👩‍💻IW Weekly #121: RCE on Kafka UI, $2000 Bounty, Advanced SQL Injection Techniques, AWS Cognito Misconfigurations, Payment Bypass, and many more…

Welcome to the #IWWeekly121 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. Read about how @deepk007 was able to find a payment bypass using parameter tampering.
2. @nullenc0de discusses ways to find misconfigured instances of AWS Cognito including nuclei templates.
3. @SugamDangal2 shows us how good recon lead them to a $2000 bounty.
4. @artsploit at @GitHubSecurity highlights different ways to get an RCE on Kafka UI.
5. @ott3rly compares two popular recon tools highlighting what each is best for.

🧵4 Trending Tweets

1. @intigriti shares a comprehensive guide for beginners on finding reflective XSS vulnerabilities in this informative thread.
2. Explore essential techniques for bypassing HTTP 403 & 401 codes in Web3 with @SuhradMakwana's in-depth thread on security nuances.
3. Explore the power of Apache Flink for stream and batch processing with insights from @vidocsecurity in this thread!
4. Discover why Web3 developers might want to reconsider Remix for their IDE needs in this insightful thread by @Securrtech.

📽️ 3 Insightful Videos

1. Master Red Team Operations with @HackerSploit’s guide on scope, ROE, reporting, and essential resources for success!
2. Join @criticalthinkingpodcast in Episode 81 with @MtnBer as they dive into client-side hacking and DevTools tips for bug bounty hunters!
3. Discover how to uncover critical vulnerabilities in mobile apps with Joel Margolis (0xteknogeek) on @criticalthinkingpodcast, hosted by @gregxsunday.

💼 2 Job Alerts

1. Checkmarx is seeking an Appsec Analyst with 2-3 years of experience.
2. EY is looking for a skilled professional with 4 years of experience in forensics.

🎁 1 Special Item

1. @nav1n0x shares his advanced SQL Injection methodology.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Bhavesh Harmalkar, Siddhesh Prakash Patil

Newsletter formatting by: Hardik Singh, Nithin R, Manan, Eeshan V, Vivek Reddy, Siddhesh Prakash Patil

Lots of love
Editorial team,
Infosec Writeups