Watch this talk about $25 billion+ of value, locked in the practical attacks against bridges.
Welcome to the #IWWeekly28 - the Monday newsletter that brings the best in Infosec straight to your inbox.
Before we dive in, have you got yourself a ticket to IWCON - the world's largest virtual cybersecurity conference and networking event?
If not, get them here. (You won't regret it 😉)
Coming back to today's NL, here are our top picks for this week: 7 articles, 6 Threads, 5 videos, 2 GitHub repos and tools, 1 job alert to help you maximize the benefit from this newsletter and take a massive jump ahead in your career.
Excited? Let’s jump in👇
📝 7 Infosec Articles (5+ 2 beginner-friendly)
#1 @Sonar discovered and disclosed a critical vulnerability resulting in gaining control of Packagist, a central component of the PHP supply chain, to help secure developer tools.
#2 Find out how @Cloudsek reported Full-Read SSRF vulnerabilities on the exposed instances of Appsmith, an open-source low-code tool that helps developers build dashboards and admin panels very quickly.
#3 @Omar Hashem shares a great writeup where he exploited the emerge login panel, later gaining admin access and was able to control the whole building of the company including elevators.
#5 Informative writeup by @Ahmed Qaramany where he shares his methodology to bypass the WAF block to exploit error-based SQL injection.
#2 A great writeup on how @Inderjeet Singh found IDOR in a GraphQL query leaking private photos of a million $ app.
🧵6 Trending Threads (4 + 2 beginner-friendly)
#1 @Begin n Bounty shares a useful thread regarding the top burp suite extensions you must give a try while testing.
#2 @Rushab Vyas has curated all the presentation slides presented by the speakers at Bsides Ahmedabad in a single thread.
#1 @Shrekysec shares a detailed thread on the complete roadmap to get into cybersecurity in 2022 for beginners.
📽️ 5 Insightful Videos (3 + 2 beginner-friendly)
#3 @_JohnHammond explores the new Havoc framework built by @C5pider, a modern and malleable post-exploitation command and control framework.
#2 @hakluke hints a better approach to bug bounty automation by reducing the amount of duplicates in his talk at NahamCon 2022.
⚒️ 2 Github repositories & Tools
💰1 Job Alert
#1 Payatu is hosting a hiring CTF. Apply now.
💸Advertise with us💸
We are looking to partner with amazing infosec, pen testing, and ethical hacking teams, brands, and companies from all over the world. If this sounds like you, click here to partner with us.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.
Before we say bye…
If you found this newsletter interesting, and know other people who would too, we'd really appreciate if you could forward it to them 📨
If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.
See you again next week.
Lots of love
This newsletter has been created in collaboration with our amazing ambassadors.