Learn how to use XSS payloads that result in bounties up to $44,625.
Welcome to the #IWWeekly38 - the Monday newsletter that brings the best in Infosec straight to your inbox.
IWCON2022 finally came to a glorious end yesterday night ❤️ Thank you for joining us. I hope you had a lot of fun and learned something new 😊 Please share your feedback here to help us make the next version better for you :)
Coming back to today's NL, here are our top picks for this week: 7 articles, 6 Threads, 5 videos, 2 Github repos and tools, 1 job alert to help you maximize the benefit from this newsletter and take a massive jump ahead in your career.
Excited? Let’s jump in 👇
📝 7 Infosec Articles (5+ 2 beginner-friendly)
#2 @pmnh_ and @UsmanMansha used Spring Expression Language injection on a Spring Boot application in order to bypass Akamai WAF and achieve remote code execution (P1). Read on to learn how they achieved it.
#3 Read how @jzeerx got SSTI which resulted in arbitrary file reading on one of Asia's leading payment systems.
#4 Gafnit Amiga uncovers a major security flaw in AWS ECR Public where external actors can delete, update, and create images, layers, and tags.
#5 Read Omar Hashem’s in-detail article where he explained CVE-2022-42710 journey in the linear eMerge E3 Series to trace the path from XXE to Stored-XSS.
🧵6 Trending Threads (4 + 2 beginner-friendly)
#1 Het Mehta provided a list of free security operation centre (SOC) certifications.
📽️ 5 Insightful Videos (3 + 2 beginner-friendly)
#1 @ProgrammerSmart walks you through Ethernaut level 03 - Coin Flip challenge which involves beating the randomness of the contract to guess values.
#1 Wondering what are the most used XSS payloads that fetch hackers bounties? Check out this video by @gregxsunday where he discusses why, how and where XSS payloads get used resulting in bounties up to $44,625.
⚒️ 2 GitHub repositories & Tools
💰1 Job Alert
#1 PhonePe is looking for a Security engineer. Checkout the details here.
💸Advertise with us💸
We are looking to partner with amazing infosec, pen testing, and ethical hacking teams, brands, and companies from all over the world.
If you'd like to advertise to our 27k+ community of cybersecurity enthusiasts, click here to partner with us.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.
Before we say bye…
If you found this newsletter interesting, and know other people who would too, we'd really appreciate if you could forward it to them 📨
If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.
See you again next week.
Lots of love
This newsletter has been created in collaboration with our amazing ambassadors.
Resource contribution by: Nikhil A Memane, Bhavesh Harmalkar, Mohit Khemchandani, Vinay Kumar, Manikesh Singh, and Tuhin Bose.
Newsletter formatting by: Hardik Singh, Vinay Kumar, Siddharth and Ayush Singh.