👩💻IW Weekly #103: $35K Bounty, Nuances of Aggressive Scans, DLL Side-Loading, Hacking 3 Million Hotel Key Cards, WAF Bypassing Variants and many more…
Welcome to the #IWWeekly103 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- Unlocking a $35k bounty: Dive into the world of subdomain fuzzing with @XHackerx007's expert insights.
- @a_greenberg exposes a chilling revelation: Hackers have discovered a method to swiftly unlock any of 3 million hotel keycard locks, illuminating a critical security flaw in the hospitality industry.
- Explore the nuances of aggressive scanning in bug bounty programs and learn effective strategies to evade it, authored by @_CryptoCat.
- Delve into the intricate art of achieving DLL side-loading within the original process, expertly dissected by @OffenseTeacher.
- Hunting JavaScript Files: A Comprehensive Guide for Bug Hunters, by @VivekGhinaiya.
🧵4 Trending Tweets
- Learn IDOR testing and BurpSuite plugin usage for exploiting IDOR vulnerabilities with @nullenc0de.
- @thebinarybot offers valuable resources exploring common Content Security Policy (CSP) bypass techniques.
- Secrets of a familiar SQL Injection payload with @intigriti, dissecting its mechanics and crafting WAF-bypassing variants!
- Decode base64 strings and encode XSS payloads effortlessly with Cyberchef by @GCHQ, your all-in-one data analysis tool!
📽️ 3 Insightful Videos
- @NahamSec teams up with @_JohnHammond to share practical tips and tricks to help you identify and hunt for malwares.
- Level up your API hacking skills! @NahamSec unveils detailed guide for conquering APIs in 2024.
- Case study alert! @gregxsunday delves into CSRF vulnerability and provides tips for hunting them down even in 2024.
💼 2 Job Alerts
- @payatulabs is seeking talented individuals for multiple security roles. Sharpen your skills and join their team!
- Goldman Sachs is seeking an Associate Security Engineer in Bengaluru.
🎁 1 Special Item
- @moopinger summarizes their takeaways from research by @Black2Fan highlighting some detection methods that helped them find CRLF injections on multiple bug bounty programs.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Nikhil A Memane, Hardik Singh, Ayush Singh, Manikesh Singh, Bhavesh Harmalkar, Tuhin Bose, Manan, Eeshan V
Newsletter formatting by:Ayush Singh, Nithin R, Manan, Shlok
Lots of love
Editorial team,
Infosec Writeups
📧
If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]