👩💻IW Weekly #36: 1,250€ Bounty, VoIP Spoofing, SSL Pinning, Intercepting Proxy, XSS Resources, Signature-based Malware Detection, and much more…
Bounty of 1,250€ from Intigriti for VoIP spoofing vulnerability. Read about it here.
Welcome to the #IWWeekly36 - the Monday newsletter that brings the best in Infosec straight to your inbox.
We’re in the last 30 days of 2022 and there’s no better time to pick up a few skills and polish your learnings before jumping in 2023.
Book your ticket for IWCON2.0 and learn from the best in the cybersec world 😍🙌
With 20+ hours of immersive learning, QnA and networking, this conference would bring a massive lift in your infosec career 😁🔥
Now, coming back to today's NL, here are our top picks for this week: 7 articles, 6 Threads, 5 videos, 2 GitHub repos and tools, 1 job alert to help you maximize the benefit from this newsletter and take a massive jump ahead in your career.
Excited? Let’s jump in👇
📝 7 Infosec Articles (5+ 2 beginner-friendly)
#1 Read this in-depth article by Kishor Balan on bypassing Android SSL pinning and intercepting Proxy unaware apps.
#2 Ltidi showed how to uncover hidden security risks in sendbird misconfigurations.
#3 Gaurang Bhatnagar discovered multiple vulnerabilities in an Airtel Android application.
#4 Find out how 0xjin discovered a VoIP spoofing vulnerability and received a bug bounty of 1,250€ from Intigriti.
#5 Luke Young's post contains a chain of vulnerabilities reported to Riot games that trigger the XSS vulnerability.
#1 Do you want to learn the basics of AWS penetration testing? Read this step-by-step guide by Pradip Bhattarai.
#2 Want to learn how to implement remote command execution in the real world? Read this classic example of remote command execution by Bhashit Pandya.
🧵6 Trending Threads (4 + 2 beginner-friendly)
#1 Read this story of how a security vulnerability was discovered in Hyundai and Genesis vehicles by Sam Curry
#2 Master XSS with Intigriti's thread featuring a curated list of XSS learning resources.
#3 Find LFI vulnerabilities using GodFather Orwa’s bug bounty tips to get access to systems.
#4 Read this list of useful Google dorks by Intigriti. They’re perfect for finding valuable information about your target in bug bounty hunting.
#1 This thread explains what Signature-based detection for malware is and how to use it to protect your systems from attacks by Maik Ro.
#2 @Steiner254 shared a curated list of resources for learning about SQL injection vulnerabilities.
📽️ 5 Insightful Videos (3 + 2 beginner-friendly)
#1 Learn how to steal arbitrary files from LocalStorage in Android from this interview between @AseemShrey and @hax0rgb.
#2 Find how to bypass the Windows stack protection i.e. data execution prevention while binary exploit development by Guided Hacking.
#3 @LiveOverflow walks you through the reach Minecraft attack aka. TPAura attack.
#1 @PhD_Security solves a lab on server-side template injection while sharing amazing resources related to it.
#2 Watch @Gregxsunday’s extremely resourceful livestream where he shares his most important security lessons of 2022.
⚒️ 2 GitHub repositories & Tools
#1 The latest release of Osmedeus by @j3ssiejjj, a workflow engine for offensive security, with fresh changes.
#2 Csprecon is a golang based tool for content discovery using the content security policy by @edoardottt2.
💰1 Job Alert
#1 eSec Forte Technologies is on a hiring spree with positions open for application security, vulnerability assessment and penetration testing, cloud security, network security, etc.
Check out all the details here.
💸Advertise with us💸
We are looking to partner with amazing infosec, pen testing, and ethical hacking teams, brands, and companies from all over the world.
If you'd like to advertise to our 27k+ community of cybersecurity enthusiasts, click here to partner with us.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.
Before we say bye…
If you found this newsletter interesting, and know other people who would too, we'd really appreciate if you could forward it to them 📨
If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.
See you again next week.
Lots of love
This newsletter has been created in collaboration with our amazing ambassadors.
Resource contribution by: Ayush Singh, Hardik Singh, Nikhil A Memane, Bhavesh Harmalkar, Mohit Khemchandani, Bimal Kumar Sahoo, Siddharth, Vinay Kumar, and Tuhin Bose.
Newsletter formatting by: Hardik Singh, Vinay Kumar, Siddharth and Ayush Singh.