👩‍💻IW Weekly #112: XXE in Chrome, SQL Injection Cheatsheet, Misconfigurations in Azure, Hacking WordPress Plugins, and many more…

Welcome to the #IWWeekly112 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. @gurudattch explains how he found sensitive information hidden in a seemingly empty file through forensic investigation and various tools.
2. @Krit_Sec finds a way to bypass authentication in a social app by leveraging data exposure and accessing random user accounts.
3. @d4d89704243 presents SignSaboteur, a Burp Suite extension for automating attacks on signed web tokens to find and exploit secret keys.
4. @kste_, @SchmiegSophie, and @GEndignoux advocate for hybrid deployments as essential for secure migration to post-quantum cryptography (PQC), detailing the benefits, rationale, and recommendations for implementation.
5. Learn how @Psych0tr1a found an XXE in Chrome and Safari web browsers using ChatGPT.

🧵4 Trending Tweets

1. @pentest_swissky shares different wordlists available under the “AllTheThings” family.  
2. @CupiaBart encountered a weird bug while training a neural network, read on how they were able to narrow down on the issue.
3. @mcipekci talks about a unique trick which helped him exfiltrate data.
4. @0xTib3rius shares an extensive SQL injection cheat sheet.

📽️ 3 Insightful Videos

1. @_niteshsurana discusses multiple misconfigurations they found in Azure cloud.
2. @_JohnHammond explores the different features offered by the lightweight web proxy, @CaidoIO.
3. @NahamSec goes into how you can hack wordpress plugins and earn money while doing so.

💼 2 Job Alerts

1. Bugcrowd is looking for an Application Security Engineer located in the United Kingdom.
2. HackerOne is recruiting Product Security Analyst, a remote opportunity.

🎁 1 Special Item

1. Explore the challenges of NahamCon CTF 2024 and test your skills!

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Nithin R, Tuhin Bose, Shlok, Ansh Patel

Newsletter formatting by: Hardik Singh, Bhavesh Harmalkar, Nithin R, Eeshan V, Ansh Patel, Vivek Reddy, Siddhesh Prakash Patil

Lots of love
Editorial team,
Infosec Writeups