IW Team

👩‍💻IW Weekly #52: Filter chains, Prototype Pollution in Node, Privilege Escalation, Vulnerabilities in ChatGPT, Copy&Paste XSS, Shodan Dorks and many more…

The possibilities allowed by filter chains will never stop amazing us. In this blog Rémi Matasse showcases how it’s used to read files from an error-based Oracle. Welcome to the #IWWeekly52 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out,

👩‍💻IW Weekly #51: Server-Side prototype pollution, Pentest mapper, SSRF in Meta, Hacking CI/CD pipelines, AWSScrape, Hacking Android, SQL Injections and much more…

@PortSwigger released a tool for finding server-side prototype pollution bugs and here’s all you need to know about it. Welcome to the #IWWeekly51 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos,

👩‍💻IW Weekly #50: Authentication and Authorization Vulnerabilities in Datahub, Leaky GraphQL, Account Takeover via Preset Passwords, Insecure Deserialization, $10000 Bounty and much more…

@GHSecurityLab discovered authentication and authorization vulnerabilities in DataHub, an open-source metadata platform, potentially allowing unauthorized access to sensitive data stored on the platform. Welcome to the #IWWeekly50 - the Monday newsletter that brings the best in Infosec straight to your inbox. Thank you for making it so far with us!

👩‍💻IW Weekly #49: $10000 RCE, Gitpod 0 Day, SQL Injection, Authentication Bypass, API Fuzzing, Payment Bypass, IDOR, Broken Access Control and much more…

@NahamSec shares valuable insights on how to navigate the complex world of bug bounty hunting, including tips on where and how to get started. Welcome to the #IWWeekly49 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles,

👩‍💻IW Weekly #48: Slack Vulnerability, DOM-XSS on Microsoft, SQL+RCE on University Website, Hacking AWS Cloud, XSS on Google and many more…

@gregxsunday identified an XSS vulnerability in Google's golang/net/html library and was rewarded $3,133.70 as a bounty for his first submission to Google. Welcome to the #IWWeekly48 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have

👩‍💻IW Weekly #47: SSRF to Infrastructure Access, HubSpot Full Account Takeover, RCE to S3 Leak, SQL Injections, Stored XSS, Broken Access Control and many more…

Breaking Boundaries: @basu_banakar uncovers SSRF vulnerability providing access to complete infrastructure and web services. Welcome to the #IWWeekly47 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools,

👩‍💻IW Weekly #46: Ransomware Defense, Cracking OSWE, Github Hack, Finding IDORs, Security flaw in Aurora’s Rainbow Bridge and much more…

Understand Microsoft's in-depth approach to ransomware defense with @jhondarred and team's informative article on best practices and tactics. Welcome to the #IWWeekly46 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub

👩‍💻IW Weekly #45: RCE in Avaya Aura Device Services, Bypass Sign-Up Pages, JWT Hacking, Broken Access Control, CSRF Explained and much more…

Read how @iamnoooob and @rootxharsh discovered a remote source code disclosure in PHP Development Server <= 7.4.21 Welcome to the #IWWeekly41 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub

👩‍💻IW Weekly #44: Google Cloud BI Hack, 0xbaDc0dE MEV Bot Hack, CSS Injection, Car Company Hack, Hacking Military System, DOM XSS in jQuery Selector Sink and much more…

Uncover the captivating tale of @GodfatherOrwa's Google Cloud BI hack and the critical bug discovery, in this must-read blog post. Welcome to the #IWWeekly44 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos,

👩‍💻IW Weekly #43: $27200 bounty from Facebook, API Misconfigurations, E2E encryption bypass, AzureAd tenant takeover, Billion dollar vulnerability and much more…

Bypass CloudTrail logging for undetected reconnaissance by @Frichette_n Welcome to the #IWWeekly43 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools, 1 Job Alert in today’s

👩‍💻IW Weekly #42: $1M bounty explained, GCP takeover, iOS pentesting, Smart Contract vulnerabilities, API security checklist and much more…

Take a look at how @kl_sree managed to takeover your GCP projects. Welcome to the #IWWeekly42 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools, 1 Job

👩‍💻IW Weekly #41: VueJS XSS, Critical Car-Vulnerabilities, $1000 IAP Proxy Misconfiguration in Google Cloud, Prototype Pollution Attacks, GraphQL Pentesting and much more…

