Welcome to the #IWWeekly71 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- Read how @AbhishekKarle3 was able to get an XSS by leveraging exported activities in an android app.
- Having full access to transfer/issue airline points, managing rewards programs, oversee customer accounts, and more, read about how @samwcyo, @infosec_au and @iangcarroll went about hacking the largest airline and hotel rewards platform.
- @kuldeepdotexe writes about multiple instances of SSRF that he found while testing APIs.
- @AkashHamal0x01 shares some tips and tricks on how to go about hunting on smaller scoped bug bounty programs.
🧵4 Trending Tweets
- @mcipekci shares the importance of knowing the target DBMS, here he outlines how learning about unique Oracle/PLSQL features allowed him to find multiple SQLi resulting in a total bounty of $16,000.
- @Rhynorater shares some tips on how to look for XSS.
- Learn about different ways to leak OAuth tokens from this tweet by @Rhynorater.
- Getting duplicates in bug bounty can be demotivating and frustrating, @Rhynorate shares some tips on avoiding duplicates.@kuldeepdotexe writes about an SQLMap feature flag that allows reducing the number of requests and in turn makes it easier for a triager to reproduce the SQLi.
📽️ 3 Insightful Videos
- Checkout this new video from @Nahamsec where he discusses some amazing important recon tips and tricks.
- “From Burgers to Bounties”, gain amazing tips from the recon legend @infosec_au on this episode 30 of Podcast with @criticalthinkingpodcast.
- Gain insights into @thecybermentor’s essential Bug Bounty recon tips for efficient testing.
💼 2 Job Alerts
- Looking for security roles? Institute of Information Security (IIS) is hiring for different security positions.
- Vonage is hiring for Information Security Engineer positions in Bengaluru, Karnataka India.
🎁 1 Special Item
- 5 hours of Active Directory Pentesting for FREE? Yes, you heard it right. Deep dive into introduction to AD pentesting with @thecybermentor.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Nikhil A Memane, Hardik Singh, Ayush Singh, Bhavesh Harmalkar, Nithin R, Tuhin Bose
Newsletter formatting by: Nikhil A Memane, Hardik Singh, Nithin R, Shlok
Lots of love