👩‍💻IW Weekly #67: Joining Google as Red Teamer, Finding 100 vulnerabilities, Tale of DOM-XSS, Impactful SSRF, Busting fake Privacy Policy and many more..

@GrahamHelton3’s  journey from perseverance to perfection paid off as he tactfully mapped his way to Google, realizing his dreams as a Red Teamer."

Welcome to the #IWWeekly67 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools, 1 Job Alert in today’s newsletter. We also have a Beginner's Corner featured in this edition.

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. Inspired by zseano’s challenge, @0xM5awy shares how they were able to find more than 100 vulnerabilities on a single program by sticking to it.
2. @GrahamHelton3 shares some insights on how he was able to land a job at Google as a red teamer.
3. Read on how @basu_banakar went about to maximize the impact on an SSRF vulnerability they found.
4. @kuldeepdotexe talks about a DOM-based XSS and failures In bug bounty hunting.
5. @hakluke shares 10 tips for crushing bug bounties.
   

🧵4 Trending Threads

1. @snap_sec comes up with a brief detailed thread on how to hunt for DOM based XSS in Web Applications.
2. “The bogus privacy policy” ; @haxrob discusses how he was able to bust a well-known IOT bulb manufacturer’s fake privacy policy  who requested location access.
3. The tale of finding a zero-click Account Takeover on one of largest SaaS providers by @rez0__.
4. @hakluke offers 5 insightful suggestions on how to properly write a bug report in his thread.

📽️ 3 Insightful Videos

1. In his video, @ippsec teaches his audience how to use Burpsuite to intercept traffic from Android applications.
2. In his video, @LiveOverflow describes how he discovered a generic HTML Sanitizer bypass after running into some odd HTML behavior.
3. Get hands on how hackers write Malware and evade your antivirus from @_JohnHammond.

⚒️ 2 GitHub repositories & Tools

1. Shortscan, a golang based tool used for enumerating short filenames on IIS webservers, by @bitquark.
2. Jsluice is a tool for extracting URLs, paths, secrets, and other interesting data from JavaScript source code, by the team at @bishopfox.

💰1 Job Alert

1. IBM is looking for a Security Specialist in Delhi.

This week's newsletter is sponsored by Trickest

Trickest enables bug bounty hunters, penetration testers, and SecOps teams to build and automate workflows from start to finish. This is the new, revolutionary framework you need to automate your attack surface management and many more use cases!

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Ayush Singh, Bimal Kumar Sahoo, Nithin R, Tuhin Bose, Shlok.

Newsletter formatting by: Ayush Singh, Hardik Singh, Siddharth, Rushi Padhiyar, Nithin R, Shlok.

Lots of love
Editorial team,
Infosec Writeups