Read how @samwcyo and team were able to hack the giants in automotive industry Hey 👋 Welcome to the #IWWeekly41 - the Monday newsletter that brings the best in Infosec straight to your inbox. To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools,

👩‍💻IW Weekly #40: Open Redirection Vulnerability, Misconfigured Jira, Bugs in Red Bull, ChatGPT for Security, OSCP Guide for Beginners, Bypass Authentication, and much more…

Disclosing this vulnerability in Google Smart speakers bagged the author a bounty of $100k 😲 Welcome to the #IWWeekly40 - the Monday newsletter that brings the best in Infosec straight to your inbox. We wish you a prosperous and productive new year 😊 May you find amazing bugs, earn bounties, and make

👩‍💻IW Weekly #39: $10,000 Bounty, Zero-click Account Takeover, Stored XSS, Open Redirection Vulnerability, SQL Injection, RCE, Reconnaissance Techniques, and much more…

$10,000 USD award for reporting faulty crop and trim feature in Facebook reels 😍 Welcome to the #IWWeekly39 - the Monday newsletter that brings the best in Infosec straight to your inbox. IWCON2022 finally came to a glorious end ❤️ Thank you for joining us. I hope you had a lot

👩‍💻IW Weekly #38: Cache Poisoning, XSS Payloads, Akamai and Amazon S3 buckets, Hybrid Fuzzing in Smart Contracts, SSO, Blockchain Security Audit, and much more…

Learn how to use XSS payloads that result in bounties up to $44,625. Welcome to the #IWWeekly38 - the Monday newsletter that brings the best in Infosec straight to your inbox. IWCON2022 finally came to a glorious end yesterday night ❤️ Thank you for joining us. I hope you had

👩‍💻IW Weekly #37: ChatGPT for Pentesting, Hacking Govt. Website, GraphQl Security Flaws, Bypassing WAF, SSO, MITRE ATT&CK, and much more…

Did you know ChatGPT can help you identify potential vulnerabilities and exploits for pentesting? Read about it here. Welcome to the #IWWeekly37 - the Monday newsletter that brings the best in Infosec straight to your inbox. IWCON2.0 is going live this weekend 😍 We have multiple perks in line for

👩‍💻IW Weekly #36: 1,250€ Bounty, VoIP Spoofing, SSL Pinning, Intercepting Proxy, XSS Resources, Signature-based Malware Detection, and much more…

Bounty of 1,250€ from Intigriti for VoIP spoofing vulnerability. Read about it here. Welcome to the #IWWeekly36 - the Monday newsletter that brings the best in Infosec straight to your inbox. We’re in the last 30 days of 2022 and there’s no better time to pick up

👩‍💻IW Weekly #35: HTTP Desync Attack, Mass Account Takeover, SSRF via DNS Rebinding, Exploiting CORS Misconfigurations, Hacking APIs, and much more…

@hacker_ hacked a phone company and viewed the call logs of 50M customers. Here's how he did it. Welcome to the #IWWeekly35 - the Monday newsletter that brings the best in Infosec straight to your inbox. IWCON2022’s countdown has now started! Barely 20 days are left for the world's

👩‍💻IW Weekly #34: Attacking SAML 2.0, Kubernetes Security, RCE, Hacking File Upload, Recon Tools and Methodology, and much more…

@Redhuntlabs conducted a mass scan on ~40000 Firebase subdomains to understand their state of security. Read their findings here. Hey {first_name, "there"}👋 Welcome to the #IWWeekly34 - the Monday newsletter that brings the best in Infosec straight to your inbox. This week’s NL is brought to you by

👩‍💻IW Weekly #33: 15,000 Sites Hacked, $70,000 Bounty, API Injection Vulnerabilities, IDOR, Template Injection in 100 seconds, and much more…

This Google Pixel lock screen bypass made $70,000 bounty 😮 Hey 👋 Welcome to the #IWWeekly33 - the Monday newsletter that brings the best in Infosec straight to your inbox. Barely a month is left for IWCON - the world's largest virtual cybersecurity conference and networking event 😍🙌 Have you booked your

👩‍💻IW Weekly #32: 2FA Bypass, OpenSSL Vulnerabilities, Automated Recon Script, Subdomain Takeovers, DNS Hijacking, and much more…

These multiple vulnerabilities led to remote code execution (RCE) on one of the payment service providers. Hey 👋 Welcome to the #IWWeekly32 - the Monday newsletter that brings the best in Infosec straight to your inbox. Before we dive in, we’re curious to know if you checked out the speaker

IoT Testing in Healthcare

The Internet of Things has been a game-changer for the healthcare industry. IoT in health refers to the interconnectedness of devices, sensors, and systems that collect and exchange data. Internet of things testing in healthcare is essential to ensure the accuracy and reliability of data collected by IoT devices and

👩‍💻IW Weekly #31: $5000 from Apple, AWS RCE, DOM Clobbering Attack, Chrome Exploit, SSRF Tips and much more...

