--
За что ты так с форензикой ?)
Вы эксперты вам виднее %)
Size: a a a
2020 February 11
👑
Универы
++
u
За что ты так с форензикой ?)
Тоже не понял, причём тут форензика
NK
Деанон от чуваков с канала in4security
https://graph.org/Kto-prodaet-bazu-Group-ib-02-11
https://graph.org/Kto-prodaet-bazu-Group-ib-02-11
P
суть статьи: яндекс - самый надежный деанонимайзер
P
особенно если у тебя десяток аккаунтов в соцсетях для поднятия бабла по "проверенным схемам"
m
суть статьи: яндекс - самый надежный деанонимайзер
Мораль сей басни такова- не экономь на левых симках,если задумал что-то не легальное:)
DI
а что за бот? Популярный у OSINT-исследователей Telegram-бот
GD
а что за бот? Популярный у OSINT-исследователей Telegram-бот
how to find
P
а что за бот? Популярный у OSINT-исследователей Telegram-бот
их буквально с десяток уже
P
HowToFind Russian Bot
NK
2020 February 12
V
Всем привет! В SoftSeq открыто 5 вакансий для appsec engineers, 4 из них в экспериментальном формате.
Оставляйте резюме на рабочем столе у hr@softseq.com , вылизывать их не обязательно, нам важны скилы а не бумажки. Ну и форвардните толковым знакомым, плес - много людей ищем же :)
Оставляйте резюме на рабочем столе у hr@softseq.com , вылизывать их не обязательно, нам важны скилы а не бумажки. Ну и форвардните толковым знакомым, плес - много людей ищем же :)
1. Application security engineer, up to $5000/month (negotiable), 40h/week, Kyiv—————————————————————
What to do?
- help design Secure SDLC in a mixed waterfall/agile environment (OWASP SAMM)
- hands-on perform specialist appsec processes in SDLC (design review, Java code review, testing, etc)
- help properly set up automation in CI/CD (so HP Fortify / HP WebInspect suck less)
- basic performance testing to ensure system's Availability (optional)
- lead an appsec team that will be built by you and around you
What to know?
- all parts of Secure SDLC - Governance, Design, Implementation, Verification, and Operations. Understand and communicate well the processes that minimize software vulnerabilities, be able to give specific examples and realistic how-to's
- web app security, in-depth and hands-on
- English - upper-upper-intermediate+ or advanced, customer team is all foreign
What's the project?
- multiple web apps, predominantly Java
- Saudi government agency - NOT defense/intelligence, public web apps
2.1. Application security engineer x2, $3000 guaranteed base + up to $3000 for utilization + bug bounties, 40h/week, Kyiv
2.2. Application security engineer x2, $2000 guaranteed base + up to $2000 for utilization + bug bounties, 40h/week, Kyiv
What to do?
- 20h/week guaranteed base - for a US insurance software company, perform hands-on specialist appsec processes in SDLC (design review, Java code review, testing, etc)
- 20h/week contract-dependent utilization - web and mobile app security audits for SoftSeq customers, sometimes IoT
What to do when there's no contract-dependent utilization (project gap)?
- CTF-team/hackaton-style organized pwning of bug-bounties - for PR (SoftSeq) and profit (all bounties are yours)
- Project Zero-style research of trending startups, popular apps, network and IoT devices, attack techniques, etc.
- developing PoCs of security tools/products that don't exist, but should
- obmazatsya with certifications
- +open to monetizable or commercially benefiting suggestions (1-day patch diffing, malware analysis, etc. - you name it)
What to know?
- web app security, in-depth and hands-on (must)
- Android/iOS reverse engineering (highly desirable)
- x86/ARM reverse engineering (desirable)
- languages - English and python, upper-intermediate/
У кого-то есть бот OSINT?
EP
Всем привет! В SoftSeq открыто 5 вакансий для appsec engineers, 4 из них в экспериментальном формате.
Оставляйте резюме на рабочем столе у hr@softseq.com , вылизывать их не обязательно, нам важны скилы а не бумажки. Ну и форвардните толковым знакомым, плес - много людей ищем же :)
Оставляйте резюме на рабочем столе у hr@softseq.com , вылизывать их не обязательно, нам важны скилы а не бумажки. Ну и форвардните толковым знакомым, плес - много людей ищем же :)
1. Application security engineer, up to $5000/month (negotiable), 40h/week, Kyiv—————————————————————
What to do?
