IW Weekly #5: Account Takeover, Recon, Ransomware Creation, and more.
Welcome to the fifth edition of Infosec Weekly - the Monday newsletter that aims to give you a new perspective about the possibilities of the Infosec space, straight to your inbox.
In today’s edition, we’ve handpicked some of the most thought provoking articles of InfoSec Write-ups to help you understand how other security enthusiasts are thriving in the Infosec world and how you can too.
Sounds interesting? Let’s dive in👇
#1 - Learn about how to recon using censys and DNS dumpster, and exploit open gitlab instances.
#2 - Learn how to take over an account using the following techniques: Pre-Account,Improper Rate limit, Response & Status code Manipulation, utilizing sensitive data, IDOR & Password Reset Poisoning.
#3 - Learn how to make ransomware in python. Really thought-provoking article!
#4 - Malware Traffic Analysis 5 writeup
#5 - Learn how you can use arrays in a json body to bypass password reset functionality and also 2FA bypass via directly hitting API’s.
#6 - Learn how to exploit the phpMyAdmin XSS - CVE-2022–23808.
#7 - Learn how to secure docker via limiting resources, Restricting PID’s & restricting docker socket file.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.
Videos of the week
Here are the 2 new IWCON2022 recordings of the week:
- Duncan Townsend talked about Overview of Web3 Smart Contract Hacking. If you’re interested in the Web3 world and want to learn how to find amazing vulnerabilities there, you should definitely watch this talk.
- Mehedi Hassan Remon shared about his journey of getting started in Bug Bounty. If you’re a beginner in bug bounty and don’t know how and where to start, this talk can be eye-opening for you. Watch it here.
Before we say bye…
If you found this newsletter interesting, and know other people who would too, we'd really appreciate if you could forward it to them 📨
If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.
See you again next week.
Lots of love