👩‍💻IW Weekly #106: Hacking ICON Blockchain, BatBadBut Vulnerability, DOM XSS to ATO, Starbucks Hack, Bypassing Phone Number Verification and many more…

👩‍💻IW Weekly #106: Hacking ICON Blockchain, BatBadBut Vulnerability, DOM XSS to ATO, Starbucks Hack, Bypassing Phone Number Verification and many more…
Photo by Adi Goldstein / Unsplash

Welcome to the #IWWeekly106 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

  1. Explore @EladErnst journey uncovering critical vulnerabilities in the ICON blockchain, leading to a rewarding $25K bounty.
  2. Explore the BatBadBut vulnerability exposing command injection on Windows applications as documented by @ryotkak
  3. Uncover a significant AWS access bug within AWS STS, exposing potential risks in role trust policy evaluation despite extensive use of AWS IAM shared by @stedi
  4. Discover the journey from a DOM XSS to a sophisticated 1-click Account Takeover by FrogSec's Research Blog
  5. Explore chest manipulation, debug endpoints, IDORs, DOS attacks and transaction manipulations disrupting the gameplay by @H4cktus.
  1. Discover secondary context bugs with ease using these 10 essential tips and questions from @ctbbpodcast.
  2. Maximise your bounty earnings by prioritizing SQL Injection vulnerabilities. Advice from @thebinarybot
  3. Delve into the daring Starbucks hack that breached nearly 100M customer records. More details from @ctbbpodcast.
  4. Unlock the secrets to bypassing phone number verification on web apps with insights from @alp0x01. 

📽️ 3 Insightful Videos

  1. Gain invaluable insights into the world of bug bounties with @NahamSec revealing video, 'The Truth About Bug Bounties'.
  2. Master the craft of discovering critical vulnerabilities with insights from @NahamSec video, 'The Art of Finding Critical Vulnerabilities'

💼 2 Job Alerts

  1. CyRAACS™ in Bengaluru, is seeking a Security Consultant for Source Code Review and Cloud Security.
  2. @Bugcrowd is hiring for 20 new roles across various departments for their crowdsourced security intelligence space.

🎁 1 Special Item

  1. Explore how to add a touch of quirkiness to your Node.js web servers with @GhostCcam's guide on causing funky effects.

Send an e-mail to [email protected] to know more about partnering with InfosecWriteups

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Ayush Singh, Manikesh Singh
Newsletter formatting by: Eeshan V, AnuPallavi, Ansh Patel

Lots of love
Editorial team,

Infosec Writeups

If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]

Subscribe to The Infosec Newsletter

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]