Пацаны, компания wallarm ищет пентестера веб-приложений на удалёнку.

https://forms.gle/pNDPpim76nS5W8xYA

Это мои старые друзья и я сам у них вырос.

Бумчик буйни не посоветует (наверное) 😁

AITHEON is looking for Security QA Engineer / White Hat Hacker 🔐

🗺 #Kyiv, Ukraine

Do you like to build robots? Do you enjoy programming cool products and projects? Do you want to work with artificial intelligence and help develop AI? WE DO ALL OF THESE!

Help us make a difference in the world.

We believe that people create businesses to share their passions with the world. Unfortunately, today’s business model is laden with back-end processes that are time consuming, complicated and require multiple systems; each to complete a different task. Passion is quickly displaced by the demands of daily operations.

Aitheon’s mission is to eliminate drudgery and make running a business fun by integrating AI and Robotics in a user-friendly way. With your help businesses can become automated in a single, simple platform.

Requirements:

- Security Engineer (Sec) is responsible for implementing web application security testing tools in QA & code releases. The Sec Engineer owns all penetration testing, DAST, SAST, tracks identified vulnerabilities & provides resolutions. Working across Product, Hardware, QA, etc. the Aitheon Security Engineer reviews product requirements and performs risk assessments on planned application changes.

- This role requires a highly collaborative approach paired with excellent communication skills to balance trade-offs, push back, and even negotiation to get things done. In addition to the day to day security testing, the Security Engineer plays a critical role in incident response and participates in an on-call rotation. This is where you come in...

- Over the past 3+ years of industry experience, you have developed a broad range of security-related skills, gained exposure to diverse application security frameworks, tools and methodologies while working in startups to midsize B2B SaaS companies.

- Experience in developing applications using Angular 7 or higher, or NodeJS and MongoDB, or С++ or Python programming & exposure to Burp Suite or similar automated web application security testing tools is vital as these are the core components in our tech stack. You keep up to date with web application security concepts, AWS best practices, have a working knowledge of securing containerized, serverless environments such as EKS, Kubernetes, Docker.

Would be a plus:

- It’s a major plus if you have spent time participating in bug bounty, ethical hacking, or contributing to other security-related research activities.

- You are highly collaborative to bridge the gaps between Engineering, Product, Security and the rest of the business to create a secure and stable network. You can balance between builder & breaker. Curiosity, patience, proactiveness & a learner’s mindset are at the core of your approach to reducing the threat landscape.

We offer:

- Salary range depending on performance (we are covering all tax expenses)
- Develop innovative, future-driven products in AI and Robotics and opportunity to develop hardware
- Paid sick leaves and vacation (24 days on a year)
- Personal development and professional growth (paid 50% cost of classes, workshops, certification)
- Sport activities inhouse
- Paid lunches
- Cozy office with good infrastructure
- Work in a friendly, truly inclusive team with a family-like feel
- Minimal hierarchy and direct communication with management team

👉 Click here to apply

Please, send your CV with the note "From CyberPeople Telegram channel". Good luck!

В Украине объявили месячник добровольной сдачи кибероружия. Присылайте всю свою малварь в соответствующие организации, сдавайте.
https://www.rnbo.gov.ua/ua/Diialnist/4710.html

В Житомире, на базе института открыли киберполигон. Надеемся не ядерный.

​​Бинарная эксплуатация: сложный путь

Я – новичок в области информационной безопасности, который хочет освоить ремесло поиска и эксплуатации уязвимостей в бинарных приложениях. Решил написать пару слов о том, как я планирую выстроить свой подход к обучению. Все написанное является лишь моим мнением и далеко не истинной в последней инстанции. Ввиду отсутствия опыта я не могу претендовать на какую-либо “экспертность”, если вас это не пугает и вам интересен свежий взгляд, то приятного чтения!

Читать статью; https://school.codeby.net/blog/15-binarnaya-ekspluatatsiya-slozhnyj-put.html

#binary

Книга How Computers Really Work

Стала доступна для покупки только что (и для скачивания в моем канале)!

Официальная инфа
Скачать (PDF)

Большое руководство для новичков по созданию шеллкодов на русском

[ПЕРЕВОД] Путь от проекта на Си и ассемблера, к шеллкоду

860 GB курсов. https://mega.nz/folder/ipkzVbxY#YmRFYvZeKEHl9SHz-eRQsQ

First Steps in Hyper-V Research от @AmarSaar

https://msrc-blog.microsoft.com/2018/12/10/first-steps-in-hyper-v-research

"Чувак, эта вечеринка отстой.
Я, бля, ненавижу этих людей." (с) Фанат

Есть целая категория игр которые ты играешь "спинным мозгом", на одних рефлексах
Рекомендую Dead Cells && Hotline Miami (1|2)

А сейчас - музыка!

12.00 - ukr music
13.30 - dubstep
15.00 - dnb
15.30 - rap
17.00 - syntwave
20.00 - dj stuff
22.00 - KICKASS SPECIAL

####### bit.ly/44WAVE ########

🙂🙂
На mc.today вышла статья о мне и компании “Hacken”.

#hacken #pr #mctoday

https://mc.today/vzlamyvayu-adminki-na-zakaz-poluchayu-do-5-tys-kak-ya-stal-belym-hakerom/

Найдено несколько уязвимостей в Jitsi Meet:

- Arbitrary Client Remote Code Execution (CVE-2020-27162)
- Limited Certificate Validation Bypass (CVE-2020-27161)

https://research.nccgroup.com/2020/10/23/technical-advisory-jitsi-meet-electron-arbitrary-client-remote-code-execution-cve-2020-27162/