👩💻File Leakage, Blockchain Security, Bypass 2FA, Kerberoasting, Exploiting Security Bugs, and much more…
These two Telegram vulnerabilities led to a leak of internal files.
Hey 👋
Welcome to the #IWWeekly22 - the Monday newsletter that brings the best in Infosec straight to your inbox.
This week’s NL is brought to you by Zero-Point Security.
Here's a word from our sponsor:
We're making Red Teaming knowledge and skillsets more accessible and affordable by providing high-quality training materials and lab environments in a scalable, online format – therefore enabling businesses and industries to improve their cyber defense capabilities and adversarial resilience. Click here to know more about our training.
Coming back to today's NL, here are our top picks for this week: 5 articles, 4 Threads, 3 videos, 2 Github repos and tools, 1 job alert to help you maximize the benefit from this newsletter and take a massive jump ahead in your career.
Excited? Let’s dive in👇
📝 5 Infosec Articles
#1 This blog reveals that Blockchain’s apps and integrations are not as secure as Blockchain itself.
#2 Do you want to become an Azure cloud ethical hacker? Read this article to know the game plan.
#3 If you find hacking browser extensions interesting, then you’ll enjoy reading this article that shows how you can compromise the attack surface of extensions.
#4 Read this amazing article to find how you can perform an SQL injection using host headers.
#5 These two Telegram vulnerabilities led to a leak of internal files. 😱
🧵4 Trending Threads
#1 Looking for some inside secrets of Reverse Engineering, DFIR and many more? Read this thread to find some industry standard hidden gems.
#2 Want to explore multiple ways to bypass 2FA? Read this thread to identify it.
#3 Here’s a great way to help you find and exploit the security bug.
#4 Go through this thread to find out how you can prevent Kerberoasting.
📽️ 3 Insightful Videos
#1 Learn how to conduct a forensic investigation of a compromised employee workstation by @mascho from @bluecapesec.
#2 @_zwink goes over GraphQL introspection, playground, queries, mutations, etc. while highlighting the importance of manual testing.
#3 Watch this Minecraft Force-OP Exploit by @LiveOverflow.
⚒️2 Github repositories & Tools
#1 urless is a python tool to declutter a list of URLs by filtering unwanted keywords, extensions, parameter values, etc. by @xnl_h4ck3r.
#2 osgint by @hiippiiie is an OSINT tool to gather information of any github user right from your terminal.
💰1 Job alert
#1 Rivian is hiring a Cybersecurity Analyst who can provide tactical and operational assistance supporting their Vulnerability Management program.
💸Advertise with us💸
We are looking to partner with amazing infosec, pen testing, and ethical hacking teams, brands, and companies from all over the world. If this sounds like you, click here to partner with us.
—----------------------------------------------------------------------------------
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.
Before we say bye…
If you found this newsletter interesting, and know other people who would too, we'd really appreciate if you could forward it to them 📨
If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.
See you again next week.
Lots of love
Editorial team,
This newsletter has been created in collaboration wi th our amazing ambassadors.
Resource contribution by: Ayush Singh, Bimal K. Sahoo, Nikhil Memane, Mohit Khemchandani, Pramod Kumar Pradhan, and Tuhin Bose.
Newsletter formatting by: Hardik Singh, Siddharth, Mohit Khemchandani and Ayush Singh.
If you wish to join our Ambassadors channel and contribute to the newsletter, send us a DM on Twitter with your discord username.