Cyber Security Round Up - August 31st, 2023

Reverse Engineering, python for hackers, Blockchain security, Blind SSRF, Wireless Hacking, Account takeover, and more.

We welcome you to Bi-Monthly newsletter by Hacklido to keep you updated with the latest Infosec trends around the globe.

⚡ Sponsored by - Your Sponsor Message Goes here! Reach us to talk about this more! Discord | Twitter | Telegram

---

📑 15 Blog Reads

1. Reverse Engineering — Analyzing Headers

2. Directory Traversal in Web App Penetration Testing | 2023

3. SQLi - US Gov Datadump

4. An In-Depth Technical Introduction to Ethereum

5. AWS S3 Bucket's & Object's Enumeration using Lambda

6. Python for Hackers #3 | Building Directory Buster using asynchronous programming

7. Beginner's Guide to Wireless Hacking #5 | Exploring Evil Twin Attacks

8. Securing the Blockchain: The Key to Protecting Digital Assets

9. Blockchain Explained In 3 Minutes

10. How can I (Account-Take-Over) any Account?

11. Blind SSRF - The Tray

12. Privileges Escalation Techniques (Basic to Advanced) for Windows - (Part-4)

13. Reflected XSS with event handlers and href attributes blocked - Portswigger Academy Labs

14. Python for hackers #4 | Building Arp Spoofing/Posioning Script

15. Demystifying Cyber Threat Intelligence: A Comprehensive Guide for Beginners

---

📹️ 5 Videos

1. Learn how to Exploit Blind SSRF with Out-of-Band Detection by @TCMSecurityAcademy

2. Learn about the AI Powered Wordlist // How To Bug Bounty by @NahamSec

3. Watch how I Zenbleed (CVE-2023-20593) by @LiveOverflow

4. Hacking your way into Metallica by @criticalthinkingpodcast

5. Watch how We Hacked An AWS Account. Again. by @_JohnHammond

---

🧵 5 Twitter Threads

1. 3 Labs to practice SQL Injections! by @intigriti

2. XSS vs DOM by @expankita

3. How I compromised some servers and downloaded source codes by @silentgh00st

4. SSRF vulnerabilities by @hacker_

5. Ever wondered how people pop arbitrary account takeover vulns? by @Rhynorater

---

📚 5 Recommended Reading

1. Understanding Syscalls: Direct, Indirect, and Cobalt Strike Implementation

2. A look at CVE-2023-29360, a beautiful logical LPE vuln

3. Exploring Vulnerability Classes in Single Sign-On (SSO) Implementation

4. CVE-2020-19909 IS EVERYTHING THAT IS WRONG WITH CVES

5. Living Off the Foreign Land - Part 1/3: Setup Linux VM for SOCKS routing

---

⚒️ 2 Tools

1. MSSqlPwne - An advanced tool to conduct comprehensive security assessments on MSSQL environments.

2. AD_Enumeration_Hunt - This tool can be used for Active Directory (AD) penetration testing and security assessment.

---

🏴 3 Upcoming CTF Events

1. WACON 2023 Prequal

   • Mode: Online

   • Date: 02nd September 2023

   • Duration: 24 Hours

2. HITCON CTF 2023 Quals

   • Mode: Online

   • Date: 8th September 2023

   • Duration: 48 Hours

3. Cyber Heroines CTF

   • Mode: Online

   • Date: 8th September 2023

   • Duration: 48 Hours

---

📰 News

1. krebsonsecurity.com: Kroll Employee SIM-Swapped for Crypto Investor Data

2. More than 1,000 federal system flaws fixed via CISA's bug reporting platform

3. Developers Beware: Malicious Rust Libraries Caught Transmitting OS Info to Telegram Channel

---

💼 Jobs

1. Company - Avertium

   Role - Penetration Tester

   Location - United States (Remote)

   Click here to Apply

2. Company - Foresiet

   Role - Dark Web Research Specialist

   Location - India (Remote)

   Click here to Apply

---

Without the sponsors and partners hacklido wouldn't be where it is now, So we would like to thank them.

Sponsors:

• Your web links goes here!

Community Partners:

• Cyber Security News

• Ethical Hacking Tutorials

• Sysxplore

If you wish to Sponsor / Partner with hacklido and get benefitted? Reach out to us via Twitter or Discord and discuss with us!

---