Read how @FingerprintJs shares their finding which reveals a user's first name without permissions using the mDNS protocol.
Welcome to the #IWWeekly68 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools, 1 Job Alert in today’s newsletter.
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- In his writeup, @bhavukjain1 explains how he discovered account takeover using a customized OTP-”1337” .
- The Research team at @pdiscoveryio shares their analysis on CVE-2023-36934 - MOVEit transfer SQL injection.
- Get hands on how to Forensic investigate a compromised Amazon EC2 instance through this writeup by @e11i0t_4lders0n .
- In this article, the team at @PortSwigger demonstrates how to take advantage of Chrome's new HTML popup feature to exploit XSS in meta tags and hidden inputs.
- In their series of articles on discovering vulnerabilities in Apple’s device, @FingerprintJs shares their finding which reveals a user's first name without permissions using the mDNS protocol.
🧵4 Trending Threads
- The tale of finding 4 SQL injections on one of oldest @SynackRedTeam targets by @mcipekci .
- This thread by @intigriti provides a top 4 cheat-sheet which will help you around bypassing WAF while exploiting SQL injection.
- Through his thread, @mattjay shares his top 13 infosec career hacks for those just starting out.
- The tale of finding a zero-click Account Takeover on one of largest SaaS providers by @rez0__.
📽️ 3 Insightful Videos
- Exploiting a NoSQL injection and dumping data via regex and python by @ippsec.
- In his latest video with @_bagipro , @Liveoverflow shares key notes and tips for Android Application Bug bounty.
- Checkout this talk by @insiderphd from @Nahamsec’s Nahamcon 23’on how to properly own API’s for Your first valid submission.
⚒️ 2 GitHub repositories & Tools
- Shortscan, a golang based tool used for enumerating short filenames on IIS webservers, by @bitquark.
💰1 Job Alert
- Looking for an Appsec or VAPT job in India, @esecforte is hiring. Drop your CV at Mohit.email@example.com.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Nikhil A Memane, Siddharth, Ayush Singh, Manikesh Singh, Bhavesh Harmalkar,Nithin R,Tuhin Bose, Shlok.
Newsletter formatting by: Ayush Singh, Siddharth, Nithin R, Shlok.
Lots of love