How a teenager hacked Uber: Going over what's currently known about the major Uber breach, and how the hacker was able to compromise their entire network in very little time. Uber security update.

Introducing - CloudFox: CloudFox helps you gain situational awareness in unfamiliar cloud environments. It’s a command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure.

Multiverse, not Metaverse: Generative AI lets us explore Many worlds owned by Nobodies, and this is fundamentally better than One world owned by Somebody.

The Last Algorithms Course You'll Need (Free): Welcome to a super fun, beginner-friendly data structures and algorithms course.

Challendar - Creating a Challenge for The Infosecurity Challenge 2022: Although spaceraccoon doesn't actively participate in CTFs, he enjoys creating CTF challenges as it forces him to learn by doing. Creating a good CTF challenge is an art, not a science. As the winner of last year’s $30k The InfoSecurity Challenge (TISC), he decided to contribute a challenge this year.

DalFox v2.8.1: DalFox is an powerful open source XSS scanning tool and parameter analyzer, utility.

GitLS v1.0.4: Enumerate git repository URL from list of URL / User / Org. Friendly to pipeline.

Chameleon v1.0.1: Chameleon provides better content discovery by using wappalyzer's set of technology fingerprints alongside custom wordlists tailored to each detected technologies.

Arjun v2.2.1: HTTP parameter discovery suite.

HackerOne's kicked off H13493: Keep an eye out for the leaderboard to follow along next week as they bring you the latest live from Barcelona.

Keep up with Intigriti’s events in September and October: Summer might be nearly over, but things are still hot around here. Between trade shows, community meetups, webinars, and talks, they have more than ten events in their calendar for September and October.

John Hammond completed another trip around the sun: Congrats!

TESS will be working as AppSec Researcher at Project Discovery: Let's go!

wcbowling found an impactful GitLab bug: Wow!

Alyssa bought an Airplane: Awesome!

Project Discovery is hiring: Senior Back End Developer (Golang) and Software Engineer (Backend / Go).

Technical leadership and glue work - Tanya Reilly | LeadDevNewYork (talk): Your job title says "software engineer", but you seem to spend most of your time in meetings. You'd like to have time to code, but nobody else is onboarding the junior engineers, updating the roadmap, etc.

How Primeagen Would Get His First Job If He Started Over: How do I know I am ready?

d0nut will be at TwitchCon this year: Anyone else going?

STÖK ️was a total mess last week: "Covid got me bad & I felt really sad. Lucky enough, I had friends, community, family & a employer that supported me. [...]"

Katie is going back to making weekly videos: What do you want to see?

Lupin attended Agarri's Mastering Burp Suite training: "[...] I thought I knew Burp after using it for 3 years, but Nicolas mind broke me several times those past days with awesome tips [...]"

dawgyg is 'officially' retiring hacking on Yahoo.

Corben and Shlibness gained access to data of 25,233 employees.

How to turn security research into profit - a CL.0 case study: Have you ever seen a promising hacking technique, only to try it out and struggle to find any vulnerable systems or non-duplicate findings?

What is prototype poisoning? Prototype mutation bugs explained: Prototype poisoning is when an object inherits a prototype from user input. It leads to input filter bypass, parameter injection and denial of service. Prototype mutation is a JavaScript feature that can be exploited by an attacker using a “proto” key in structured input.

Should You Delete Your Patreon Account After They Laid Off Their Entire Security Team?: The Internet learned that Patreon fired their entire security team, abruptly. We also learned that the primary motivation was outsourcing.

lil c is recovering from severe burnout: "If you’re in this field and feel like you have work/life balance, HOW do you keep up w all the demands of work and learning and still have time for yours?"

What are the best paying bug bounty programs out there? Inti asks.

iustin24's chameleon-wordlists: Chameleon Wordlists.

Awesome Password Cracking: A curated list of awesome tools, research, papers and other projects related to password cracking and password security.

Information and Cyber Security RSS/Atom Feeds: Phretor's very personal and opinionatedly organized infosec/cybersec sources in one OPML file.

Farah's Vegas vlog - Bug bash + DEFCON.

HackTheBox - StreamIO - Manually Enumerating MSSQL Databases, Attacking Active Directory, and LAPS.

Exploiting a File Upload Vulnerability - MetaCTF.

The Pivot - Rae Baker - Graphic Designer Turned Senior OSINT Analyst & Educator: After spending more than 15 years as a graphic designer, Rae Baker decided that it was time for a career change. Now, she is passionate about corporate reconnaissance as well as scam/fraud tracking and currently works as a Senior Open Source Intelligence Analyst for a large consulting firm.

How to Protect Your Crypto Assets From Thieves: Jack has talked to hackers, digital bank robbers, and law enforcement to learn how crypto thieves get away with millions.

Smashing Security #289 - Printer peeves, health data hangups, and Twitter tussles – with Rory Cellan-Jones: How could your inkjet printer finally help you make some money, why is it so hard to share our health data even if we want to, and what result do you want to see from the Elon Musk vs Twitter bunfight?

The Privacy, Security, & OSINT Show #278 - Breach Assumptions Offer Comfort: This week they explain how breach assumptions are vital for our online hygiene (while offering comfort when bad things happen), present a strategy for multiple Signal accounts, and provide several OSINT updates.

Malicious Life - Hacking Multi-Factor Authentication [ML B-side]: Multi-Factor Authentication (MFA) is usually considered a better solution for authentication than just using passwords. But Roger Grimes, a veteran security professional, and a Data-Driven Defense Evangelist claims that the sense of security current MFA solutions provides us - is false.