#securityshorts #1
Bypassing AWS CloudTrail using
Ref: youtube.com/watch?v=YP2XNA…
#appsec #cloudsecurity #AWS #bugbounty

Trying something new!
#securityshorts , Each day, I'll break down complex security topics, articles, and videos into bite-sized insights for everyone to understand.
.
.
.
#appsec #Security #bugbounty

The team at OpenAI just fixed a critical account takeover vulnerability I reported few hours ago affecting #ChatGPT .

It was possible to takeover someone's account, view their chat history, and access their billing information without them ever realizing it.

Breakdown below 👇

5 key rules for entrepreneurs
1. Solve 1 big problem you’re passionate abt for a large user base
2. Focus & hyperscale; don’t get distracted by other good opportunities
3. Retention > acquisition; wrt users & employees
4. Monetise; value added > cost for users
5. Run a tight ship

The issue is not whether real money gaming should be taxed as it’s a form of gambling, but the issue is of policy inconsistency. First allow them to proliferate, create jobs & capital, then one fine day pull the plug. It took them

10 years to realise it’s not a game of skill?…

There is no magic formula for great company culture. The key is just to treat your staff how you would like to be treated ~ Richard Branson

🚨 ALERT: $20 million stolen from Revolut in a massive cyber attack. The organized criminal groups took advantage of a loophole, leading to significant financial losses:

Read: thehackernews.com/2023/07/hacker…

#cybersecurity #hacking

Added: Levo.ai Burp Integration

portswigger.net/bappstore/e177…

Improper access control on one of @Twitter's APIs has allowed the hackers to download ~200M Twitter users' email addresses and phone numbers, even if they opted to keep that info private. Link below

#apis #apis ecurity #twitter

We are building a Burp Suite extension to build OpenAPI Spec for all the APIs based on the Burp traffic.

5 mins, OpenApi specs for all the APIs that you're browsing. We'll even surface the PII and sensitive data details.

DM or email buchi at levo.ai to try it

This oneliner will update all of your local Github repos [Security Tools]. A real time saver.

find ~/Tools -name .git | sed -e 's/\.git//' | while read file; do git -C '$file' pull; done
.
.
#infosec #bugbountytip #AppSec

Give a central API catalog of all of your internal & external APIs to your developers in <1hr by leveraging Levo Inc

- One command installation
- 10 minutes to discover, generate OpenAPI Spec specs for all your APIs
- [Bonus] You'll also see the PII in APIs

Our team is super excited to be present NULLCON on Sep 9th and 10th.

Our founding security researcher Amit Dubey will be there. Feel free to connect to him to learn how Levo Inc can help you take your API Observability & Security to the next level

#cybersecurity #conference

Super excited to launch our GH action and Jenkins plugin.
- buff.ly/3A4hGl4
- buff.ly/3A4hGl4

Testing your APIs for security is easier than ever. Please check out.

#launchalert #newfeatures #CICD

Do you want to learn more about browser security?
Here's some reading material to get you started.

#infosec #bugbounty #bugbounty tips
github.com/cezary-sec/awe…

Hello everyone! Do you want to learn NoSQL injection in a hands-on way?

Here's another blog post about finding and exploiting NoSQL injection in crAPI.

levo.ai/crapi-nosql-in…

#nosql #infosec #owasp

In this post, we will demonstrate how to generate OpenAPI specs for your APIs using just an open-source tool. You can use Levo.ai to discover some unique and cool security vulnerabilities for free.
#security #infosec #apisecurity
levo.ai/specgeneration/

It's time to up our infosec shitposting game (listen with audio)

Had a blast meeting Levo Inc India team for the first time in person. Loved all the conversations, Go-Karting, bowling and all the fun. Much needed team bonding activities ✅✅

#TeamOuting #firsttime #remoteteams

1/n Hot out of the oven 🔥🔥❤️‍🔥

We just released our **automated AuthN and AuthZ security testing of APIs** feature.

This is a game-changer for all dev and security teams. Why? See 👇

#APISecurity #APIs #AuthN #AuthZ #authorization #Developers