👩‍💻IW Weekly #125: AWS ALBeast Vulnerability, SSRF Bug In Microsoft’s Copilot Studio, Cache Misconfiguration Exploit, Web Caching, DEF CON 32, Game Hacking, and many more…

👩‍💻IW Weekly #125: AWS ALBeast Vulnerability, SSRF Bug In Microsoft’s Copilot Studio, Cache Misconfiguration Exploit, Web Caching, DEF CON 32, Game Hacking, and many more…
Photo by Zanyar Ibrahim / Unsplash

Welcome to the #IWWeekly125 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

  1. Explore how @rikeshbaniya won a bounty worth $2000 by bypassing authorization due to cache misconfiguration.
  2. @0xAwali teaches how web caching works and vulnerabilities of commonly used CDN service Akamai and Cloudflare.
  3. @stargravy shares about how he exploited Microsoft Copilot Studio with server side request forgery.
  4. @_anonysm recently found a  session persistence vulnerability in a multi-billion dollar company that earned him a substantial amount of bounty.
  5. Read to understand how @debu8er discovered an open redirect, 2FA bypass, premature information disclosure, session fixation and earned around $1600.
  1. Checkout the new ffufai tool by @rex0__ - an AI powered web wrapper that automatically suggests file extensions for fuzzing.
  2. @fs0c131y who used OSINT techniques to uncover the identity of the famous hacker USDoD. Fantastic stuff!
  3. Take a look at gofuzz, developed by @nullenc0de, which recursively scans JavaScript files to extract URLs, secrets, resolves relative URLs and many more.
  4. @liadeliyahu breaks down the ALBeast vulnerability in AWS ALB, discovered by @MiggoSecurity, that could allow authentication bypass for thousands of apps.

📽️ 3 Insightful Videos

  1. Watch how @0xteknogeek and @Rhynorater discuss the latest DEFCON research, including web timing attacks, cache exploitation, Apache hacks and more, on the @ctbbpodcast.
  2. Explore @_JohnHammond’s video for an introduction to Game Hacking.
  3. Catch @NahamSec’s vlog on DEFCON 32 for all the latest insights and highlights.

💼 2 Job Alerts

  1. Zomato is hiring a Security Engineer. Interested? Find a way to send your profile to them.
  2. KPMG is offering a full time Risk Advisory Software Executive with an experience of 2 to 5 years.

🎁 1 Special Item

  1. Try and solve this XSS-challenge created by @fransrosen.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Nithin R, Manan, Rachit Arora, Siddhesh Prakash Patil
Newsletter formatting by: Siddhesh Prakash Patil, N B Shansita Shri, Samrithi V, Mithun Karthick Venkatesan, Dhakhxayah Senthilkumar

Lots of love
Editorial team,

Infosec Writeups

📧
If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]

Subscribe to The Infosec Newsletter

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]
Subscribe