Cyber Security Round Up - June 15th, 23

XXE Attack, DVAPI, Cloud Security, Mobile Pentesting, Account Takeover, JWT, SSRF, Ethical Hacker Roadmap, Blind SQLi, Nuclei

We welcome you to Bi-Monthly newsletter by Hacklido to keep you updated with the latest Infosec trends around the globe.

---

📑 15 Blog Reads

1. A Comprehensive Guide to Protecting Your Applications from XXE Vulnerabilities | 2023

2. How can I (Account-Take-Over) any Account ?

3. Begin your cloud security journey: Solving Flaws.cloud Part-1

4. Begin your cloud security journey: Solving Flaws.cloud Part-2

5. All about XSS Cross Site Scripting -- Basic Knowledge

6. Web Poisoning: A Growing Threat to Online Security | 2023

7. How i was able to buy free Red Bull | Parameter Tampering

8. Analysis of Malicous APK using MobSF (Part 1)

9. Making Money with CVE-2023-25157

10. Linux for hackers - Part #3 | Logical Volume Management and Managing Basic Hardware devices

11. Linux for hackers - Part #4 | Network Scanning and Enumeration with Linux

12. Here is why CHAT-GPT is not going to take away your infosec-jobs

13. A Comparative Analysis of Vulnerability Assessment, Penetration Testing, and Red Team Engagement

14. Pentester’s Guide to Performing File Transfers

15. Directory Bruteforcing on Web Server | Automation with Bash Scripting

---

📹️ 6 Videos

1. Understand Account Takeover with 146 bug reports by @BugBountyReportsExplained

2. Learn Bug Bounty Hunting with These Resources by @InsiderPHD

3. 21 Sneaky Smart Contract Bugs by @0xOwenThurm

4. Watch Hacking With ChatGPT by @HackingSimplifiedAS

5. Watch the new video on How to Become an Ethical Hacker by @NahamSec

6. Learn Blind SQL Injection the easy way by @TCMSecurityAcademy

---

🧵 6 Twitter Threads

1. Understanding JSON Web Tokens By @Intigriti

2. Learn How to find 10x more domains with Subfinder By @AseemShrey

3. Master SSRF with these 15 resources By @Novasecio

4. Read about Some of the major vulnerabilities and related POCs By @AbhishekMeena

5. Increase Impact of No Rate Limiting By @Shubham_srt

6. Learn Automating JWT Attacks By @Intigriti

---

📚 6 Recommended Reads

1. Impact Of IoT And 5G On Web Application Security

2. Mobile Pentesting 101 - How to setup your IOS environment

3. Nuclei beyond HTTP: Using Nuclei to uncover vulnerabilities in raw TCP Connections, DNS, files and more!

4. Hacking EPP servers to take control of zones

5. Patch Diffing Progress MOVEIt Transfer RCE (CVE-2023-34362)

6. Bypassing CSP via DOM clobbering

---

🧰 2 Tools

1. Damn Vulnerable API - Practice API vulnerabilities according to the OWASP API Security Project 2023

2. Nbutools - A collection of tools for offensive security of NetBackup infrastructures

---

💻 3 Upcoming CTF Events

1. NahamCon CTF 2023

   • Mode: Online

   • Date: 15th June 2023

   • Duration: 48 Hours

2. BSides Indore CTF 2023

   • Mode: Online

   • Date: 16 June 2023

   • Duration: 24 Hours

3. Google Capture The Flag 2023

   • Mode: Online

   • Date: 23 June 2023

   • Duration: 48 Hours

---

📰 News

1. DDoS attack on Federal Administration: various Federal Administration websites and applications unavailable

2. New FortiOS RCE bug "may have been exploited" in attacks: CVE-2023-27997 | FortiOS SSL VPN vulnerability

3. Microsoft’s Azure portal down: Threat Actor claims of DDoS attack

---

💼 Jobs

1. Company - Applyboard

   Role - Application Security Specialist

   Location - Gurugram, Haryana, India (On-Site)

   Click here to Apply

2. Company - TIAA

   Role - Network Security Associate

   Location - Mumbai, India (On-Site)

   Click here to Apply

---

Without the sponsors and partners hacklido wouldn't be where it is now, So we would like to thank them.

Sponsors:

• Guided Hacking

Community Partners:

• Cyber Security News

• Ethical Hacking Tutorials

• Sysxplore

If you wish to Sponsor / Partner with hacklido and get benefited? Reach out to us via Twitter or Discord and discuss with us!

---