Welcome to the #IWWeekly55 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools, 1 Job Alert in today’s newsletter. We also have a Beginner's Corner featured in this edition.
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- @kuldeepdotexe takes readers on a thrilling adventure of holiday hunting with Aquatone, where he finds many vulnerabilities just by running aquatone.
- @AnkitCuriosity uncovers the dangers of XSSI (Cross Site Script Inclusion) in stealing AccessToken and other sensitive information.
- @MrTuxracer explores the vulnerability CVE-2023-22620 and details how to bypass SecurePoint UTM's authentication in the first part of their SecurePwn series.
- @m4cddr shares their experience of discovering Remote Code Execution (RCE) vulnerabilities in over 10 websites and the steps taken to responsibly disclose and patch them.
- @SonarSource outlines a file vulnerability in pretalx, a conference planning tool, along with a technique to exploit it, and suggests ways to prevent it by reviewing patches.
🧵4 Trending Threads
- Discovering the intriguing security assessment plugin used by @openai in the ChatGPT plugin leak - unraveling its workings! - @rez0__
- Check out @thebinarybot’s condensed summary of @GodfatherOrwa's super informative talk at IWCON 2.0, which you can read in just 2 minutes!
- @mcipekci discusses how he exploited an empty page associated with malware to its best use which led to an interesting bug.
- @hacker_ exploring how a 20-year-old hacker found a vulnerability that led to the largest leak of confidential military information in 10 years.
📽️ 3 Insightful Videos
- Different ways to hack multi-factor authentication by @TCMSecurity.
- Top bug hunters often write custom nuclei templates to find unique vulnerabilities, learn about the same from this video by @pdiscoveryio.
- With the increase in reliance on cloud and cloud providers, cloud security has become increasingly important. Learn about cloud hacking from this video by @NahamSec.
⚒️ 2 GitHub repositories & Tools
- A repository of weekly interviews with cyber security professionals by @harshbothra_.
- The latest release of puredns, a fast domain resolver and subdomain brute forcing tool that filters out wildcard subdomains and DNS poisoned entries, by @d3mondev.
💰1 Job Alert
📝 3 Infosec Articles
- Different ways to perform reconnaissance effectively by @nimmughal799.
- Recon helps bug hunters to increase the attack surface, read about one such case by @th3.d1p4k where he was able to compromise the admin panel.
- Read about an interesting Broken access control bug that allowed account take over of any account, by @ch3tanbug.
🧵 2 Trending Threads
- Thinking of brushing up on skills this week? Watch different videos on SSRF condensed to a thread by @AnukulHexx.
- Learn all about CSRF through this twitter thread by @intigriti.
📽️ 1 Insightful Video
- Watch the latest episode of the @ctbbpodcast where @Rhynorater and @0xteknogeek interview the latest million dollar hacker @naglinagli.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Nikhil A Memane, Ayush Singh, Bhavesh Harmalkar, Nithin R, Tuhin Bose, Manan.
Newsletter formatting by: Manan, Ayush Singh, Hardik Singh, Rushi Padhiyar, and Nithin R.
Lots of love