Apple paid $5000 for stored XSS. Read about the findings here. Hey 👋 Welcome to the #IWWeekly31 - the Monday newsletter that brings the best in Infosec straight to your inbox. Before we dive in, did you know we're organizing IWCON2022 - the world's largest virtual cybersecurity conference and networking event?

👩‍💻IW Weekly #30: $10,000 Bounty, Bypassing Filtration, DDoS Attack, Fuzzing for SQL Injection, Recon Tools, etc.

GitHub rewarded $10,000 to Saajan Bhujel for bypassing filtration of HTML tags in GitHub’s new feature. Hey 👋 Welcome to the #IWWeekly30 - the Monday newsletter that brings the best in Infosec straight to your inbox. Today, we’ve completed 30 weeks together 😍🤝 Our team is working hard to

👩‍💻$6000 from Microsoft, WAF Bypass, Manual Exploitation, Nuclei Guide, Admin Panel and much more...

This CRLF to XSS bug chain resulted in a $6000 bounty from Microsoft. Hey 👋 Welcome to the #IWWeekly29 - the Monday newsletter that brings the best in Infosec straight to your inbox. Before we dive in, we’re curious to know if you checked out the speaker line up of

👩‍💻Roadmap to Cybersecurity in 2022, Full-Read SSRF, IDOR in GraphQL, GCP Pentesting, and much more...

Watch this talk about $25 billion+ of value, locked in the practical attacks against bridges. Hey 👋 Welcome to the #IWWeekly28 - the Monday newsletter that brings the best in Infosec straight to your inbox. Before we dive in, have you got yourself a ticket to IWCON - the world's largest

👩‍💻$40,000 Bounty, Authentication Bypass Techniques, Cache Poisoning, IDORs, Password Recovery, and much more…

$40,000 for finding 3 distinct bugs in Microsoft's new chromium based browser. Hey 👋 Welcome to the #IWWeekly27 - the Monday newsletter that brings the best in Infosec straight to your inbox. Before we dive in, we’re curious to know if you checked out the speaker line up of

👩‍💻 $600k Bounty, Jetty Features, Response Queue Poisoning, Bypass SSRF Protections, XSS Payloads, and much more…

This simple business logic flaw in smart contracts resulted in a $600K bounty. Hey 👋 Welcome to the #IWWeekly26 - the Monday newsletter that brings the best in Infosec straight to your inbox. Before we dive in, we’re curious to know if you checked out the speaker line up of

👩‍💻Hacking Smart Contracts, Android Vulnerability, RCE, Prototype Poisoning, Anti-Human Server Plugin, and much more…

Learn about this anti-human server plugin that kicks human players out of a minecraft server with a new challenge at the end. Hey 👋 Welcome to the #IWWeekly25 - the Monday newsletter that brings the best in Infosec straight to your inbox. This week’s NL is brought to you by

👩‍💻Thick Client Pentest, Out-of-band XXE, Bug Hunting Resources, RDP, LogonTypes, PowerShell Commands, and many more…

10 tricks and fun facts about Active Directory shared by @simondotsh. Hey 👋 Welcome to the #IWWeekly24 - the Monday newsletter that brings the best in Infosec straight to your inbox. This week’s NL is brought to you by RE:HACK. Here's a word from our sponsor: RE:HACK is

👩‍💻Smart Contract Security, WAF Bypassing, HTTP Parameter Pollution, Race Condition, IDOR, Web Cache Poisoning, and much more…

Learn about HTTP Parameter pollution - an easy test to bag a good bounty. Hey 👋 Welcome to the #IWWeekly23 - the Monday newsletter that brings the best in Infosec straight to your inbox. 🤔 Before we jump into today’s edition, we’re curious to know if you’re enjoying these

👩‍💻File Leakage, Blockchain Security, Bypass 2FA, Kerberoasting, Exploiting Security Bugs, and much more…

