👩💻IW Weekly #126: Bypassing Airport Security, XSS on Netlify’s Image CDN, Frans Rosén’s X-Correlation Research, Prompt Injection on Microsoft Copilot, Type Confusion Flaw in Chrome, and many more…
Welcome to the #IWWeekly126 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- Explore how @iangcarroll and @samwcyo bypassed airport security using SQLi
- For a deep dive into the technical details of CVE-2024-7965 vulnerability in Chrome’s V8 Engine, check out this article by @cybleglobal
- @sudhanshur705 explored how he bypassed Netlify's CSP to exploit XSS in their Image CDN
- @wunderwuzzi23 detailed how a vulnerability in Microsoft 365 Copilot allowed attackers to steal personal information through a novel exploit chain
- Check out this insightful blog post by @RedTeamPT where they explain how they exploited RCE in Moodle's quiz system
🧵4 Trending Tweets
- @fransrosen goes over the solution of a previously released XSS challenge.
- @byte_hide highlights different ways how an organisation could end up leaking their source code.
- Utilise these tools while testing for SSRFs, by @intigriti.
- @0day_exploit_ walks us through different ways to exploit JWTs.
📽️ 3 Insightful Videos
- Ever seen headers like ‘X-Correlation-ID’ while testing? Check out @fransrosen’s latest interview on @ctbbpodcast highlighting all issues stemming from the header.
- Learn how to enumerate IAM permissions in GCP, an important step while pentesting cloud environments, by @Hac10101.
- @_JohnHammond walks us through on how to debug and hack Unity based games.
💼 2 Job Alerts
- Deloitte is looking for a Splunk Admin with 3-6 Years of experience.
- PwC is seeking a Penetration Testing Associate with 2 to 4 years experience.
🎁 1 Special Item
- Unleash your inner hacker with Koii’s $10,000 Bug Bounty Challenge
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Nikhil A Memane, Hardik Singh, Tuhin Bose, Manan, Siddhesh Prakash Patil, Samrithi V, Mithun Karthick Venkatesan
Newsletter formatting by: NHardik Singh, Manan, Eeshan V, Vivek Reddy, Siddhesh Prakash Patil
Lots of love
Editorial team,
Infosec Writeups
📧
If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]