👩‍💻IW Weekly #129: Google VRP Blog, CVE-2024-29847 Exploit, Hotstar Hacked, Bug Bounty Tips, OSINT Explained, and many more…

Welcome to the #IWWeekly129 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. @shreyapohekar shows us what not to submit on bug bounty platforms. Do give it a read!
2. Checkout @doyensec’s latest post on how to apply security engineering to make phishing harder.
3. Read to find out how @rootxvishal hacked Hotstar, one of the most popular streaming platforms in India
4. @SinSinology has published a fantastic article explaining a fully working unauthenticated exploit for CVE-2024-29847 and details how this bug class works.
5. @rebane2001 published a fantastic blog on how they were able to use Youtube to steal other people’s files and won an amazing bounty for the same.

🧵4 Trending Tweets

1. @ThisIsDK999 found an amazing RCE on an AEM webserver and has shared with us how he was able to achieve the same.
2. Check out the bug bounty tips shared by @Jayesh25_ to extract API endpoints and constructs complex HTTP requests from JS files using AI.
3. Go through @intigriti’s tweet to learn about tools you can use to test for misconfigured AWS S3 buckets.
4. @Securrtech has written a fantastic web3sec thread titled ‘Exploring Exit Game Vulnerabilities in Optimistic Rollups’.

📽️ 3 Insightful Videos

1. @NahamSec explains OSINT in simple words.
2. The long awaited talk of @GodfatherOrwa with @bugcrowd on recon techniques is out!
3. Watch @NahamSec talk about how to hack GitLab instances.

💼 2 Job Alerts

1. HP is hiring for a penetration tester in Bangalore, India.
2. Amazon is looking out for a security engineer to work in their office at Bangalore, India.

🎁 1 Special Item

1. Solve the fun little hacking challenge posted by @Blaklis_ to win 50$.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Nithin R, Shlok, Siddhesh Prakash Patil

Newsletter formatting by: Nithin R, Shlok, Siddhesh Prakash Patil

Lots of love
Editorial team,
Infosec Writeups