- help design Secure SDLC in a mixed waterfall/agile environment (OWASP SAMM)
- hands-on perform specialist appsec processes in SDLC (design review, Java code review, testing, etc)
- help properly set up automation in CI/CD (so HP Fortify / HP WebInspect suck less)
- basic performance testing to ensure system's Availability (optional)
- lead an appsec team that will be built by you and around you
What to know?
- all parts of Secure SDLC - Governance, Design, Implementation, Verification, and Operations. Understand and communicate well the processes that minimize software vulnerabilities, be able to give specific examples and realistic how-to's
- web app security, in-depth and hands-on
- English - upper-upper-intermediate+ or advanced, customer team is all foreign
What's the project?
- multiple web apps, predominantly Java
- Saudi government agency - NOT defense/intelligence, public web apps
2.1. Application security engineer x2, $3000 guaranteed base + up to $3000 for utilization + bug bounties, 40h/week, Kyiv
2.2. Application security engineer x2, $2000 guaranteed base + up to $2000 for utilization + bug bounties, 40h/week, Kyiv
What to do?
- 20h/week guaranteed base - for a US insurance software company, perform hands-on specialist appsec processes in SDLC (design review, Java code review, testing, etc)
- 20h/week contract-dependent utilization - web and mobile app security audits for SoftSeq customers, sometimes IoT
What to do when there's no contract-dependent utilization (project gap)?
- CTF-team/hackaton-style organized pwning of bug-bounties - for PR (SoftSeq) and profit (all bounties are yours)
- Project Zero-style research of trending startups, popular apps, network and IoT devices, attack techniques, etc.
- developing PoCs of security tools/products that don't exist, but should
- obmazatsya with certifications
- +open to monetizable or commercially benefiting suggestions (1-day patch diffing, malware analysis, etc. - you name it)
What to know?
- web app security, in-depth and hands-on (must)
- Android/iOS reverse engineering (highly desirable)
- x86/ARM reverse engineering (desirable)
- languages - English and python, upper-intermediate++
NK
В списке проверенных качественных вакансий сегодня аппсек от SoftSeq. Детали:
Всем привет! В SoftSeq открыто 5 вакансий для appsec engineers, 4 из них в экспериментальном формате.
Оставляйте резюме на рабочем столе у hr@softseq.com , вылизывать их не обязательно, нам важны скилы а не бумажки. Ну и форвардните толковым знакомым, плес - много людей ищем же :)
1. Application security engineer, up to $5000/month (negotiable), 40h/week, Kyiv
What to do?
- help design Secure SDLC in a mixed waterfall/agile environment (OWASP SAMM)
- hands-on perform specialist appsec processes in SDLC (design review, Java code review, testing, etc)
- help properly set up automation in CI/CD (so HP Fortify / HP WebInspect suck less)
- basic performance testing to ensure system's Availability (optional)
- lead an appsec team that will be built by you and around you
What to know?
- all parts of Secure SDLC - Governance, Design, Implementation, Verification, and Operations. Understand and communicate well the processes that minimize software vulnerabilities, be able to give specific examples and realistic how-to's
- web app security, in-depth and hands-on
- English - upper-upper-intermediate+ or advanced, customer team is all foreign
What's the project?
- multiple web apps, predominantly Java
- Saudi government agency - NOT defense/intelligence, public web apps
—————————————————————
2.1. Application security engineer x2, $3000 guaranteed base + up to $3000 for utilization + bug bounties, 40h/week, Kyiv
2.2. Application security engineer x2, $2000 guaranteed base + up to $2000 for utilization + bug bounties, 40h/week, Kyiv
What to do?
- 20h/week guaranteed base - for a US insurance software company, perform hands-on specialist appsec processes in SDLC (design review, Java code review, testing, etc)
- 20h/week contract-dependent utilization - web and mobile app security audits for SoftSeq customers, sometimes IoT
What to do when there's no contract-dependent utilization (project gap)?
- CTF-team/hackaton-style organized pwning of bug-bounties - for PR (SoftSeq) and profit (all bounties are yours)
- Project Zero-style research of trending startups, popular apps, network and IoT devices, attack techniques, etc.
- developing PoCs of security tools/products that don't exist, but should
- obmazatsya with certifications
- +open to monetizable or commercially benefiting suggestions (1-day patch diffing, malware analysis, etc. - you name it)
What to know?
