👩‍💻IW Weekly #123: Web Timing Attacks, Confusion Attacks, LUCI AuthDB Leak, LHEs vs Pwn2Owns, Reverse Engineering 101 and many more…

Welcome to the #IWWeekly123 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. Explore practical web timing attacks that exploit subtle delays to uncover vulnerabilities, authored by @albinowax.
2. Read about the LUCI AuthDB Leak to learn how @ndevtk found a token bypass in chromium's CI Infrastructure, earning them a $1000 bounty.
3. @garethheyes examines how exploiting email parsers can effectively bypass access controls.
4. “Confusion Attacks” by @orange_8361 reveals how hidden semantic ambiguities in Apache HTTP Server can be exploited for security vulnerabilities.
5. @tincho_508 delves into innovative methods for exploiting web cache vulnerabilities to achieve unauthorized access and content manipulation.

🧵4 Trending Tweets

1. @SuhradMakwana has shared a cybersecurity update, highlighting the latest vulnerability that poses a significant risk to systems if left unpatched.
2. @ctbbpodcast explains the key differences between LHEs and Pwn2Owns
3. @vidocsecurity has flagged a critical flaw in web application security
4. Read how 5 Tools used by security testers to detect GraphQL Injection, thread by @spectat0rguy

📽️ 3 Insightful Videos

1. Check out this informative tutorial on reverse engineering by @davidbombal with @Steph3nSims
2. Join @ctbbpodcast in Episode 83 with @0xteknogeek as they dive into Brainstorming Proxy Plugins for bug bounty hunters!
3. @assetnote research details how chaining three vulnerabilities can lead to unauthorized access to all data in ServiceNow environments.

💼 2 Job Alerts

1. BrowserStack is hiring a Security Engineer for a remote, entry-level position based in India, focused on protecting web and mobile applications. 
2. Payatu is seeking passionate individuals to join as SOC Analysts, Security Consultants (GRC), and Senior Security Consultants (Web) to drive security innovations and defend against digital threats.

🎁 1 Special Item

1. Discover a repository of code, tools, and CTF challenges used in Black Hat and DEFCON demos, featuring advanced techniques for exploiting email parsers and bypassing access controls, all presented by @PortSwigger.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Bhavesh Harmalkar, Siddhesh Prakash Patil

Newsletter formatting by: Hardik Singh, Nithin R, Manan, Eeshan V,Vivek Reddy, Siddhesh Prakash Patil

Lots of love
Editorial team,
Infosec Writeups