👩💻IW Weekly #74: RCE through Dependency Confusion, 2FA bypass in Meta, Client side Prototype pollution and its prevention, Paywall bypass, SSRF tricks and many more..
Welcome to the #IWWeekly74 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- Learn about remote code execution through dependency confusion using a Burp Suite extension with insights from @jineesh4k.
- Delve into @ndevtk's awesome write-ups on Google extensions.
- Bazzam's writeup unveils the discovery of a Two-Factor Authentication bypass in Facebook during the Meta bug bounty Researchers conference.
- Explore Patch Diff in this blog post by @DhiyaneshDK.
- SynAck's @VirenPawar_ presents insights on Client Side Prototype Pollution vulnerabilities and preventive measures in this informative blog.
🧵4 Trending Tweets
- A vulnerability termed "Paywall bypass," shared by @Rhynorater in a Twitter thread, outlines his finding which allowed him to access paid features for free or at a reduced cost.
- Unlocking $500K+ : @hacker_ discusses reaping rewards from SSRF vulnerability, sharing valuable tips and tricks along the way.
- Server breach and source code heist: Discover how @silentgh00st infiltrated a company's private program on @Hacker0x01 using @leak_ix and @OpenAI's ChatGPT.
- Demystifying SQL injections: @intigriti's insightful Twitter thread delves into comprehensive explanations.
📽️ 3 Insightful Videos
- @0xdf_ delves into HackTheBox's Mailroom challenge, exploring tracing automation.
- Crafting the exploit for DNS Remote Code Execution is detailed in this YouTube video by @FlashbackPwn.
- Enhance your SQL injection skills with insights from this case study presented by @gregxsunday.
💼 2 Job Alerts
- Varutra is hiring for multiple Vulnerability and Penetration testing roles.
- Join Comcast's security team in Chennai: Full-time role for an onsite Security Engineer position now open.
🎁 1 Special Item
- Checkout this github repository: “rayder-workflows” by @0xAsm0d3us for hosting Rayder workflow to smooth and organize bug bounty hunting.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Nikhil A Memane, Ayush Singh, Manikesh Singh, Bhavesh Harmalkar, Bimal Kumar Sahoo, Nithin R, Vinay Kumar, Tuhin Bose.
Newsletter formatting by: Nikhil A Memane, Ayush Singh, Siddharth, Rushi Padhiyar, Nithin R, Shlok.
Lots of love
Editorial team,
Infosec Writeups
📧
If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]