IW Weekly #7: Facebook account takeover, Java Deserialization, SSRF, and more…
Hey 👋
Warm welcome to the seventh edition of Infosec Weekly - the Monday newsletter that brings the best in Infosec straight to your inbox.
In today’s edition, we’ve not only curated some of the most interesting articles of InfoSec Write-ups, but also articles from outside our publication that gives you an in-depth idea about how other people are finding bugs and making it big.
Sounds nice?
Cool. Let’s dive in👇
#2 - Learn about deserialization in java and how to exploit it with ysoserial.
#4 - A rateliming bug on Github allowed attackers to create accounts on victim email id.
#5 - Real World CTF hack into skynet writeup.
#7 - Common C program vulnerabilities which can lead to Buffer overflows, Format string, etc.
#8 - A writeup on SSRF found on SerpApi using the yandex engine.
#9 - Learn how to exploit the symfony framework when debugging is enabled.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.
Videos of the week
Here are the 2 new IWCON2022 recordings of the week:
- Jessica Haworth talked about Beyond the Twitterverse: How to increase visibility of your research by working with the media. Watch this talk here.
- Jun Kokatsu shared about his journey from Being a Bug Bounty Hunter to a Security Engineer at Microsoft. Curious to know how he did it? Watch it here.
Before we say bye…
If you found this newsletter interesting, and know other people who would too, we'd really appreciate if you could forward it to them 📨
If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.
See you again next week.
Lots of love
Editorial team,