https://abs.twimg.com/emoji/v2/... draggable="false" alt="📚" title="Bücher" aria-label="Emoji: Bücher"> tl;dr sec 57
* @emil_no 1 year with a private #bugbounty program
* @DanielMiessler Content Value Hierarchy
* @lancinimarco CloudSecDocs
* @signalapp New Group features
* @Doyensec Training course for building @Burp_Suite extensions
* and more! https://tldrsec.com/blog/tldr-sec-057/">https://tldrsec.com/blog/tldr...

https://abs.twimg.com/emoji/v2/... draggable="false" alt="📢" title="Lautsprecheranlage" aria-label="Emoji: Lautsprecheranlage"> Sponsor: @SecCodeWarrior is empowering developers to write secure code from the start with their hands-on training platform. Help stop vulnerable code before it happens.

Check them out: https://bit.ly/2Ib0KCg ">https://bit.ly/2Ib0KCg&q...

@s1r1u5_ A client-side prototype pollution scanner #bugbountytips
https://github.com/msrkp/PPScan 

https://github.com/msrkp/PPS... href="https://twitter.com/Doyensec">@Doyensec Free slides and code for their training on writing @Burp_Suite extensions https://github.com/doyensec/burpdeveltraining">https://github.com/doyensec/...

doyensec/burpdeveltraining

Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation" - doyensec/burpdeveltraining

https://github.com/msrkp/PPScan

@lancinimarco CloudSecDocs: awesome collection of cloud-native notes & resources
https://cloudsecdocs.com/ 

https://cloudsecdocs.com/">... href="https://twitter.com/Frichette_n">@frichette_n Enumerate AWS API Permissions Without Logging to CloudTrail #redteam #Pentesting https://frichetten.com/blog/aws-api-enum-vuln/">https://frichetten.com/blog/aws-...

Enumerate AWS API Permissions Without Logging to CloudTrail

Writeup for a bug I discovered in the AWS API that would allow you to enumerate certain permissions for a role without logging to CloudTrail.

https://cloudsecdocs.com/

@aantn The Difficulties of Tracking Running Processes on Linux
https://natanyellin.com/posts/tracking-running-processes-on-linux/

https://natanyellin.com/posts/tra... href="https://twitter.com/brendangregg">@brendangregg Awesome Linux tracing tools https://github.com/brendangregg/perf-tools">https://github.com/brendangr...

brendangregg/perf-tools

Performance analysis tools based on Linux perf_events (aka perf) and ftrace - brendangregg/perf-tools

https://natanyellin.com/posts/tracking-running-processes-on-linux/

@NSAGov Lists 25 CVEs actively being used by Chinese state actors
https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF

https://media.defense.gov/2020/Oct/... href="https://twitter.com/GoSecure_Inc">@GoSecure_Inc Python3 RDP MitM tool/library #redteam #Pentesting
https://github.com/GoSecure/pyrdp 

https://github.com/GoSecure/... href="https://twitter.com/dtmsecurity">@dtmsecurity Compromise creds stored by thick clients in Vault https://www.mdsec.co.uk/2020/10/segmentation-vault/">https://www.mdsec.co.uk/2020/10/s...

Segmentation Vault: Cloning Thick Client Access - MDSec

Overview I started out this research having taken some inspiration from @buffaloverflow‘s Chlonium tool for easily exfiltrating and using a victim’s Chromium based web browser cookies. I was working...

https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF