👩‍💻IW Weekly #130: Hacking Trello Board Instances, Hacker Mentality, Regex, Google Dorks, CodeQL Fundamentals and many more…

👩‍💻IW Weekly #130: Hacking Trello Board Instances, Hacker Mentality, Regex, Google Dorks, CodeQL Fundamentals and many more…
Photo by Kenny Eliason / Unsplash

Welcome to the #IWWeekly130 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

  1. @samwcyo discusses how he, along with some researchers, was able to find a way to remotely control any car by KIA.
  2. @zeyu2001 tries to pen down the fundamentals and mathematics behind CodeQL, a code analysis engine developed by GitHub to automate security checks.
  3. Multiple CVEs result in an exploit chain allowing arbitrary command execution on any GNU/Linux system, more details here by @evilsocket.
  4. Read how the team at @assetnote were able to weaponize China’s censorship firewall.
  5. Interested in WordPress hacking? @patchstackapp goes through their methodology on finding an unauthenticated SQL injection in a WordPress plugin.
  1. @intigriti shares some tips on finding and testing public Trello board instances.
  2. Ever heard about Cloudflare R2 misconfigurations? @Intigriti highlights some common mistakes with this AWS S3 alternative.
  3. Google dorks to level up your recon game, by @TakSec.
  4. @a13h1_ shares some insights on staying ahead in the bug bounty and avoiding duplicates.

📽️ 3 Insightful Videos

  1. @NahamSec discusses with @ArchAngelDDay and @Rhynorater on how hackers mentally prepare themselves for live events.
  2. Learn Regex in just 15 minutes with @TCMSecurity.
  3. In the latest edition of @ctbbpodcast, the hosts talk about a clickjacking bug at Google, CursorAI for PoCs, and exploitation of encryption oracles

💼 2 Job Alerts

  1. HSBC is hiring for a Software Security Platform Engineer to work in their office in England.
  2. Apply now to become a Security and Compliance Engineer at IBM, Bangalore - India.

🎁 1 Special Item

  1. @aszx87410 has beautifully written a consolidated blog of the writeups for some of the major CTFs that happened this year.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Shlok, Siddhesh Prakash Patil
Newsletter formatting by: Hardik Singh, Nithin R

Lots of love
Editorial team,

Infosec Writeups

📧
If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]

Subscribe to The Infosec Newsletter

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]
Subscribe