Planning to jump into Web3 bug hunting? This twitter thread can guide you through to get ready for hunting on Web3 platforms by @Pavel Shabarkin.
Welcome to the #IWWeekly21 - the Monday newsletter that brings the best in Infosec straight to your inbox.
Can’t believe it’s 21st edition already😍
Our relationship is now 21 weeks old. We’re curious, are you loving our weekly Infosec compilation? Let us know on Twitter and tag us @InfoSecComm. It’ll boost the team’s morale and help us work harder to bring the best in Infosec to you every Monday 😊
For now, here are our top picks for this week: 5 articles, 4 Threads, 3 videos, 2 Github repos and tools, 1 job alert to help you maximize the benefit from this newsletter and take a massive jump ahead in your career.
Excited? Let’s dive in👇
📝 5 Infosec Articles
#2 In Browser-powered Desync attack article @James Kettle shows you how to turn your victim's web browser into a desync delivery platform, shifting the request smuggling frontier by exposing single-server websites.
#3 Always a cold debate around bug reports of IDORs with IDs which are not predictable. Read about @rez0’s article for why they are valid vulnerabilities and should be fixed.
#4 Read how @KevTheHermit’s team discovered major vulnerabilities in the Control Web Panel including RCE, account hijacking and Injection vulnerability.
#5 @Andri shares his personal notes regarding the unpopular RCE bug in the Jackson data binding library. Read how he earned a $7000 bug bounty from Grab (RCE Unique Bugs).
🧵4 Trending Threads
#2 Planning to jump into Web3 bug hunting? This twitter thread can guide you through to get ready for hunting on Web3 platforms by @Pavel Shabarkin.
#4 @secr0 shares their XSS flyer along with out of the box XSS bypass filters.
📽️ 3 Insightful Videos
⚒️2 Github repositories & Tools
#1 nullt3r’s tool named Jf scan is a wrapper around a super-fast port scanner Masscan and Nmap. It's designed to simplify work when scanning for open ports on targets in a variety of formats.
#2 GraphQuail is a Burp Suite extension that offers a toolkit for testing GraphQL endpoints. Read about the currently implemented features in this tool at Github by @forcesunseen.
💰1 Job alert ⚠️
No of positions : 12
Stipend : Yes
💸Advertise with us💸
We are looking to partner with amazing infosec, pen testing, and ethical hacking teams, brands, and companies from all over the world. If this sounds like you, click here to partner with us.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.
Before we say bye…
If you found this newsletter interesting, and know other people who would too, we'd really appreciate if you could forward it to them 📨
If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.
See you again next week.
Lots of love
This newsletter has been created in collaboration with our amazing ambassadors.
If you wish to join our Ambassadors channel and contribute to the newsletter, send us a DM on Twitter with your discord username.