Hackertips.today - Constantly learning and collaborating in an InfoSec world

Building Your InfoSec Resume? Here’s What You Should Know (and Learn): While reviewing over 30 job descriptions for penetration testing and cybersecurity roles, I compiled a list of the most frequently mentioned tools, technologies, and concepts that employers are looking for. If you're updating your resume or preparing for interviews, this list might help you focus your learning and training. * Important Note: Don’t just add these terms to your resume blindly. Take time to understand how the tools work — even if you haven't administered Tenable Nessus scan templates for two years, you can still download demos, watch tutorials, or run labs to get real experience and speak confidently about the technology. [*] Top Vulnerability Assessment / Pentesting Tools Burp Suite (Community or Enterprise) Tenable Nessus (Check their site — many products) Qualys Fortify on Demand (FoD) WebInspect Enterprise (WIE) Metasploit Nmap [*] Security-Focused Operating Systems Kali Linux Parrot OS Bac...

  Configuring Burp with mitmproxy /mitmweb as root create:  bu.py pip3 install mitmproxy # prereq #  bu.py   # forward_to_burp.py from mitmproxy import http def request(flow: http.HTTPFlow) -> None:     # Forward everything to Burp (localhost:8080)     flow.request.host = "127.0.0.1"     flow.request.port = 8080   Save file Assuming burp is listening on standard 8080. as root run: mitmweb --mode regular --listen-host 127.0.0.1 --listen-port 8888 -s ./bu.py   making sure bu.py is in same path. Burp:

 REPOST A Deep Dive into JS Trusted Types Violations In our previous blogpost, we provided a comprehensive overview of the Trusted Types (TT) rollout in AppSheet, highlighting the importance of this web security standard for mitigating Cross-Site Scripting (XSS) vulnerabilities. Now, we're ready to dive into the technical details of how we identified the root causes for TT violations. In particular, this blog post will detail the challenges we encountered with 2 flagship rollouts: Gmail and AppSheet. Since the rollout of Trusted Types in those products a year ago, we didn’t have a single DOM XSS reported in them. Both services presented us with unique obstacles during the Trusted Types rollout, yet they also shared common characteristics whose complexity we had to deal with (large codebase, diverse OSS and OSS legacy stack, …). The code was not written following Google standard practises so we could not use Google standard toolings. Therefore, we believe that our approach to these ...

content-security-policy: base-uri 'self'; connect-src 'self'; default-src 'none'; font-src https://fonts.googleapis.com https://fonts.gstatic.com; frame-ancestors https://*.google.com http://*.google.com https://*.proxy.preview.kintaro.goog http://*.proxy.preview.kintaro.goog http://*.c.googlers.com:8082 http://*.c.googlers.com:8080 http://localhost:8082 https://cloud.google.com https://*.proxy.googleprod.com https://*.proxy.googlers.com http://localhost:3000 https://workspace-staging-static-dot-gteam-gsuite-staging.appspot.com https://workspace-staging-static-dot-gteam-gsuite-staging.uc.r.appspot.com; frame-src https://www.google.com/; img-src 'self' https://www.google.com/favicon.ico https://www.gstatic.com/brandstudio/etochat/ https://gweb-eto-chatbot-staging.appspot.com.storage.googleapis.com/ https://ssl.gstatic.com/ ; media-src 'self';   Screenshot: Evaluate for localhost domains and related ports content-security-policy:   base-uri 'se...

  (() => {   const ArrayOfInterestingObjects = ['google', 'gapi', 'gadgets', 'ga'];   // Malicious payload to test prototype pollution   const maliciousPayload = JSON.parse('{"__proto__": {"polluted": "XSS!"}}');   const pollutionResults = [];   ArrayOfInterestingObjects.forEach((key) => {     const target = window[key];     if (!target) {       console.warn(`window.${key} does not exist.`);       pollutionResults.push({         key,         exists: false,         polluted: false,         reason: 'Object does not exist',       });       return;     }     console.log(`Inspecting window.${key}:`, target);     try {       Object.assign(target, maliciousPayload);       const wasPolluted = {}.polluted === 'XSS!';       pollut...