👩‍💻IW Weekly #54: Analysis of EDR Hooks bypass, Account Takeover- ChatGPT, IDOR at Tinder, Mobile Hacking, WebSecGPT, Cloud Hacking and Many more…

👩‍💻IW Weekly #54: Analysis of EDR Hooks bypass, Account Takeover- ChatGPT, IDOR at Tinder, Mobile Hacking, WebSecGPT, Cloud Hacking and Many more…
Photo by Kaur Kristjan / Unsplash

@Gtm0x01 talks about revealing designated users for Facebook apps linked to a business account.

Welcome to the #IWWeekly50 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools, 1 Job Alert in today’s newsletter. We also have a Beginner's Corner featured in this edition.

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

  1. The article by @Kharosx0 is an analysis of EDR hooks bypasses and includes a sample code written in Rust.
  2. The author- Diego Tellaroli discusses the issue of account takeover in ChatGPT which was found by @naglinagli.
  3. The blog by @Crypt0g30rgy discusses a method for bypassing Tinder's paywall and exploiting an IDOR vulnerability to view profile matches and likes without waiting or paying.
  4. Ravaan created a personal tool for discovering sensitive information that can lead to instant bounties called KakHunt.
  5. @Gtm0x01 discusses the disclosure of assigned users for Facebook applications connected to a business account.
  1. Get to know more about WebSecGPT in this Twitter thread by @Jhaddix.
  2. @hakluke shares some must-read newsletters out there, to keep you informed and level up your game.
  3. @hillai shares his research on how he hacked Bing CMS that allowed him to alter search results and take over millions of Office365 accounts.
  4. Look at the most common mistakes developers make when setting up CORS policies in this informative Twitter thread by @intigriti.

📽️ 3 Insightful Videos

  1. @NahamSec unleashes another video in his Cloud Hacking Series, where they discuss approaching Web3, smart contracts and much more.
  2. Learn more about Dynamic Analysis within Mobile Hacking, in the latest episode of @ctbbpodcast.
  3. Get a sneak peak of what's happening in the API Penetration Testing Course, by @apisecu in this informative video.

⚒️ 2 GitHub repositories & Tools

  1. We have the story of a full-time bug bounty hunter and pentester from India, @h0i0m0a0n0s0h0u, as part of the SecurityStories series by @harshbothra_.
  2. ReconAIzer, created by @adrien_jeanneau, is a Burp Suite extension using OpenAI to assist bug bounty hunters in streamlining their reconnaissance process.

💰1 Job Alert

  1. PayPal hiring Security Engineer in India(Remote) for full-time opportunity.

📝 3 Infosec Articles

  1. Altrex is a fast and customizable subdomain wordlist generator using patterns, read more about this tool in this blog by @pdiscoveryio.
  2. Read about different ways to approach login, signup and password reset functionalities from this article by @Thee_Eclipse.
  3. Subfinder is an effective subdomain enumeration tool, read more about how to efficiently utilize it in this blog by @cuncis.
  1. @thebinarybot has a thread on the best resources to master the art of reconnaissance.
  2. SQL injections can be hard to come by on hardened targets, refer to this thread by @therceman to have a better approach for finding SQL injections.

📽️ 1 Insightful Video

  1. Different ways to attack JWT by @TCMSecurity.

House of Hackers (HoH) is your one-stop forum to discuss all things Cybersecurity. Visit HoH here: https://houseofhackers.xyz/

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Ayush Singh, Bhavesh Harmalkar, Nithin R, Tuhin Bose, Manan, Alvin Mwambi.
Newsletter formatting by: Nikhil A Memane, Manan, Ayush Singh, Hardik Singh, Rushi Padhiyar, and Nithin R.

Lots of love
Editorial team,
Infosec Writeups

If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]

Subscribe to The Infosec Newsletter

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]