Cyber Security Round Up - July 15th, 23

Bug Hunting Methodology, IOT Hacking, Android Security, Shodan, SQLi Cheatsheet, Web3 OSINT, DomScan, Job Opportunities and more

We welcome you to Bi-Monthly newsletter by Hacklido to keep you updated with the latest Infosec trends around the globe.

⚡ Sponsored by - Your Sponsor Message Goes here! Reach us to talk about this more! Discord | Twitter | Telegram

---

📑 15 Blog Reads

1. Ultimate Roadmap to Get Started in Web-Penetration Testing!

2. Hacking The Hacker's (Part-1)

3. A Beginner's Guide to Wireless Hacking #4 | Hacking WPA

4. Python for Hackers #1 | SSH Bruteforcer using Asynchronous Programming

5. Persistence Techniques (Beginner to Advanced) For Windows - (Part-2)

6. How i got more than 100 vulnerabilities in just one site? (zseano-challenge)

7. Which Bug Hunting Methodology Should We Use?

8. Automating Reflected XSS Using XSScrapy

9. Python for Hackers #2 | FTP Bruteforcer using asynchronous Programming

10. IoT binary analysis & emulation part -1

11. Unleashing the Power of Red Teaming: Top Cybersecurity Software for Effective Vulnerability Assessment

12. Low Privilege User(Group Member) Can Delete whole group conversation

13. Exploring Metasploit: The Powerhouse of Penetration Testing

14. Cybersecurity 101

15. Android Security: Guide to Application Security

---

📹️ 6 Videos

1. Learn about Appsec Careers in 2023 by @TCMSecurityAcademy

2. Understand How Hackers Write Malware & Evade Antivirus (Nim) by @_JohnHammond

3. Watch The Power of Shodan: Leveraging Shodan for Critical Vulnerabilities by @NahamSec

4. Get familar with Cloud Hacking by @NetworkChuck

5. Learn the Secrets of an Android App Bug Hunter by @LiveOverflow

6. How to Write Great Bug Bounty Reports by @TCMSecurityAcademy

---

🧵 6 Twitter Threads

1. Top 4 SQL Injection Cheat-Sheets to help you bypass advanced WAFs! by @intigriti

2. Read how @mcipekci found out 4x SQLi recently on one of oldest

   SynackRedTeams targets.

3. Read how @rez0__ found a zero-click ATO and took over the Admin Service account of one of the largest SaaS providers in the world.

4. 13 infosec career hacks I wish I had known when I was getting started by @Matt Johansen

5. Cryptocurrency & NFT OSINT: Introduction to Web3/Ethereum Profiling & Deanonymization by @FuzzingLabs

6. Safely investigating a ransomware hosting site using Censys and GrabbrApp by @Matthew

---

📚 6 Recommended Reading

1. How to strengthen security in your CI/CD pipeline

2. Bug Bounty vs. CTF [Understanding Differences & Benefits]

3. How to Prevent Most Common Smart Contract Vulnerabilities

4. Session management security: Best practices for protecting user sessions

5. Advanced IOCs Collection with OSINT and Threat Intelligence Feeds

6. CVE-2023-36934 Analysis: MOVEit Transfer SQL Injection

---

⚒️ 2 Tools

1. DOMscan - A simple tool for finding DOM-based XSS vulnerabilities

2. CMSeek - A CMS detection and exploitation suite

---

🏴 3 Upcoming CTF Events

1. BDSec CTF 2023

   • Mode: Online

   • Date: 20th July 2023

   • Duration: 24 Hours

2. The Odyssey CTF

   • Mode: Online

   • Date: 21th July 2023

   • Duration: 48 Hours

3. TFC CTF 2023

   • Mode: Online

   • Date: 28th July 2023

   • Duration: 48 Hours

---

📰 News

1. Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices

2. Chinese hackers raided US government email accounts by exploiting Microsoft cloud bug

3. Windows Users Urged To Update As Microsoft Confirms New Zero-Day Exploits

4. Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware

---

💼 Jobs

1. Company - Dionach

   Role - Junior Cyber Security Consultant

   Location - United Kingdom (Remote)

   Click here to Apply

2. Company - Canva

   Role - Security Engineer - Incident Response

   Location - London, England (Hybrid)

   Click here to Apply

---

Without the sponsors and partners hacklido wouldn't be where it is now, So we would like to thank them.

Sponsors:

• Guided Hacking

Community Partners:

• Cyber Security News

• Ethical Hacking Tutorials

• Sysxplore

If you wish to Sponsor / Partner with hacklido and get benefitted? Reach out to us via Twitter or Discord and discuss with us!

---