Uncover the captivating tale of @GodfatherOrwa's Google Cloud BI hack and the critical bug discovery, in this must-read blog post.
Welcome to the #IWWeekly44 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools, 1 Job Alert in today’s newsletter. We have also featured a Beginner’s Corner this time.
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- Discover the incredible story of how @GodfatherOrwa hacked Google Cloud BI and uncovered a critical bug, in this insightful blog post.
- Dive into the intricate details of the 0xbaDc0dE MEV Bot hack with expert analysis by @realgmhacker.
- Streamline your GitHub CI/CD pipelines with Nuclei, as demonstrated by @pdiscoveryio and @harshbothra_.
- Unlock the full potential of CSS injection as a key to accessing internal APIs with @SanderWind's in-depth blog post.
- Explore the technique of masking DLL loads from ETWTI Stack Tracing with @NinjaParanoid's.
🧵4 Trending Threads
- Get a glimpse into the hacking experience of @hacker_ as they reveal their successful infiltration into a car company, exposing all customers' personal information
- Follow along with @hacker_ as they share their legal hacking experience and method used to access a military information system in this thread.
- @Jhaddix shares lessons learned from legally hacking into several prisons in a Twitter thread for security testers and cyber security professionals.
📽️ 3 Insightful Videos
- Insights into pentesting, smart contract audits, and bug bounties by @NahamSec and @cyberboyindia in a YouTube video.
- Learn about the security risks of DOM XSS in jQuery Selector Sink using a Hashchange Event, presented by @intigriti in this educational video.
- Exploit Server-Side Request Forgery (SSRF) vulnerabilities with @TCMSecurity.
⚒️ 2 GitHub repositories & Tools
- Optimize your workflow with pdtm - an open-source tool manager for ProjectDiscovery projects by @pdiscoveryio.
- Explore the latest version (v0.0.3) of Katana, a web scraping and automation tool developed by the @pdiscoveryio team.
💰1 Job Alert
- @aroraabhi is looking for a smart and innovative engineer, ready to take on challenges and think outside the box at CloudDefense.ai.
📝 3 Infosec Articles
- @Supakiad_Mee writes about the reflected XSS they found on Microsoft forms which bagged them a bounty of $3000.
- @sl4x0 shows the importance of fuzzing parameters which lead them to discovering a reflected XSS.
- @rootxharsh from the @pdiscoveryio team goes into deep analysis of how a remote source code disclosure was fixed in later releases of PHP.
🧵 2 Trending Threads
- @chrisdior777 lists down the resources to get started with Web3 security.
- Different ways of incorporating authentication on APIs by @Aktodotio.
📽️ 1 Insightful Video
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Lots of love