Welcome to the #IWWeekly43 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools, 1 Job Alert in today’s newsletter. We have also featured a Beginner’s Corner in this edition.
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- @Frichette_n and team discovered a way to bypass CloudTrail logging, allowing undetected reconnaissance activities in IAM service.
- @IsrewyMohand methodology for finding Error Log File(P4) to Company Account Takeover(P1) and Unauthorized actions on API on his latest target.
- @0xw2w discovers a devastating account takeover technique using brute force to bypass weak password recovery protections.
- @JerryShah33 explains how he managed to access all the user information of any user via API Misconfiguration on Swagger-UI.
🧵4 Trending Threads
- Learn the step-by-step process of hacking a web application from 0 to RCE with @thehackerish as your guide.
- Expert mobile penetration testing tips by @KishorSec in this curated collection of high-quality blog posts, brought to you by thread author @cyph3r_asr
- Discover the shocking consequences of a web-app assessment as @Emiliensocchi details a complete AzureAd tenant takeover in this thread.
- @0xblackbird presents a comprehensive discussion on Insecure Direct Object References (IDORs) in this mega-thread.
📽️ 3 Insightful Videos
- @NahamSec investigates the effectiveness of subdomain bruteforcing in this informative video.
- @NahamSec dives into the billion dollar vulnerability causing a major fork in the Ethereum chain in this well analyzed video.
- Learn how to identify IDORs with code reviews, presented by @Farah_Hawaa
⚒️ 2 GitHub repositories & Tools
- Optimize your workflow with pdtm - an open-source tool manager for ProjectDiscovery projects by @pdiscoveryio.
- Explore the latest version (v0.0.3) of Katana, a web scraping and automation tool developed by the @pdiscoveryio team.
💰1 Job Alert
📝 3 Infosec Articles
- The ever famous blind XSS tool xsshunter.com is being deprecated on February 1st 2023, learn how to setup your own instance for blind XSS testing by @AdamJSturge
- Ever found exposed credentials on Github? @IsrewyMohand gives some tips on how to go about reporting leaked credentials.
- An interesting two-factor authentication bypass on Meta (Facebook) which bagged @Gtm0x01 a bounty of $27200.
🧵 2 Trending Threads
- @bytes032 shares a list of CTFs one could do to improve their smart contract hacking skills.
- @0xManan writes a thread on a list of CTFs that would help improve one’s cybersecurity skills.
📽️ 1 Insightful Video
Built from the ground up in Rust, Caido aims to help security professionals and enthusiasts audit web applications with efficiency and ease.
Check it out here: https://caido.io/
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Lots of love