👩‍💻IW Weekly #58: Remote Code execution in Oracle Opera, MFA Bypass, Hacking APIs, Chaining bugs for $$$$, Azure Subdomain Takeovers and many more…
@jub0bs shared an amazing writeup which showcases the importance of chaining vulnerabilities. A must read for the week.
Welcome to the #IWWeekly58 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools, 1 Job Alert in today’s newsletter.
Read, upskill yourself and spread love to the community đź’ť
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- @assetnote’s team discusses the RCE research it discovered during a live hacking incident in 2022 affecting Oracle Opera.
- Read how @lyubo_tsirkov bypassed multi factor authentication on Netflix and made $$$$.
- @harshbothra_ at @cobalt_io shares a beginner friendly approach for mass assignment vulnerability to hunt on APIs.
- @jub0bs talks about a smorgasbord of bug chains he found : postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF etc.
- @damaidec pens down a detailed explanation for subdomain takeover on azurewebsites he found on @Hacker0x01’s private program.
đź§µ4 Trending Threads
- @hakluke over the years has built a suite of tools that would aid any bug bounty hunter, here’s a list of top 10 for the same.
- @tuhin1729_ found a really unique way to bypass rate-limiting.
- Read about a simple trick that helped @arman_aryanpour find a bug on a bug bounty program.
- A list of must use browser extensions for bug bounty by @intigriti.
📽️ 3 Insightful Videos
- Unveil the art of asset discovery using shodan with @NahamSec as he demonstrates the power of Shodan, unlocking valuable insights in his latest video.
- Unleash the power of Offensive JavaScript in this insightful video by @thecybermentor. Getting started in mobile app security? Â
- Learn the basics of Mobile Hacking (Android) in this video by @intigriti.
⚒️ 2 GitHub repositories & Tools
- @pdiscoveryio released version v1.0.2 for cdncheck which is a tool for identifying the technology associated with dns / ip network addresses.
- @harshbothra_ interviews @armaancrockroax in the latest edition of security stories.
đź’°1 Job Alert

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Nikhil A Memane, Ayush Singh, Bhavesh Harmalkar, Tuhin Bose and Shlok.
Newsletter formatting by: Nikhil A Memane, Ayush Singh, Hardik Singh, Rushi Padhiyar, Shlok and Nithin R.
Lots of love
Editorial team,
Infosec Writeups
đź“§
If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email nithin@infosecwriteups.com