👩‍💻IW Weekly #58: Remote Code execution in Oracle Opera, MFA Bypass, Hacking APIs, Chaining bugs for $$$$, Azure Subdomain Takeovers and many more…

👩‍💻IW Weekly #58: Remote Code execution in Oracle Opera, MFA Bypass, Hacking APIs, Chaining bugs for $$$$, Azure Subdomain Takeovers and many more…
Photo by Maria Lysenko / Unsplash

@jub0bs shared an amazing writeup which showcases the importance of chaining vulnerabilities. A must read for the week.

Welcome to the #IWWeekly58 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools, 1 Job Alert in today’s newsletter.

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

  1. @assetnote’s team discusses the RCE research it discovered during a live hacking incident in 2022 affecting Oracle Opera.
  2. Read how @lyubo_tsirkov bypassed multi factor authentication on Netflix and made $$$$.
  3. @harshbothra_ at @cobalt_io shares a beginner friendly approach for mass assignment vulnerability to hunt on APIs.
  4. @jub0bs talks about a smorgasbord of bug chains he found : postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF etc.
  5. @damaidec pens down a detailed explanation for subdomain takeover on azurewebsites he found on @Hacker0x01’s private program.
  1. @hakluke over the years has built a suite of tools that would aid any bug bounty hunter, here’s a list of top 10 for the same.
  2. @tuhin1729_ found a really unique way to bypass rate-limiting.
  3. Read about a simple trick that helped @arman_aryanpour find a bug on a bug bounty program.
  4. A list of must use browser extensions for bug bounty by @intigriti.

📽️ 3 Insightful Videos

  1. Unveil the art of asset discovery using shodan with @NahamSec as he demonstrates the power of Shodan, unlocking valuable insights in his latest video.
  2. Unleash the power of Offensive JavaScript in this insightful video by @thecybermentor. Getting started in mobile app security?  
  3. Learn the basics of Mobile Hacking (Android) in this video by @intigriti.

⚒️ 2 GitHub repositories & Tools

  1. @pdiscoveryio released version v1.0.2 for cdncheck which is a tool for identifying the technology associated with dns / ip network addresses.
  2. @harshbothra_ interviews @armaancrockroax in the latest edition of security stories.

💰1 Job Alert

  1. @Payatu has several openings including SOC, System Admin and more.

House of Hackers (HoH) is your one-stop forum to discuss all things Cybersecurity. Visit HoH here: https://houseofhackers.xyz/

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Ayush Singh, Bhavesh Harmalkar, Tuhin Bose and Shlok.
Newsletter formatting by: Nikhil A Memane, Ayush Singh, Hardik Singh, Rushi Padhiyar, Shlok and Nithin R.

Lots of love
Editorial team,
Infosec Writeups

If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]

Subscribe to The Infosec Newsletter

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]