Welcome to the fifteenth edition of Infosec Weekly - the Monday newsletter that brings the best in Infosec straight to your inbox.
In today’s edition, we’ve curated all the amazing Infosec stuff that needs your attention this week in a format of 5 articles, 4 Threads, 3 videos, 2 Github repos and tools, and 1 job alert and Upcoming CTF Events to help you maximize the benefit from this newsletter and take a massive jump ahead in your career.
Excited? Let’s dive in👇
📝 5 Infosec Articles
#3 @Frans Rosén did a great research on how there still exist numerous methods to steal certain leaked tokens from sign in OAuth-flows. Read about his research here:- Account hijacking using ”dirty dancing” in sign-in OAuth-flows
#4 Do you hunt on old programs? If not, read about how @Zunaid Mehmud was able to find an interesting privilege escalation vulnerability in an old private program.
🧵4 Trending Threads
#1 Ever wondered about good CyberChef tool alternatives? @Matt’s short thread of solid CyberChef alternatives and complementary tools has something for you.
#3 What do you do when a program has a scope like a site.* (es|com|cn...) ? @Philip Delteil shares his take on such a scenario with an informative twitter thread.
#4 @InsiderPhD drops an awesome API mind map in #bugbountytips hashtag to help you get an idea if you are planning to learn about it.
What is an API? What makes them special? And what kind of APIs are out there?
📽️ 3 Insightful Videos
#2 Watch this great video interview by @MastersinIT1 on youtube to know more about the The Real World Of Cyber Security | Cyber Security talk with Sainath Volam.
#3 Want to learn Json WebTokens and solve labs with @0xTib3rius?Check out this video by him, Learn and solve labs for JWT:- Web App Wednesday (6/22/22) - Portswigger JWT Labs.
⚒️2 Github repositories & Tools
#1 A well organized github repository with bugbounty write-ups collection sectioned as Owasp top 10 vulnerabilities.
#2 Koh is a C# and a Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage.
💰1 Job alert ⚠️
🎮 Upcoming CTF Events
#1 wtfCTF 2022 v2.0 - Jeopardy
Fri, July 15, 2022 12:00 UTC+00:00
Weight: 19 points
Duration: 2 days
#2 HTB Business CTF 2022: Dirty Money - Jeopardy
Fri, July 15, 2022 13:00 UTC+00:00
Weight: 24 points
Duration: 2 days and 6 hours
#3 Crypto CTF 2022 - Jeopardy
Fri, July 15, 2022 14:00 UTC+00:00
Weight: 48 points
Duration: 1 day
#4 ImaginaryCTF 2022 - Jeopardy
Fri, July 15, 2022 20:00 UTC+00:00
Weight: 24 points
Duration: 3 days
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.
Before we say bye…
If you found this newsletter interesting, and know other people who would too, we'd really appreciate if you could forward it to them 📨
If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.
See you again next week.
Lots of love
This newsletter has been created in collaboration with our amazing ambassadors.
If you wish to join our Ambassadors channel and contribute to the newsletter, send us a DM on Twitter with your discord username.