These two Telegram vulnerabilities led to a leak of internal files. Hey 👋 Welcome to the #IWWeekly22 - the Monday newsletter that brings the best in Infosec straight to your inbox. This week’s NL is brought to you by Zero-Point Security. Here's a word from our sponsor: We're making Red

👩‍💻$7000 Bounty, Web3 Bug Hunting, API Hacking, IDOR, Triggering XSS with emojis, XSS Flyer, and much more…

Planning to jump into Web3 bug hunting? This twitter thread can guide you through to get ready for hunting on Web3 platforms by @Pavel Shabarkin. Hey 👋 Welcome to the #IWWeekly21 - the Monday newsletter that brings the best in Infosec straight to your inbox. Can’t believe it’s 21st

👩‍💻Bug Bounty Tips, Desync Attacks, SSRF, SQL Injection, Vulnerabilities in CPU, RCE, and much more…

An overlooked parameter leads to a critical SSRF in Dropbox bug bounty. Hey 👋 Welcome to the #IWWeekly20 - the Monday newsletter that brings the best in Infosec straight to your inbox. For those of you who are from India, Happy 75th Independence Day 🤗🥳 Remember, don't treat this day like a

👩‍💻$5000 Bounty, Free Certification Courses, IndexDB, Reconnaissance Guide, Elasticsearch, and much more…

Get 11 free cybersecurity courses with certificates. Hey 👋 Welcome to the #IWWeekly19 - the Monday newsletter that brings the best in Infosec straight to your inbox. Here are our top picks for this week: 5 articles, 4 Threads, 3 videos, 2 Github repos and tools, 1 job alert to help

👩‍💻IW Weekly #18: $45,000 Facebook Bug Bounty, Cross-site Scripting, Hacking, Recon and Breaking into Cybersecurity, and much more…

Hey 👋 Welcome to the eighteenth edition of Infosec Weekly - the Monday newsletter that brings the best in Infosec straight to your inbox. So how was your weekend? We saw a lot of bug bounty wins related articles this week in our publication writeups. We hope you also found some,

👩‍💻IW Weekly #17: $30,000 Bounty, Instagram Account Takeover, AWS Security Series, Google Authenticator, IDOR, and much more…

Hey 👋 Welcome to the seventeenth edition of Infosec Weekly - the Monday newsletter that brings the best in Infosec straight to your inbox. So many new things are happening in the cybersecurity world that it’s difficult to keep up!   We’ve done all the hard work for you by

👩‍💻IW Weekly #16: AWS Vulnerability, Threat Hunting, Reflected XSS, Pentesting Resource, Command Injection and much more…

Hey 👋 Welcome to the sixteenth edition of Infosec Weekly - the Monday newsletter that brings the best in Infosec straight to your inbox. So many new things are happening in the cybersecurity world that it’s difficult to keep up! 🥲 We’ve done all the hardwork for you by selecting

👩‍💻IW Weekly #15: Admin account takeover, IDOR broken authentication, CyberChef alternatives, Dark web access, etc.

Hey 👋 Welcome to the fifteenth edition of Infosec Weekly - the Monday newsletter that brings the best in Infosec straight to your inbox. In today’s edition, we’ve curated all the amazing Infosec stuff that needs your attention this week in a format of 5 articles, 4 Threads, 3

👩‍💻IW Weekly #14: $1M bounty, bug bounty tips, upcoming CTF events, API attacks, bypassing .NET, autofill credentials stolen, and much more.

Hey 👋 Welcome to the fourteenth edition of Infosec Weekly - the Monday newsletter that brings the best in Infosec straight to your inbox. In today’s edition, we’ve curated all the amazing Infosec stuff that needs your attention this week in a format of 5 articles, 4 Threads, 3

👩‍💻IW Weekly #13: 1000s of user tokens exposed, pre-auth RCEs in Oracle, AWS Misconfigurations, IDOR, Open redirects, Nmap tutorial, and much more.

Hey 👋 Welcome to the thirteenth edition of Infosec Weekly - the Monday newsletter that brings the best in Infosec straight to your inbox. The Infosec world is continuously evolving with newer finds and features coming up every single day. Not able to catch up with the changes? Don’t worry.

👩‍💻IW Weekly #12: $O to $150,000/month mindset, Zoom RCE, Abusing FB Features, Bypass CSRF Protection, and much more.

