👩‍💻IW Weekly #118: Server-Side Request Forgery, Malware Development, IDOR, Match and Replace, Cache Deception and many more…

👩‍💻IW Weekly #118: Server-Side Request Forgery, Malware Development, IDOR, Match and Replace, Cache Deception and many more…
Photo by Ilya Pavlov / Unsplash

Welcome to the #IWWeekly118 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

  1. @oXnoOneXo explores a compelling Server-Side Request Forgery (SSRF) vulnerability, unravelling its discovery and impact.
  2. @dk4trin and @Fabrikat0r delve into $500 Cache Deception and misconfigured JWTs, uncovering vulnerabilities that lead to Account Takeover (ATO).
  3. An analysis of race condition vulnerability enabling email confirmation bypass, authored by @siratsami71.
  4. Check the implementation of Trusted Types in AppSheet, this article by @kian-jamali provides a comprehensive case study on enhancing web application security.
  5. Examining client-side path traversal for performing Cross-Site Request Forgery with the introduction of CSPT2CSRF, by @Doyensec.
  1. Started a series of 'Malware Development 101' on YouTube with basics for beginners. @nu11charb aims for advanced topics later.
  2. Match and replace often goes overlooked. @ctbbpodcast shares 8 essential things to match and replace in your next hunt.
  3. Bug bounty can be a cruel mistress sometimes. @ctbbpodcast shares 14 solid tips from last week's pod to handle dupes, downgrades, mass closes, and misunderstandings.
  4. Wish I had this when I started bug bounty! @intigriti shares tips to help you identify & exploit more IDOR vulnerabilities.

📽️ 3 Insightful Videos

  1. @HackerSploit presents an 'Introduction to Red Teaming' video, covering the basics of red team operations.
  2. Learn efficient reporting techniques to enhance your hacking skills in 'Less Writing, More Hacking: Reporting Efficiency Techniques' by @ctbbpodcast.
  3. @NahamSec explores every bug bounty program in 'I SCANNED EVERY BUG BOUNTY PROGRAM'.

💼 2 Job Alerts

  1. Akamai Technologies seeks a Security Consultant II for a full-time remote position in India, targeting mid-senior level professionals.
  2. Choice International is looking for an Associate Cyber Security Engineer with 1-4 years of experience in Mumbai, salary details undisclosed.

🎁 1 Special Item

  1. Try to find the vulnerability in this code as shared by @bountywriteups

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Bhavesh Harmalkar, Nithin R, Rachit Arora
Newsletter formatting by: Bhavesh Harmalkar, Nithin R, Manan, Shlok, Ansh Patel, Vivek Reddy, Siddhesh Prakash Patil

Lots of love
Editorial team,

Infosec Writeups

If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]

Subscribe to The Infosec Newsletter

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]