👩💻IW Weekly #124: XSS WAF Bypass, Google and Github Dorks, XSS via CSPT, Bug Hunting Methodology, and many more…
Welcome to the #IWWeekly124 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- @Assass1nmarcos and @_rajesh_ranjan_ have written about how there were able to find a super interesting admin panel bypass worth $3500.
- Idan Ron built tldfinder with @pdiscoveryio to uncover TLDs, associated subdomains, and related domain names and shows you how one can hack beyond the .com TLD.
- Checkout the dangers of bypassing a framework’s built-in sanitization in this informative blog post by @sonarsource.
- @princechaddha explains how blockchain transactions work behind the picture in their ongoing series of understanding Blockchain.
- @_1nt3rc3pt0r_ shares with us on how they were able to find not one but two HTTP Request Smuggling vulnerabilities.
🧵4 Trending Tweets
- @ctbbpodcast talks about XSS WAF bypass techniques.
- Checkout this thread by @Jhaddix to learn about manipulating URL schemes in mobile apps.
- @nav1n0x shares google dorking tricks to find applications leaking sensitive information.
- Use this github search trick to find code vulnerable to SSRF as shared by @Jhaddix.
📽️ 3 Insightful Videos
- @gregxsunday interviews @ArchAngelDDay where they discuss their bug hunting methodology, collaboration, quitting their jobs, and more.
- The team at @assetnote discuss the importance of Attack Surface Management (ASM) with the rise of cloud-native architectures, devops, and the breakdown of the traditional perimeter.
- @intigriti walks us through the solution for their defcon XSS challenge achieved via Client-side Path Traversal (CSPT).
💼 2 Job Alerts
- SentinelOne is looking for an Offensive Security Engineer at Bangalore.
- RedFox Security is hiring a Red Teamer/Pentester to work in their Mumbai office.
🎁 1 Special Item
- Learn about the HTML entity encoding trick and practise the same in the lab today.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Nikhil A Memane, Hardik Singh, Bhavesh Harmalkar
Newsletter formatting by: Hardik Singh, Nithin R, Shansita Shri
Lots of love
Editorial team,
Infosec Writeups
📧
If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]