👩💻IW Weekly #11: Hacking Nginx, eJPT2.0, Free Hacking Resources, OWASP API, and more
Welcome to the eleventh edition of Infosec Weekly - the Monday newsletter that brings the best in Infosec straight to your inbox.
So, did you find any new bugs this weekend? We hope you did. Well, our weekend went into scanning the internet to find the latest Infosec trends and helpful resources that are a must read/watch for every cybersec nerd.
Sounds good? Let’s dive in👇
📝 5 Infosec Articles
#1 Checkout this interesting article by Brandon Roldan on password reset poisoning.
#2 Ever Hacked Nginx? Well, now you can by reading this amazing article by Manas Harsh.
#3 eJPT version 2 is going to be out anytime soon. Find out more about it in this blog by INE.
#4 Find how Sivanesh Ashok and his friend were able to steal Google Drive OAuth tokens from Dropbox.
#5 Read about sharepoint API misconfigurations here in this interesting article by Ujjaval Malhotra.
🧵4 Trending Threads
#1 Checkout this thread to find how @0xmahmoudJo0 was able to access a target’s admin panel.
#2 Free hacking resources that are worth thousands, curated by @_rybaz.
#3 @_zwink once again does what he’s extremely good at (find out by clicking here).
#4 A must read thread for all beginner bug bounty hunters by @0xConda:
📽️ 3 Insightful Videos
#1 Bug Bounty 101: #20 - Rapidly Testing APIs for Broken Access Control by Z-winK.
#2 Webinar: Practical intro to the OWASP API top 10 by The XSS rat.
#3 Python Web Scanner - Pt 02 | Programming Hacking Tools by Hacking Simplified.
⚒️2 Github repositories & Tools
#1 GitHub - musana/mx-takeover: mx-takeover focuses DNS MX records and detects misconfigured MX records by @musana.
#2 GitHub - Nefcore/CRLFsuite: Fast CRLF injection scanning tool by Nefcore.
💰1 Job alert ⚠️
#1 Cybersecurity-NxxT is calling for security interns. Apply here!
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.
Before we say bye…
If you found this newsletter interesting, and know other people who would too, we'd really appreciate if you could forward it to them 📨
If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.
See you again next week.
Lots of love
This newsletter has been created in collaboration with our amazing ambassadors including Manikesh Singh, Vinay Kumar, Hardik Singh, Bhavya Jain, Tamim Hasan, Nithissh, and many others.
Special mention: Nithin R (@thebinarybot/thebotsite.me), a world-class cybersecurity researcher and our past IWCON speaker, has helped us to curate the newsletter.
If you wish to join our Ambassadors channel and contribute to the newsletter, reply to this email with your discord username.