👩💻IW Weekly #131: ROP For Security Bypass, Ruby Class Pollution, Mobile Hacking, Reverse Engineering, Hacking Websites With ZIP Files and many more…
Welcome to the #IWWeekly131 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- Discover how @1day ethically infiltrated a university database, exposing thousands of student records in this detailed report.
- Get insights into a rare vulnerability in Ruby, known as class pollution, as presented by @Doyensec.
- Read the comprehensive guide by @damian-pine-6305a816b on how to get started with mobile phone hacking.
- HackerNotes Episode 90 by @ctbbpodcast delivers groundbreaking research on using cursors for POC creation, fresh insights on SQLi, encryption oracles, file upload content types for XSS, and a $5k clickjacking bounty on Google, etc.
- Learn how to use ROP (return-oriented programming) to bypass security mechanisms in this guide by @oliviagalluccii.
🧵4 Trending Tweets
- Want to know how to find more Bugs? Take a look at this thread by @intigriti
- Take a quick lesson on reverse engineering in this thread by @HaxoGames
- This thread by @ctbbpodcast and @Black2Fan lists the Content-Type that can be used for XSS.
- Learn Regex in just 15 minutes with @TCMSecurity.
📽️ 3 Insightful Videos
- Watch @NahamSec’s insightful guide on hacking websites using zip files.
- Explore the world of bug bounty and web hacking in this podcast episode hosted by @Infosecpat featuring @NahamSec.
- Learn about mutation XSS in an informative video by @mrgavyadha.
💼 2 Job Alerts
- Join Payatu Bandits for multiple roles to unleash your creativity and technical skills in pioneering cybersecurity solutions.
- @esecforte is hiring a Security Consultant with experience in Web Mobile & API to enhance the security of their diverse services.
🎁 1 Special Item
- This week’s highlights: @renniepak has come up with an awesome website where you can search for known CSP bypass gadgets to gain XSS.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Nikhil A Memane, Hardik Singh, Bhavesh Harmalkar, Nithin R, Tuhin Bose, Dhakhxayah Senthilkumar, Siddhesh Prakash Patil
Newsletter formatting by: Nithin R, Mithun Karthick Venkatesan, Shlok, Siddhesh Prakash Patil
Lots of love
Editorial team,
Infosec Writeups
📧
If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]