Welcome to the #IWWeekly50 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools, 1 Job Alert in today’s newsletter. We also have a Beginner's Corner featured in this edition.
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- The article by @Kharosx0 is an analysis of EDR hooks bypasses and includes a sample code written in Rust.
- The author- Diego Tellaroli discusses the issue of account takeover in ChatGPT which was found by @naglinagli.
- The blog by @Crypt0g30rgy discusses a method for bypassing Tinder's paywall and exploiting an IDOR vulnerability to view profile matches and likes without waiting or paying.
- Ravaan created a personal tool for discovering sensitive information that can lead to instant bounties called KakHunt.
- @Gtm0x01 discusses the disclosure of assigned users for Facebook applications connected to a business account.
🧵4 Trending Threads
- Get to know more about WebSecGPT in this Twitter thread by @Jhaddix.
- @hakluke shares some must-read newsletters out there, to keep you informed and level up your game.
- @hillai shares his research on how he hacked Bing CMS that allowed him to alter search results and take over millions of Office365 accounts.
- Look at the most common mistakes developers make when setting up CORS policies in this informative Twitter thread by @intigriti.
📽️ 3 Insightful Videos
- @NahamSec unleashes another video in his Cloud Hacking Series, where they discuss approaching Web3, smart contracts and much more.
- Learn more about Dynamic Analysis within Mobile Hacking, in the latest episode of @ctbbpodcast.
- Get a sneak peak of what's happening in the API Penetration Testing Course, by @apisecu in this informative video.
⚒️ 2 GitHub repositories & Tools
- We have the story of a full-time bug bounty hunter and pentester from India, @h0i0m0a0n0s0h0u, as part of the SecurityStories series by @harshbothra_.
- ReconAIzer, created by @adrien_jeanneau, is a Burp Suite extension using OpenAI to assist bug bounty hunters in streamlining their reconnaissance process.
💰1 Job Alert
- PayPal hiring Security Engineer in India(Remote) for full-time opportunity.
📝 3 Infosec Articles
- Altrex is a fast and customizable subdomain wordlist generator using patterns, read more about this tool in this blog by @pdiscoveryio.
- Read about different ways to approach login, signup and password reset functionalities from this article by @Thee_Eclipse.
- Subfinder is an effective subdomain enumeration tool, read more about how to efficiently utilize it in this blog by @cuncis.
🧵 2 Trending Threads
- @thebinarybot has a thread on the best resources to master the art of reconnaissance.
- SQL injections can be hard to come by on hardened targets, refer to this thread by @therceman to have a better approach for finding SQL injections.
📽️ 1 Insightful Video
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Nikhil A Memane, Hardik Singh, Ayush Singh, Bhavesh Harmalkar, Nithin R, Tuhin Bose, Manan, Alvin Mwambi.
Newsletter formatting by: Nikhil A Memane, Manan, Ayush Singh, Hardik Singh, Rushi Padhiyar, and Nithin R.
Lots of love