👩‍💻IW Weekly #69: OpenSSH RCE, Xamarin Applications Reverse Engineering, Puzzled XSS, CVE-2023-3519 analysis, XSS and CORS bypass and many more..

@assetnote's comprehensive analysis delves into CVE-2023-3519, exposing insights on vulnerabilities in Citrix ADC and NetScaler Gateway.

Welcome to the #IWWeekly69 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 GitHub Repos and Tools, 1 Job Alert in today’s newsletter.

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. @qualys Security Advisory CVE-2023-38408 discloses a critical Remote Code Execution vulnerability within OpenSSH's forwarded ssh-agent functionality.
2. Learn more about Xamarin apps reverse engineering in this blog by @appknox.
3. This article by @Huh0x01 delves into the details of discovering and exploiting Cross-Site Scripting vulnerability on a private bug bounty program.
4. Gain valuable insights on CVE-2023-3519 in Citrix ADC and NetScaler Gateway through @assetnote's detailed analysis.
5. Read to see how @Hadess_security found an XSS and CORS Bypass in YouTube.

🧵4 Trending Tweets

1. Get hands on XSS and know about the top 10 payloads from this thread by @expankita.
2. Mastering PoCs: Elevating Your Bug Bounty Career - Insights from @Rhynorater.
3. Potential Safari security flaw allows bypassing hostname checks with a crafty JavaScript URL that may trigger XSS by @Rhynorater
4. Boost up your recon with Google dorking. @thebinarybot shares top 5 dorks which you can use to power up your hunting.

📽️ 3 Insightful Videos

1. Discover the extensive usage of the GAP Burp extension in this informative video presented by @xnl_h4ck3r.
2. Discover the world of web application hacking with @thecybermentor's intriguing video.
3. Join @LiveOverflow as he discusses a security flaw in hospital software that grants full access to medical devices in his latest video.

⚒️ 2 GitHub repositories & Tools

1. Shortscan, a golang based tool used for enumerating short file names on IIS web servers, by @bitquark.
2. Jsluice is a tool for extracting URLs, paths, secrets, and other interesting data from JavaScript source code, by the team at @bishopfox.

💰1 Job Alert

1. Bugcrowd seeks skilled Application Security Engineers in India to tackle vulnerability triage and validation, transforming bug hunting expertise into a rewarding career opportunity.
   

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Ayush Singh, Bhavesh Harmalkar, Bimal Kumar Sahoo, Nithin R, Vinay Kumar, Tuhin Bose and Shlok.

Newsletter formatting by: Nikhil A Memane, Ayush Singh, Hardik Singh, Siddharth, Nithin R and Shlok.

Lots of love
Editorial team,
Infosec Writeups