👩💻IW Weekly #58: Remote Code execution in Oracle Opera, MFA Bypass, Hacking APIs, Chaining bugs for $$$$, Azure Subdomain Takeovers and many more…
@jub0bs shared an amazing writeup which showcases the importance of chaining vulnerabilities. A must read for the week.
Welcome to the #IWWeekly58 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools, 1 Job Alert in today’s newsletter.
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- @assetnote’s team discusses the RCE research it discovered during a live hacking incident in 2022 affecting Oracle Opera.
- Read how @lyubo_tsirkov bypassed multi factor authentication on Netflix and made $$$$.
- @harshbothra_ at @cobalt_io shares a beginner friendly approach for mass assignment vulnerability to hunt on APIs.
- @jub0bs talks about a smorgasbord of bug chains he found : postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF etc.
- @damaidec pens down a detailed explanation for subdomain takeover on azurewebsites he found on @Hacker0x01’s private program.
🧵4 Trending Threads
- @hakluke over the years has built a suite of tools that would aid any bug bounty hunter, here’s a list of top 10 for the same.
- @tuhin1729_ found a really unique way to bypass rate-limiting.
- Read about a simple trick that helped @arman_aryanpour find a bug on a bug bounty program.
- A list of must use browser extensions for bug bounty by @intigriti.
📽️ 3 Insightful Videos
- Unveil the art of asset discovery using shodan with @NahamSec as he demonstrates the power of Shodan, unlocking valuable insights in his latest video.
- Learn the basics of Mobile Hacking (Android) in this video by @intigriti.
⚒️ 2 GitHub repositories & Tools
- @pdiscoveryio released version v1.0.2 for cdncheck which is a tool for identifying the technology associated with dns / ip network addresses.
- @harshbothra_ interviews @armaancrockroax in the latest edition of security stories.
💰1 Job Alert
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Nikhil A Memane, Ayush Singh, Bhavesh Harmalkar, Tuhin Bose and Shlok.
Newsletter formatting by: Nikhil A Memane, Ayush Singh, Hardik Singh, Rushi Padhiyar, Shlok and Nithin R.
Lots of love
If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email firstname.lastname@example.org