👩‍💻IW Weekly #72: GraphQL Hacking, SSO Vulnerabilities, Race Condition Vulnerabilities, SQLMap & Server Side Request Forgery Tips, Sandwich Attack and many more..

Welcome to the #IWWeekly72 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. @meispi_ found a race condition vulnerability on a GraphQL API endpoint and has written about his find.
2. @rohitcoder goes over different vulnerability classes in SSO (Single Sign-On) implementations.
3. Thorough reconnaissance could lead to treasure trove, read about different tricks that @armandjasharaj used to uncover PII data.
4. Checkout @albinowax’s latest research on web race conditions which is being presented at Blackhat, DEF CON, Nullcon, and more.
5. Some of the top researchers at @SynackRedTeam teamed up and ended up finding multiple exploits resulting in multiple CVEs, find the details of exploits in the article.

🧵4 Trending Tweets

1. Elevate your SQLmap skills with this trick by @kuldeepdotexe, for faster issue reproduction in bug bounty triaging.
2. Level up your SSRF skills with insightful tips from @Rhynorater in this thread.
3. Unlock the secrets of enumerating UUIDs for IDORs with @Rhynorater.
4. @Rhynorater shares some tips on how to look for XSS.

📽️ 3 Insightful Videos

1. @NahamSec's latest video offers valuable insights on leveraging AI to enhance and supplement your hacking abilities.
2. Discover the intriguing 'Sandwich Attack' by @0xLupin New to IoT and firmware hacking?
3. Dive into firmware analysis in this informative video by @thecybermentor.

💼 2 Job Alerts

1. IDFC FIRST Bank is looking to onboard a Security Engineer in Mumbai region.
2. CloudSek is seeking a Cyber Security Analyst in Bengaluru.

🎁 1 Special Item

1. Noir is a tool that maps attack surface using the source code, developed by @hahwul.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Ayush Singh, Manikesh Singh, Bhavesh Harmalkar, Bimal Kumar Sahoo, Vinay Kumar, Shlok

Newsletter formatting by: Nikhil A Memane, Ayush Singh, Hardik Singh, Siddharth, Nithin R

Lots of love
Editorial team,
Infosec Writeups