👩💻IW Weekly #18: $45,000 Facebook Bug Bounty, Cross-site Scripting, Hacking, Recon and Breaking into Cybersecurity, and much more…
Welcome to the eighteenth edition of Infosec Weekly - the Monday newsletter that brings the best in Infosec straight to your inbox.
So how was your weekend? We saw a lot of bug bounty wins related articles this week in our publication writeups. We hope you also found some, or soon will.
For now, here are our picks for this week: 5 articles, 4 Threads, 3 videos, 2 Github repos and tools, 1 job alert to help you maximize the benefit from this newsletter and take a massive jump ahead in your career.
Excited? Let’s dive in👇
📝 5 Infosec Articles
#1 ProjectDiscovery's best kept secrets.
#2 Mail Server Misconfiguration leads to sending a fax from anyone’s account on HelloFax (Dropbox BBP) for a bounty of $4,913.
#3 An interesting writeup on framing without iframes.
#4 Read here the ultimate tips and tricks to find more cross-site scripting vulnerabilities.
#5 Exploiting GitHub actions on open source projects.
🧵4 Trending Threads
#1 What are the most common smart contract vulnerabilities? Find in this thread.
#2 For every bug bounty hunter, keep these things in mind when you are reporting any vulnerability.
#3 Interested in bug bounties? Here are the 5 ways to maximize your luck of finding a bug.
#4 @InsiderPhD Tweeted all day to show her process of working on H1-702 targets.
📽️ 3 Insightful Videos
#1 The same origin policy - hacker history by LiveOverflow.
#2 @seclilc talks about hacking, recon and breaking into cybersecurity.
#3 2022-style OAuth account takeover on Facebook - $45,000 bug bounty.
⚒️2 Github repositories & Tools
#1 Web based favicon recon tool made using streamlit.
#2 A python tool used to discover endpoints (and potential parameters) for a given target.
💰1 Job alert ⚠️
#1 Seclance is looking for VAPT candidates with 0-1 year of experience. Freshers are also welcome to join for this Internship + Permanent role. Apply here.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.
Before we say bye…
If you found this newsletter interesting, and know other people who would too, we'd really appreciate if you could forward it to them 📨
If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.
See you again next week.
Lots of love
This newsletter has been created in collaboration with our amazing ambassadors.
Resource contribution by: Ayush Singh, Bimal K. Sahoo, Mohit Khemchandani, Hardik Singh, and Bhavesh Harmalkar.
Newsletter formatting by: Nithin R and Bhavya Jain.
If you wish to join our Ambassadors channel and contribute to the newsletter, send us a DM on Twitter with your discord username.