Welcome to the #IWWeekly53 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools, 1 Job Alert in today’s newsletter. We also have a Beginner's Corner featured in this edition.
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- A curl quirk exposed Burp Suite and Google Chrome to a bug that allowed attackers to intercept and modify web traffic by @PortSwigger.
- A simple privilege escalation vulnerability allowed an attacker to gain root access on a server and earn a bug bounty by @Manthan_Mahale.
- @crypt0g30rgy discusses on the journey to discovering and reporting a vulnerability in a popular software product.
- An authentication bypass vulnerability allowed an attacker to take over an admin account, leading to a critical security issue by @ASWIN K V.
- A broken authentication vulnerability led to a privilege escalation attack, demonstrating the importance of proper authentication and authorization mechanisms by @V3D.
🧵4 Trending Threads
- Find out the different areas to look at for CRLF in this Twitter thread by @AnukulHexx.
- During a recent security assessment @xshebix, found an interesting XSS in a URL parameter.
- @hillai shares his research on how he hacked Bing CMS that allowed him to alter search results and take over millions of Office365 accounts.
- Look at the most common mistakes developers make when setting up CORS policies in this informative Twitter thread by @intigriti.
📽️ 3 Insightful Videos
- Learn how you can detect server side prototype pollution and the pros and cons of each technique in this talk by @garethheyes.
- @_JohnHammond share insights and analysis on the recent 3CX supply chain attack.
- Gain valuable insights into the world of SQL injections as Noam Moshe shares his research on exploiting JSON-based SQL queries in this informative video.
⚒️ 2 GitHub repositories & Tools
- @harshbothra_ discusses Michael Blake's journey from being an aspiring actor to becoming a renowned cybersecurity professional and CISO.
- @pdiscoveryio’s new tool for scanning and enumeration of AIX (IBM Unix) systems.
💰1 Job Alert
- Critical Fault is hiring for US-based junior pentesters!
📝 3 Infosec Articles
- Security researcher @hackXadi describes their discovery of a Local File Inclusion (LFI) vulnerability and the process they followed to exploit and report it.
- The fifth installment in @pdiscoveryio Reconnaissance Series covers additional active reconnaissance techniques for discovering vulnerabilities and misconfigurations.
- An introduction to reverse engineering mobile applications, including common tools and techniques used by researchers by @Dhanesh_Dodia.
🧵 2 Trending Threads
- Ever wondered what kind of vulnerabilities could occur on a checkout page? Read @intigriti’s thread on most common price manipulation vulnerabilities found in the checkout process.
📽️ 1 Insightful Video
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Nikhil A Memane, Ayush Singh, Manikesh Singh, Bhavesh Harmalkar, Bimal Kumar Sahoo, Nithin R, Tuhin Bose, Manan, Alvin Mwambi.
Newsletter formatting by: Nikhil A Memane, Manan, Ayush Singh, Hardik Singh, Siddharth, Rushi Padhiyar, and Nithin R.
Lots of love 💝