Hey 👋 Welcome to the twelfth edition of Infosec Weekly - the Monday newsletter that brings the best in Infosec straight to your inbox. In today’s edition, we’ve included freshly brewed Infosec content in a format of 5 articles, 4 Threads, 3 videos, 2 Github repos and tools, and

👩‍💻IW Weekly #11: Hacking Nginx, eJPT2.0, Free Hacking Resources, OWASP API, and more

Hey 👋 Welcome to the eleventh edition of Infosec Weekly - the Monday newsletter that brings the best in Infosec straight to your inbox. So, did you find any new bugs this weekend? We hope you did. Well, our weekend went into scanning the internet to find the latest Infosec trends

👩‍💻IW Weekly #10: 5 Articles, 4 Threads, 3 Videos, 2 Github Repos, 1 Job Alert

Hey 👋 Welcome to the tenth edition of Infosec Weekly - the Monday newsletter that brings the best trends in Infosec straight to your inbox. Today’s edition is exciting 😁 We’ve included freshly brewed Infosec content in a format of 5 articles, 4 Threads, 3 videos, 2 Github repos and

👩🏽‍💻IW Weekly #9: Web3 Hacking, Leveraging Google Dorks, Python Flaws, and more…

Hey 👋 Welcome to the ninth edition of Infosec Weekly - the Monday newsletter that brings the best trends in Infosec straight to your inbox. Today’s edition is special! We've teamed up with Nithin R [https://www.thebotsite.me/], a world-class cybersecurity researcher and our past IWCON speaker [https://www.

👩‍💻IW Weekly #8: Cloudflare WAF, OAuth, TLS Fingerprinting, Talosplus, and more...

Hey 👋 Welcome to the eighth edition of Infosec Weekly - the Monday newsletter that brings the best insights in Infosec straight to your inbox. In today’s edition, we’ve handpicked some of the most trending and latest articles of InfoSec Write-ups [https://infosecwriteups.com/] to help you understand new

IW Weekly #7: Facebook account takeover, Java Deserialization, SSRF, and more…

Hey 👋 Warm welcome to the seventh edition of Infosec Weekly - the Monday newsletter that brings the best in Infosec straight to your inbox. In today’s edition, we’ve not only curated some of the most interesting articles of InfoSec Write-ups [https://infosecwriteups.com/], but also articles from outside

IW Weekly #6: Bypassing 2FA, Steghide Challenges, PEStudio Walkthrough, and more…

Hey 👋 Welcome to the sixth edition of Infosec Weekly - the Monday newsletter that brings the best inspiration and insights in Infosec straight to your inbox. So how was your weekend? Did you find any more vulnerabilities or bugs? We hope you did. As per us, we spent our weekend

IW Weekly #5: Account Takeover, Recon, Ransomware Creation, and more.

Hey 👋 Welcome to the fifth edition of Infosec Weekly - the Monday newsletter that aims to give you a new perspective about the possibilities of the Infosec space, straight to your inbox. In today’s edition, we’ve handpicked some of the most thought provoking articles of InfoSec Write-ups [https:

IW Weekly #4: BITB Attack, Hackthebox Walkthrough, Twitter Link Takeover, and more.

Hey 👋 Welcome to the fourth edition of Infosec Weekly - the Monday newsletter that brings the best insights in Infosec straight to your inbox. Hope you’re enjoying the newsletter as much as we’re enjoying curating it. In today’s edition, we’ve handpicked some of the most trending

IW Weekly #3: SQL Injection, Data Exfiltration, Log Poisoning, Blind XSS, and more.

Hey 👋 Welcome to the third edition of the Infosec Weekly - the Monday newsletter bringing to you the best write-ups in Infosec straight to your inbox. Hope you had a great week. Our team is excited to share that our Medium publication, Infosec Writeups, [https://infosecwriteups.com/] has crossed 25,

Infosec Weekly #2 - Docker, Google Dorks, Bug Bounty and other interesting Infosec stuff.

Hey 👋 Welcome to the second edition of the Infosec Weekly - a brand new newsletter bringing to you the best and latest in Infosec straight to your inbox every Monday. Hope you had a great weekend. We had a super fun time curating the most interesting Infosec-related content to help

Infosec Weekly #1 - Welcome to the First Edition

Hey 👋 Welcome to the very first edition of the Infosec Weekly - a brand new newsletter bringing to you the best and latest in Infosec  straight to your inbox every Monday. Let’s dive in 👇 Here are the top 7 trendings articles in our publication [https://infosecwriteups.com/] this week: