👩💻IW Weekly #133: Tools For Recon, Sandbox Bypass in Chromium Browser, Zendesk Vulnerability, CVE-2024-23113, SAML XPath Confusion, AI-Powered 403 Bypassers and many more…
Welcome to the #IWWeekly133 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- Discover 8 essential tools to enhance your bug bounty recon with @Intigriti’s latest guide.
- Discover how one bug led to over $50,000 in bounties as @hackermondev uncovers Zendesk's critical vulnerability affecting hundreds of Fortune 500 companies.
- Take a deep dive into CVE-2024-23113 with @watchtowrcyber’s latest research, uncovering a complex vulnerability in Fortinet FortiGate.
- Read how @ading2210 discovered CVE-2024-6778 and CVE-2024-5836—vulnerabilities in the Chromium browser that enabled a sandbox escape from a browser extension.
- Check out HackerNotes Ep.92 by @ctbbpodcast for the latest research on SAML XPath confusion, Chinese DNS poisoning, AI-powered 403 bypassers, and much more!
🧵4 Trending Tweets
- Read to find out how @kuldeepdotexe took over and streamlined all mail operations for a client.
- @assetnote uncovers censorship and DNS poisoning risks via China's Great Firewall with @ctbbpodcast!
- @intigriti shares the top 4 essential recon tools for hunters!
- Want to increase your attack surface? @intigriti recommends using CeWL, a tool that generates custom wordlists from your target's keywords!
📽️ 3 Insightful Videos
- @NahamSec dives into how Amazon paid over $2.1M in bounties to hackers in the h1-0131 event!
- @defcon features Justin Rhynorater Gardner sharing his top war stories from a bug bounty hunter!
- At DEFCON 32, Gareth Heyes explores exploiting email parsers to bypass access controls.
💼 2 Job Alerts
- Dark Vortex is hiring Security Researchers ! Ideal candidates should have expertise in Windows API development, Adversary Simulation, and C programming.
- Trail of Bits is hiring a Security Engineer I specializing in Blockchain. Join their team to work on cutting-edge security solutions!
🎁 1 Special Item
- @ndevtk has come up with a collection of intriguing writeups documenting various security behaviours, vulnerabilities, and potential risks across Google services and beyond.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Hardik Singh, Shlok, Samrithi V, Siddhesh Prakash Patil
Newsletter formatting by: Hardik Singh, Shlok, Siddhesh Prakash Patil
Lots of love
Editorial team,
Infosec Writeups
📧
If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]