👩‍💻IW Weekly #127: Nanocore Obfuscation, Code Protection Bypass, Gmail HTML Injection, Remote Code Execution, X-Correlation Injection Research, and many more…

👩‍💻IW Weekly #127: Nanocore Obfuscation, Code Protection Bypass, Gmail HTML Injection,  Remote Code Execution, X-Correlation Injection Research, and many more…
Photo by James Harrison / Unsplash

Welcome to the #IWWeekly127 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

  1. @h4x0r_dz shares analysis on a Gmail HTML form injection vulnerability and its potential implications for email security.
  2. @intigriti has come up with a comprehensive guide on hacking misconfigured AWS s3 buckets
  3. Check out this intriguing research on defeating Nanocore obfuscation by @embee_research, using flow control and mathematical operators to deobfuscate a .vbs loader for the malware.
  4. Take an in-depth look into KonyLab’s code protection bypass by @Xmosb7, allowing him to access the full source code of an Android app.
  5. Examine how @0x0ld made $15K by keeping an eye out for debug mode to gain remote code execution (RCE).
  1. Check out this mind-bending X-Correlation Injection research by @ctbbpodcast featuring @fransrosen
  2. @tincho_508 highlighted some interesting normalisation discrepancies across different technologies.
  3. @DailyOsint drops an OSINT reconnaissance tool named Ashok with features like Wayback Machine crawling, unlimited Google Dorking, GitHub info grabber, subdomain finder and CMS/tech detection.
  4. @renniepak discovers a quick way to find ‘all’ paths for Next .js websites.

📽️ 3 Insightful Videos

  1. @Tib3rius provides a tutorial on the basics of buffer overflow exploitation for beginners in cybersecurity. 
  2. Check out this trick by @LiveOverflow on how to get into Android hacking and reverse engineering.
  3. Check out this video from the @criticalthinkingpodcast that features a discussion on bug bounty hunting strategies, focusing on how to efficiently find and exploit security vulnerabilities. 

💼 2 Job Alerts

  1. Join Payatu Bandits for multiple roles to unleash your creativity and technical skills in pioneering cybersecurity solutions.
  2. @Flipkart is hiring Security Engineers to enhance the security of their diverse e-commerce solutions and services.

🎁 1 Special Item

  1. This week’s highlight: @PortSwigger has come up with a collective payload list of URL validation bypasses. These can be useful for attacks such as SSRF, CORS misconfigurations and Open redirects.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Manan, Shlok, Samrithi V, Senthilkumar, Siddhesh Prakash Patil
Newsletter formatting by: Hardik Singh, Nithin R, Shlok, Vivek Reddy, N B Shansita Shri, Mithun Karthick Venkatesan,

Lots of love
Editorial team,

Infosec Writeups

📧
If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]

Subscribe to The Infosec Newsletter

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]
Subscribe