamf's conference: about "Avoiding blindspots securing your infrastructure" on October 22nd 10:30AM Pacific Time.

MorningStar: is on the Bugcrowd September Leaderboard. Congrats!

Nagli: Finished 7th on @Hacker0x01 Q3 Worldwide leaderboard and Bugcrowd top 100. Impressive!

iQimpz: got assigned CVE-2021-38870 for a stored XSS vulnerability they found during their internship at IBM. Awesome!

Floerer: won the "Hâckademic Award". Yay!

Marcus J Carey 10/1/2021 Cybersecurity Job Thread: Is your organization hiring cybersecurity peeps? Please reply with job links & information.

Tom Hirst on solopreneurship: They've done it for 12 years.

Apple's Incident Response team is hiring: in Sydney, London, and the US (Bay Area). Specific to the US role, looking for defenders with 2 - 5 years experience.

Multiple bugs allowed malicious Android Applications to takeover Facebook/Workplace accounts: These bugs could allow malicious actors who owns Android Applications installed in the victim device alongside Facebook owned Android Applications ( Workplace, Facebook, Messenger .. ) to steal a first-party access token and use it to takeover the user Facebook/Workplace account.

Shopify Multipass Misconfiguration: Shopify offers a functionality called Multipass Login, It basically redirects the users from the main website to the shopify store of that website and logs them in with the same email address they used to sign-up for in the original website.

Ping'ing XMLSec: Apache Santuario, commonly known as Apache XML Security, is a widely used library to handle XML Digital Signature and XML Encryption.

Burp Suite Professional: feature roundup: The modern web is an increasingly complex beast.

10 Types of Web Vulnerabilities that are Often Missed.

My-Nuclei-Templates: This repository contains the nuclei templates they use while hunting provided by the community.

nuclei-templates directory.

Awesome ICS/SCADA Writeups: A collection of writeups related to ICS/SCADA hacking.

Custom scripts for the PIPER Burp extensions: Centralize and share all my custom scripts to be used with the PIPER Burp extension.

SSRF (Server Side Request Forgery) testing resources.

Chapter 8 Securing Modern Applications and System - Alice and Bob Learn Application Security: Guests: Aaron Lord, Abhi Arora, Dominique Righetto (Technical editor of the book)

Launching an InfoSec Career: My six essential tips | Security Simplified: An answer to “how do I get into cybersecurity”?

Accidentally finding a $50,000 vulnerability - Augusto Zanellato - Bug Bounty Reports Discussed #2: This podcast is an interview with Augusto Zanellato, the hacker who submitted report with a GitHub rest API token leaked which had access to Shopify's Github account.

Intent Redirection (Access to Protected Components) | Android Pentesting: In this video we're gonna have a look at how intent redirection can lead to access of protected components.

How To Search For SSRF!: Learn how to find server-side request forgery (SSRF) vulnerabilities.

Podcast Setup Update (October 2021): Or as permanent as anything can be these days. This one is different because I’m in my permanent setup at the new place.

The Subtle Art of Not Giving a F*ck: There are only so many things we can give a f*ck about so we need to figure out which ones really matter, Manson makes clear.