👩💻$40,000 Bounty, Authentication Bypass Techniques, Cache Poisoning, IDORs, Password Recovery, and much more…
$40,000 for finding 3 distinct bugs in Microsoft's new chromium based browser.
Hey 👋
Welcome to the #IWWeekly27 - the Monday newsletter that brings the best in Infosec straight to your inbox.
Before we dive in, we’re curious to know if you checked out the speaker line up of IWCON - the world's largest virtual cybersecurity conference and networking event 😍🙌
The dates are 17th-18th December, 2022, and it’s going to be even bigger than the last time🔥
Click here to check out the event details and book your seats before they’re gone! (You really don’t want to miss out)
Coming back to today's NL, here are our top picks for this week: 7 articles, 6 Threads, 5 videos, 2 Github repos and tools, 1 job alert to help you maximize the benefit from this newsletter and take a massive jump ahead in your career.
Excited? Let’s jump in👇
📝 7 Infosec Articles (5+ 2 beginner-friendly)
#1 @Qab explains how he earned $40,000 by finding 3 distinct bugs in Microsoft's new chromium based browser.
#2 Read this interesting article on integer overflow in WhatsApp leading to remote code execution in an established video call by @secpycommunity.
#3 Ozgur Alp has explains some of his amazing authentication bypass techniques.
#4 Francesco Mariani and his friend Jacopo Tediosi made an interesting discovery about an Akamai misconfiguration that leads to worldwide server side cache poisoning on all akamai edge nodes.
#5 Read this article about aurora improper input sanitization bugfix review by Immunefi.
Beginner-friendly -
#1 Find how this anonymous 18-year-old hacked a tech giant like Uber.
#2 In this story, Bergee's explains how he took over an account due to a lack of server-side email verification.
🧵6 Trending Threads (4 + 2 beginner-friendly)
#1 Learn the complete process of how Corben Leo hacked a gaming company.
#2 @shrekysec talks about how they were able to leverage multiple IDORs to take over the admin account.
#3 Read this thread to understand events in smart contracts by @cyberboyIndia.
#4 @intidc sums up his research in a thread on how the location of any car can be tracked using just its number plate.
Beginner-friendly -
#1 @ReconOne shares tips on how to fully utilize a powerful tool like subfinder.
#2 An exhaustive list of resources for learning ethical hacking by @7h3h4ckv157.
📽️ 5 Insightful Videos (3 + 2 beginner-friendly)
#1 Watch this video to find solution of Intigriti’s September XSS challenge.
#2 @_JohnHammond showcases @PlexTrac, a platform for efficient pentest reporting and management.
#3 @thecybermentor shares some cool OSINT techniques using the password recovery feature.
Beginner-friendly -
#1 @e11i0t_4lders0n on how he got started with bug bounty and some insightful tips for beginner bug hunters.
#2 @InsiderPhD’s Bugcrowd LevelUpX talk on how to (almost) never get a dupe again.
⚒️ 2 Github repositories & Tools
#1 The cloud version of the useful Hack Tricks by @carlospolopm.
#2 Asnmap is a Go based CLI and library for quickly mapping organization network ranges using ASN information by @pdiscoveryio.
💰1 Job Alert
#1 eSecurity has 2 Cyber security analyst roles and 2 Cyber security analyst intern roles open in Ahmedabad.
💸Advertise with us💸
We are looking to partner with amazing infosec, pen testing, and ethical hacking teams, brands, and companies from all over the world. If this sounds like you, click here to partner with us.
—----------------------------------------------------------------------------------
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.
Before we say bye…
If you found this newsletter interesting, and know other people who would too, we'd really appreciate if you could forward it to them 📨
If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.
See you again next week.
Lots of love
Editorial team,
This newsletter has been created in collaboration wi th our amazing ambassadors.
Resource contribution by: Ayush Singh, Bimal K. Sahoo, Manikesh Singh, Nikhil Memane, Mohit Khemchandani, Bhavesh Harmalkar, and Tuhin Bose.
Newsletter formatting by: Hardik Singh, Vinay Kumar, Siddharth, and Ayush Singh.