Welcome to the twelfth edition of Infosec Weekly - the Monday newsletter that brings the best in Infosec straight to your inbox.
In today’s edition, we’ve included freshly brewed Infosec content in a format of 5 articles, 4 Threads, 3 videos, 2 Github repos and tools, and 1 job alert, to help you maximize the benefit from this newsletter and take a massive jump ahead in your career.
Sounds interesting? Let’s dive in👇
📝 5 Infosec Articles
Read how @terminatorLM abused logic vulnerability on Facebook which led to 2FA bypass/denial of service by locking users to login into the attacker’s controlled account forever.
@byq turned open redirect into RCE on several hosts of the Mail.Ru group by exploitation of unsafe deserialization in PHP.
@vaibhav-atkale disclosed a nice tip to check email verification token bypass by creating multiple accounts.
🧵4 Trending Threads
📽️ 3 Insightful Videos
Amazing Bug Bounty podcast by Day  explaining some cool vulnerabilities | XML stanza smuggling in Zoom for a MitM attack, an odd auth bypass, a Gitlab stored XSS and gadget based CSP bypass, and an interesting technique to leverage a path traversal/desync against NGINX Plus.
If you’re struggling to find bugs in bug bounty, then check this video by @_zwink. He discusses what are the most important factors to succeed in bug bounty hunting, and lays out an easy to follow multi-step formula.
Developer advocate Nate Barbettini breaks down OpenlD and OAuth 2.0 in plain English.
⚒️2 Github repositories & Tools
It’s a workflow engine for offensive security. It was designed to build a foundation with the flexibility that allows you to build your own reconnaissance system and run it on a large number of targets.
Check this awesome tool for discovering the origin host behind a reverse proxy. Useful for bypassing WAFs and other reverse proxies.
💰1 Job alert ⚠️
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.
Before we say bye…
If you found this newsletter interesting, and know other people who would too, we'd really appreciate if you could forward it to them 📨
If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.
See you again next week.
Lots of love
This newsletter has been created in collaboration with our amazing ambassadors.
If you wish to join our Ambassadors channel and contribute to the newsletter, reply to this email with your discord username.