👩‍💻IW Weekly #46: Ransomware Defense, Cracking OSWE, Github Hack, Finding IDORs, Security flaw in Aurora’s Rainbow Bridge and much more…

👩‍💻IW Weekly #46: Ransomware Defense, Cracking OSWE, Github Hack, Finding IDORs, Security flaw in Aurora’s Rainbow Bridge and much more…
Photo by Adnan Khan / Unsplash

Understand Microsoft's in-depth approach to ransomware defense with @jhondarred and team's informative article on best practices and tactics.

Welcome to the #IWWeekly46 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools, 1 Job Alert in today’s newsletter. We have also featured a Beginner’s Corner this time.

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

  1. Learn about Microsoft's comprehensive approach to ransomware, including best practices and tactics, in this informative article by @jhondarred and team.
  2. Discover the art of finding sensitive data in Android apps with @TheRealNerdwell in this informative article on Android security.
  3. The indexing of website endpoints can expose sensitive information. This article by @ArmanSameer95 discusses measures to prevent privacy and security incidents.
  4. Get inspired by @dhakal_ananda's journey as they crack the challenging OSWE (WEB-300) by Offensive Security and share their review in this must-read article.
  5. Explore the findings of a month-long hack on GitHub by @Th3Pr0xyB0y and @MrRajputHacker in this revealing article on the vulnerabilities and potential threats in the platform.
  1. This thread features a story type Q&A Session with Robbe Van Roey (@PinkDraconian) written by @harshbothra_.
  2. Uncover the secrets of passive recon with Certificate Transparency in this informative thread by @intigriti.
  3. Learn the best methods for finding IDORs through this informative Twitter thread by @CristiVlad25.
  4. All the cheatsheets at one place in this amazing thread by @CristiVlad25.

📽️ 3 Insightful Videos

  1. @Yassineaboukir shares his knowledge on bug bounty hunter mindset in his keynote at BSides Ahmedabad 2022, hosted by @bsidesahmedabad.
  2. Understand the security flaw in Aurora's Rainbow bridge and the million-dollar bug bounty reward in this educational video by @gregxsunday.
  3. Find out the next steps after recon with @NahamSec in this helpful video answering one of the most frequently asked questions in bug bounty hunting.

⚒️ 2 GitHub repositories & Tools

  1. Get your blue team ready with A-poc's comprehensive collection of 50+ essential tools and resources for security professionals on GitHub.
  2. Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smart contracts by @trailofbits.

💰1 Job Alert

  1. @ShaadiDotCom is hiring Security Interns with skills of web and android pentesting.



📝 3 Infosec Articles

  1. All the resources to get you started on your hacker journey by @theXSSrat.
  2. Found API keys while testing? @0xKayala shows us how we could validate the leaked tokens using nuclei.
  3. Learn about the MITRE ATT&CK framework from this article by @LE0_Hak.
  1. A list of google dorks for finding S3 buckets by @roohaa_n.
  2. Linux for hackers! @0xManan compiles ways to use Linux for penetration testing and ethical hacking.

📽️ 1 Insightful Video

  1. Did you know that secrets used to sign JWT can be cracked? Learn how to go about exploiting weak JWT implementation from this video by @TCMSecurity.


Click here to partner with us!

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Bhavesh Harmalkar, Mohit Khemchandani, Tuhin Bose, Manan, Siddharth, Ayush Singh and Nithin R.

Newsletter formatting by: Ayush Singh, Hardik Singh, Siddharth, Manan and Nithin R.

Lots of love
Editorial team,
Infosec Writeups

📧
If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email nithin@infosecwriteups.com

Subscribe to The Infosec Newsletter

Sign up now to get access to the library of members-only issues.
Jamie Larson
Subscribe