👩‍💻IW Weekly #63: Account Takeover on Tiktok, MOVEiT Transfer RCE, Godaddy Hack, CSP bypass, Uncovering power of Nuclei and many more..

Unveiling TikTok's hack : How @mrhavit cracked the code and uncovered an account takeover vulnerability in a thrilling bug bounty adventure!

Welcome to the #IWWeekly63 - the monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools, 1 Job Alert in today’s newsletter.

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. @mrhavit explains in detail how he found an amazing account takeover on Tiktok, one of the most popular short video platforms.
2. @PortSwigger comes with an awesome writeup on how to bypass CSP via DOM clobbering by @garethheyes
3. Now, uncover vulnerabilities in TCP, DNS ,files and more. @hakluke provides an excellent writeup on how to use @pdiscoveryio’s Nuclei beyond HTTP requests.
4. From exposed git directory to securing data of 100k users, @bishal0x01 shares his journey of ethically hacking Godaddy.
5. The team at @assetnote has come up with detailed steps of reproduction for Progress MOVEIt Transfer RCE (CVE-2023-34362).

🧵4 Trending Threads

1. Learn how to escalate a no rate limiting bug on an email endpoint from this thread by @shubham_srt.
2. Learn about content-type and why XSS isn’t possible in some cases from this thread by @intigriti.
3. Read on how @silentgh00st was able to get an RCE on a well vetted bug bounty program.
4. Read @AseemShrey’s twitter thread on finding more subdomains using subfinder.

📽️ 3 Insightful Videos

1. @_JohnHammond discusses and uncovers the infamous Lockbit ransomware in his amazing detailed video.
2. Bypassing android root detection using Frida hooking and APK patching by @intigriti.
3. The latest video from @thecybermentor makes it simple for you to learn Blind SQL injection.

⚒️ 2 GitHub repositories & Tools

1. Team @pdiscoveryio introduces Nuclei Version 2.9.5: Exciting Updates Include Max-Requests Counter, Payload Support in DNS Protocol, and more enhanced features!
2. Team @pdiscoveryio released Nuclei template version 6.9.5 which introduces addition of new CVEs and templates like: CVE-2023-32243, CVE-2023-29923, CVE-2023-2825 and many more.

💰1 Job Alert

1. Hamlyn Williams is seeking a Penetration Tester to join their team in the United States (Remote), offering a salary range of $90000-$120000.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Manikesh Singh, Bhavesh Harmalkar, Pramod Kumar Pradhan, Nithin R, Tuhin Bose, Shlok

Newsletter formatting by: Hardik Singh, Siddharth, Shlok and Nithin R.

Lots of love
Editorial team,
Infosec Writeups