👩‍💻IW Weekly #46: Ransomware Defense, Cracking OSWE, Github Hack, Finding IDORs, Security flaw in Aurora’s Rainbow Bridge and much more…

Understand Microsoft's in-depth approach to ransomware defense with @jhondarred and team's informative article on best practices and tactics.

Welcome to the #IWWeekly46 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools, 1 Job Alert in today’s newsletter. We have also featured a Beginner’s Corner this time.

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. Learn about Microsoft's comprehensive approach to ransomware, including best practices and tactics, in this informative article by @jhondarred and team.
2. Discover the art of finding sensitive data in Android apps with @TheRealNerdwell in this informative article on Android security.
3. The indexing of website endpoints can expose sensitive information. This article by @ArmanSameer95 discusses measures to prevent privacy and security incidents.
4. Get inspired by @dhakal_ananda's journey as they crack the challenging OSWE (WEB-300) by Offensive Security and share their review in this must-read article.
5. Explore the findings of a month-long hack on GitHub by @Th3Pr0xyB0y and @MrRajputHacker in this revealing article on the vulnerabilities and potential threats in the platform.
   

🧵4 Trending Threads

1. This thread features a story type Q&A Session with Robbe Van Roey (@PinkDraconian) written by @harshbothra_.
2. Uncover the secrets of passive recon with Certificate Transparency in this informative thread by @intigriti.
3. Learn the best methods for finding IDORs through this informative Twitter thread by @CristiVlad25.
4. All the cheatsheets at one place in this amazing thread by @CristiVlad25.

📽️ 3 Insightful Videos

1. @Yassineaboukir shares his knowledge on bug bounty hunter mindset in his keynote at BSides Ahmedabad 2022, hosted by @bsidesahmedabad.
2. Understand the security flaw in Aurora's Rainbow bridge and the million-dollar bug bounty reward in this educational video by @gregxsunday.
3. Find out the next steps after recon with @NahamSec in this helpful video answering one of the most frequently asked questions in bug bounty hunting.
   

⚒️ 2 GitHub repositories & Tools

1. Get your blue team ready with A-poc's comprehensive collection of 50+ essential tools and resources for security professionals on GitHub.
2. Echidna is a Haskell program designed for fuzzing/property-based testing of Ethereum smart contracts by @trailofbits.
   

💰1 Job Alert

1. @ShaadiDotCom is hiring Security Interns with skills of web and android pentesting.

📝 3 Infosec Articles

1. All the resources to get you started on your hacker journey by @theXSSrat.
2. Found API keys while testing? @0xKayala shows us how we could validate the leaked tokens using nuclei.
3. Learn about the MITRE ATT&CK framework from this article by @LE0_Hak.
   

🧵 2 Trending Threads

1. A list of google dorks for finding S3 buckets by @roohaa_n.
2. Linux for hackers! @0xManan compiles ways to use Linux for penetration testing and ethical hacking.
   

📽️ 1 Insightful Video

1. Did you know that secrets used to sign JWT can be cracked? Learn how to go about exploiting weak JWT implementation from this video by @TCMSecurity.
   
   

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Bhavesh Harmalkar, Mohit Khemchandani, Tuhin Bose, Manan, Siddharth, Ayush Singh and Nithin R.

Newsletter formatting by: Ayush Singh, Hardik Singh, Siddharth, Manan and Nithin R.

Lots of love
Editorial team,
Infosec Writeups