Welcome to the thirteenth edition of Infosec Weekly - the Monday newsletter that brings the best in Infosec straight to your inbox.
The Infosec world is continuously evolving with newer finds and features coming up every single day. Not able to catch up with the changes? Don’t worry. In today’s edition, we’ve curated all the amazing Infosec stuff that needs your attention, in a format of 5 articles, 4 Threads, 3 videos, 2 Github repos and tools, and 1 job alert, to help you maximize the benefit from this newsletter and take a massive jump ahead in your career.
Sounds interesting? Let’s dive in👇
📝 5 Infosec Articles
#1 Team Nautilus at Aquasec found tens of thousands of user tokens exposed via the Travis CI API, which allows anyone to access historical clear-text logs.
#2 An article by Slowmist describes how a White hat group, United Global Whitehat Security Team(UGWST) was able to discover the browser extension-only vulnerability which allowed attackers to deceive users into sending crypto-assets without them realizing it.
#5 Portswigger has improved the DOM invader tool to make finding C-SPP (client-side prototype pollution) as easy as a couple of clicks.
🧵4 Trending Threads
#2 @tabaahi_ explains how beginners can look for open redirects, what tools to use, how to go about finding them and where one should report open redirects. Check it out here. It’s a great starting point for newbies in Infosec.
#3 A great thread from Hossein NafisiAsl where he explains how an HTTP Request smuggling turns into mass account takeover and shares a great GitHub repository where he collected amazing write-ups & tips.
📽️ 3 Insightful Videos
#1 Rana Khalil’s next video is out for the 2nd lab of command injection module by the Web Security Academy, where she used both manual and automated approach using python to solve the same.
#2 A great video from Patrick Collins about auditing smart contracts, where he explained the audit process, the basics of how to conduct one, and how to interact with auditors.
⚒️2 Github repositories & Tools
#1 Xnl-h4ck3r has launched their python tool named xnLinkFinder similar to their Burp extension called GAP. It helps to discover endpoints for a given target using the Regex. Similar but advanced to a tool named LinkFinder.
💰1 Job alert ⚠️
#1 A great Internship opportunity by Cybertix for everyone who wants professional experience and wants to upskill themselves.
Last date to apply for Internship: 15th July 2022
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.
Before we say bye…
If you found this newsletter interesting, and know other people who would too, we'd really appreciate if you could forward it to them 📨
If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.
See you again next week.
Lots of love
This newsletter has been created in collaboration with our amazing ambassadors.
If you wish to join our Ambassadors channel and contribute to the newsletter, reply to this email with your discord username.