IW Weekly #7: Facebook account takeover, Java Deserialization, SSRF, and more…

IW Weekly #7: Facebook account takeover, Java Deserialization, SSRF, and more…
Photo by Roman Martyniuk / Unsplash

Hey 👋

Warm welcome to the seventh edition of Infosec Weekly - the Monday newsletter that brings the best in Infosec straight to your inbox.

In today’s edition, we’ve not only curated some of the most interesting articles of InfoSec Write-ups, but also articles from outside our publication that gives you an in-depth idea about how other people are finding bugs and making it big.

Sounds nice?

Cool. Let’s dive in👇

#1 - Find out how this guy used multiple bugs to take over a facebook account which uses Gmail, for which he got rewarded 42k$.

#2 - Learn about deserialization in java and how to exploit it with ysoserial.

#3 - An interesting way to get access to the Microsoft vulnerabilities reported by researchers using a simple email trick.

#4 - A rateliming bug on Github allowed attackers to create accounts on victim email id.

#5 - Real World CTF hack into skynet writeup.

#6 - Discovery of lots of open databases on the aws public ranges from which you can get access to critical data.

#7 - Common C program vulnerabilities which can lead to Buffer overflows, Format string, etc.

#8 - A writeup on SSRF found on SerpApi using the yandex engine.

#9 - Learn how to exploit the symfony framework when debugging is enabled.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.

Videos of the week

Here are the 2 new IWCON2022 recordings of the week:

  1. Jessica Haworth talked about Beyond the Twitterverse: How to increase visibility of your research by working with the media. Watch this talk here.
  2. Jun Kokatsu shared about his journey from Being a Bug Bounty Hunter to a Security Engineer at Microsoft. Curious to know how he did it? Watch it here.

Before we say bye…

If you found this newsletter interesting, and know other people who would too, we'd really appreciate if you could forward it to them 📨

If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.

See you again next week.

Lots of love

Editorial team,

Infosec Writeups

Subscribe to The Infosec Newsletter

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]