👩💻IW Weekly #108: PostMessage for XSS, Smart Contract Security, Admin Panel Takeover, DOM-XSS to ATO, Process Injection With C, Privilege Escalation and many more …
Welcome to the #IWWeekly108 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- Explore account hijacking via BankID Session Fixation and the critical need for secure implementations as presented by Tobia Righi.
- @ManasH4rsh teaches how to use PostMessage for finding XSS vulnerabilities.
- @lsecqt unveils the art of process injection with C for red teamers.
- @JoeLeonJr shows how Postman's Public API Network exposes thousands of leaked credentials.
- @CristiVlad25 explains how he escalates his privileges from student to admin using user import feature.
🧵4 Trending Tweets
- Dive deep into Smart Contract Security with @hetmehtaa
- @oualilweb used Youtube to find a target vulnerable to SQL injection. Impressive.
- Discover Admin Panel Takeover through improper authentication as written by @Nishantbhagat57.
- @intigriti teaches how to escalate DOM-based XSS vulnerability to account takeover on a site that’s using a modern JS library.
📽️ 3 Insightful Videos
- Learn the art of turning a $500 bounty into a whopping $30,000+ with @NahamSec.
- Explore Ayoub Fathi's enlightening closing keynote address in this video from @bsidesahmedabad.
- Discover how hackers leverage GitHub for distributing malware in this insightful video from @_JohnHammond.
💼 2 Job Alerts
- GitHub is looking for Security Engineer III, a remote opportunity.
- Flipkart is seeking a Security Engineer in Bengaluru.
🎁 1 Special Item
- Can you solve this challenge by popping an alert on http://pilv.ar?
A word from our sponsor.
Want a byte-sized version of Hacker News?
Try TLDR’s free daily newsletter.
TLDR covers the most interesting tech, science, and coding news in just 5 minutes. No sports, politics, or weather.
Subscribe for free here!
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Hardik Singh, Ayush Singh, Manikesh Singh, Manan, Ansh Patel
Newsletter formatting by: Hardik Singh, Ayush Singh, Nithin R, Manan, Eeshan V, Ansh Patel, Vivek Reddy, Siddhesh Prakash Patil
Lots of love
Editorial team,
Infosec Writeups