📚 tl;dr sec 57
* @emil_no 1 year with a private #bugbounty program
* @DanielMiessler Content Value Hierarchy
* @lancinimarco CloudSecDocs
* @signalapp New Group features
* @Doyensec Training course for building @Burp_Suite extensions
* and more! https://tldrsec.com/blog/tldr-sec-057/
[tl;dr sec] #57 - Bug Bounty Lessons Learned, Content Value Hierarchy, CloudSecDocs

1 year of a private bug bounty program, how to create high value content, and a great resource for cloud-native technologies.

https://tldrsec.com/blog/tldr-sec-057/
📱 Sponsor: @SecCodeWarrior is empowering developers to write secure code from the start with their hands-on training platform. Help stop vulnerable code before it happens.

Check them out: https://bit.ly/2Ib0KCg 
Free Yeti Tumbler When You Book A Demo

https://bit.ly/2Ib0KCg
@s1r1u5_ A client-side prototype pollution scanner #bugbountytips
https://github.com/msrkp/PPScan 

@Doyensec Free slides and code for their training on writing @Burp_Suite extensions https://github.com/doyensec/burpdeveltraining
doyensec/burpdeveltraining

Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation" - doyensec/burpdeveltraining

https://github.com/msrkp/PPScan
@lancinimarco CloudSecDocs: awesome collection of cloud-native notes & resources
https://cloudsecdocs.com/ 

@frichette_n Enumerate AWS API Permissions Without Logging to CloudTrail #redteam #Pentesting https://frichetten.com/blog/aws-api-enum-vuln/
Enumerate AWS API Permissions Without Logging to CloudTrail

Writeup for a bug I discovered in the AWS API that would allow you to enumerate certain permissions for a role without logging to CloudTrail.

https://cloudsecdocs.com/
@aantn The Difficulties of Tracking Running Processes on Linux
https://natanyellin.com/posts/tracking-running-processes-on-linux/

@brendangregg Awesome Linux tracing tools https://github.com/brendangregg/perf-tools
brendangregg/perf-tools

Performance analysis tools based on Linux perf_events (aka perf) and ftrace - brendangregg/perf-tools

https://natanyellin.com/posts/tracking-running-processes-on-linux/
@NSAGov Lists 25 CVEs actively being used by Chinese state actors
https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF

@GoSecure_Inc Python3 RDP MitM tool/library #redteam #Pentesting
https://github.com/GoSecure/pyrdp 

@dtmsecurity Compromise creds stored by thick clients in Vault https://www.mdsec.co.uk/2020/10/segmentation-vault/
Segmentation Vault: Cloning Thick Client Access - MDSec

Overview I started out this research having taken some inspiration from @buffaloverflow‘s Chlonium tool for easily exfiltrating and using a victim’s Chromium based web browser cookies. I was working...

https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF
You can follow @clintgibler.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cålculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more