👩‍💻IW Weekly #125: AWS ALBeast Vulnerability, SSRF Bug In Microsoft’s Copilot Studio, Cache Misconfiguration Exploit, Web Caching, DEF CON 32, Game Hacking, and many more…

Welcome to the #IWWeekly125 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. Explore how @rikeshbaniya won a bounty worth $2000 by bypassing authorization due to cache misconfiguration.
2. @0xAwali teaches how web caching works and vulnerabilities of commonly used CDN service Akamai and Cloudflare.
3. @stargravy shares about how he exploited Microsoft Copilot Studio with server side request forgery.
4. @_anonysm recently found a  session persistence vulnerability in a multi-billion dollar company that earned him a substantial amount of bounty.
5. Read to understand how @debu8er discovered an open redirect, 2FA bypass, premature information disclosure, session fixation and earned around $1600.

🧵4 Trending Tweets

1. Checkout the new ffufai tool by @rex0__ - an AI powered web wrapper that automatically suggests file extensions for fuzzing.
2. @fs0c131y who used OSINT techniques to uncover the identity of the famous hacker USDoD. Fantastic stuff!
3. Take a look at gofuzz, developed by @nullenc0de, which recursively scans JavaScript files to extract URLs, secrets, resolves relative URLs and many more.
4. @liadeliyahu breaks down the ALBeast vulnerability in AWS ALB, discovered by @MiggoSecurity, that could allow authentication bypass for thousands of apps.

📽️ 3 Insightful Videos

1. Watch how @0xteknogeek and @Rhynorater discuss the latest DEFCON research, including web timing attacks, cache exploitation, Apache hacks and more, on the @ctbbpodcast.
2. Explore @_JohnHammond’s video for an introduction to Game Hacking.
3. Catch @NahamSec’s vlog on DEFCON 32 for all the latest insights and highlights.

💼 2 Job Alerts

1. Zomato is hiring a Security Engineer. Interested? Find a way to send your profile to them.
2. KPMG is offering a full time Risk Advisory Software Executive with an experience of 2 to 5 years.

🎁 1 Special Item

1. Try and solve this XSS-challenge created by @fransrosen.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Nithin R, Manan, Rachit Arora, Siddhesh Prakash Patil

Newsletter formatting by: Siddhesh Prakash Patil, N B Shansita Shri, Samrithi V, Mithun Karthick Venkatesan, Dhakhxayah Senthilkumar

Lots of love
Editorial team,
Infosec Writeups