- web app security, in-depth and hands-on (must)
- Android/iOS reverse engineering (highly desirable)
- x86/ARM reverse engineering (desirable)
- languages - English and python, upper-intermediate
Всем привет! В SoftSeq открыто 5 вакансий для appsec engineers, 4 из них в экспериментальном формате.
Оставляйте резюме на рабочем столе у hr@softseq.com , вылизывать их не обязательно, нам важны скилы а не бумажки. Ну и форвардните толковым знакомым, плес - много людей ищем же :)
1. Application security engineer, up to $5000/month (negotiable), 40h/week, Kyiv
What to do?
- help design Secure SDLC in a mixed waterfall/agile environment (OWASP SAMM)
- hands-on perform specialist appsec processes in SDLC (design review, Java code review, testing, etc)
- help properly set up automation in CI/CD (so HP Fortify / HP WebInspect suck less)
- basic performance testing to ensure system's Availability (optional)
- lead an appsec team that will be built by you and around you
What to know?
- all parts of Secure SDLC - Governance, Design, Implementation, Verification, and Operations. Understand and communicate well the processes that minimize software vulnerabilities, be able to give specific examples and realistic how-to's
- web app security, in-depth and hands-on
- English - upper-upper-intermediate+ or advanced, customer team is all foreign
What's the project?
- multiple web apps, predominantly Java
- Saudi government agency - NOT defense/intelligence, public web apps
—————————————————————
2.1. Application security engineer x2, $3000 guaranteed base + up to $3000 for utilization + bug bounties, 40h/week, Kyiv
2.2. Application security engineer x2, $2000 guaranteed base + up to $2000 for utilization + bug bounties, 40h/week, Kyiv
What to do?
- 20h/week guaranteed base - for a US insurance software company, perform hands-on specialist appsec processes in SDLC (design review, Java code review, testing, etc)
- 20h/week contract-dependent utilization - web and mobile app security audits for SoftSeq customers, sometimes IoT
What to do when there's no contract-dependent utilization (project gap)?
- CTF-team/hackaton-style organized pwning of bug-bounties - for PR (SoftSeq) and profit (all bounties are yours)
- Project Zero-style research of trending startups, popular apps, network and IoT devices, attack techniques, etc.
- developing PoCs of security tools/products that don't exist, but should
- obmazatsya with certifications
- +open to monetizable or commercially benefiting suggestions (1-day patch diffing, malware analysis, etc. - you name it)
What to know?
- web app security, in-depth and hands-on (must)
- Android/iOS reverse engineering (highly desirable)
- x86/ARM reverse engineering (desirable)
- languages - English and python, upper-intermediate
DI
Я правильно зрозумів - коли сидиш на бенчі - їбаш багьаунті і піарь компанію?
V
Я правильно зрозумів - коли сидиш на бенчі - їбаш багьаунті і піарь компанію?
почти, это только как вариант.
полного бенча не будет, т.к. 20ч/неделю занятость постоянная, а остальные 20ч занимают приходящие проекты. либо, задачи интересные самому инженеру
идея в том, что когда есть работа на фул тайм - ебашим и хорошо зарабатываем, когда только 20ч, то получаем 2-3куе и пилим согласованные с компанией задачи по интересам
или поднимаем много килобаксов на баг баунти :) из опыта, работая в несколько рук и сгружая заметки в один котел, эффективность багханта куда выше. то, что для одного - минорная находка, для другого - зацепка к РЦЕ или к чему-то интересному - у всех же разный опыт и познания
полного бенча не будет, т.к. 20ч/неделю занятость постоянная, а остальные 20ч занимают приходящие проекты. либо, задачи интересные самому инженеру
идея в том, что когда есть работа на фул тайм - ебашим и хорошо зарабатываем, когда только 20ч, то получаем 2-3куе и пилим согласованные с компанией задачи по интересам
или поднимаем много килобаксов на баг баунти :) из опыта, работая в несколько рук и сгружая заметки в один котел, эффективность багханта куда выше. то, что для одного - минорная находка, для другого - зацепка к РЦЕ или к чему-то интересному - у всех же разный опыт и познания
ДЯ
Для начинающих было бы очень кстати.)
На stepik для основ от академии Яндекса, он староват но подойдёт для основ:)