👩💻$5000 Bounty, Free Certification Courses, IndexDB, Reconnaissance Guide, Elasticsearch, and much more…
Get 11 free cybersecurity courses with certificates.
Welcome to the #IWWeekly19 - the Monday newsletter that brings the best in Infosec straight to your inbox.
Here are our top picks for this week: 5 articles, 4 Threads, 3 videos, 2 Github repos and tools, 1 job alert to help you maximize the benefit from this newsletter and take a massive jump ahead in your career.
Excited? Let’s dive in👇
📝 5 Infosec Articles
#1 The beginner guide of reconnaissance by @remonsec where you will find different resources related to different phases of reconnaissance.
#2 @smhtahsin33 shares a great blog about stored Xss to account takeover where he got introduced to new way of managing user session at client side i.e. IndexDB. Read how he exploited the same.
#3 A unique blog by @Tamim Hasan, Elasticsearch - an easy win for bug bounty hunters in which he shares how you can hunt for it through port scanning and access their directories.
#4 The consequences of inadequate identity management in your GitHub organization by @CiderSecurity explains “3” major risks which organizations using Github should be aware of in the context of IAM.
#5 Gaining unprivileged access to Reddit moderator logs on Reddit IDOR vulnerability — $5000 bounty report explanation by @Roberto.
🧵4 Trending Threads
#1 Do you also prefer books over videos? Are you an active learner of bug hunting? Refer to @Nithin R’s thread related to his 5 favorite books for bug bounty / pentesting.
#2 Day #13 of AWS security series by @Devansh Bordia. Check the whole series for more informative reading.
#3 Do you know about canary tokens? Read this awesome canary tokens zine tweeted by @Secr0.
#4 A compilation of 11 free cybersecurity courses with certificates by @cryptvltd.
📽️ 3 Insightful Videos
#1 Self-learning reverse engineering in 2022 by LiveOverflow.
#2 Snyff talks about hacking, learning and creating PentesterLab!
#3 A free bug bounty course which teaches everything from setting up the OS to finding web vulnerabilities.
⚒️2 Github repositories & Tools
#1 Python tool with BurpBounty profile support that helps detecting "error based" SQL injection by @eslam3kll.
#2 scan4all is built using Golang and integrates tools like vscan, nuclei, ksubdomain, subfinder, etc. by @Hktalent3135773.
💰1 Job alert ⚠️
#1 A fully remote role for a cybersecurity engineer with experience in Linux & SIEM.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.
💸Advertise with us💸
We are looking to partner with amazing infosec, pen testing, and ethical hacking teams, brands, and companies from all over the world. If this sounds like you, click here to partner with us 👇
Before we say bye…
If you found this newsletter interesting, and know other people who would too, we'd really appreciate if you could forward it to them 📨
If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.
See you again next week.
Lots of love
This newsletter has been created in collaboration with our amazing ambassadors.
Resource contribution by: Ayush Singh, Bimal K. Sahoo, Mohit Khemchandani, Mehedi Hassan Remon, and Bhavesh Harmalkar.
Newsletter formatting by: Nithin R, Vinay Kumar, Hardik Singh and Siddharth.
If you wish to join our Ambassadors channel and contribute to the newsletter, send us a DM on Twitter with your discord username.