👩💻IW Weekly #74: RCE through Dependency Confusion, 2FA bypass in Meta, Client side Prototype pollution and its prevention, Paywall bypass, SSRF tricks and many more..
Welcome to the #IWWeekly74 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- Learn about remote code execution through dependency confusion using a Burp Suite extension with insights from @jineesh4k.
- Delve into @ndevtk's awesome write-ups on Google extensions.
- Bazzam's writeup unveils the discovery of a Two-Factor Authentication bypass in Facebook during the Meta bug bounty Researchers conference.
- Explore Patch Diff in this blog post by @DhiyaneshDK.
- SynAck's @VirenPawar_ presents insights on Client Side Prototype Pollution vulnerabilities and preventive measures in this informative blog.
🧵4 Trending Tweets
- A vulnerability termed "Paywall bypass," shared by @Rhynorater in a Twitter thread, outlines his finding which allowed him to access paid features for free or at a reduced cost.
- Unlocking $500K+ : @hacker_ discusses reaping rewards from SSRF vulnerability, sharing valuable tips and tricks along the way.
- Server breach and source code heist: Discover how @silentgh00st infiltrated a company's private program on @Hacker0x01 using @leak_ix and @OpenAI's ChatGPT.
- Demystifying SQL injections: @intigriti's insightful Twitter thread delves into comprehensive explanations.
📽️ 3 Insightful Videos
- @0xdf_ delves into HackTheBox's Mailroom challenge, exploring tracing automation.
- Crafting the exploit for DNS Remote Code Execution is detailed in this YouTube video by @FlashbackPwn.
- Enhance your SQL injection skills with insights from this case study presented by @gregxsunday.
💼 2 Job Alerts
- Varutra is hiring for multiple Vulnerability and Penetration testing roles.
- Join Comcast's security team in Chennai: Full-time role for an onsite Security Engineer position now open.
🎁 1 Special Item
- Checkout this github repository: “rayder-workflows” by @0xAsm0d3us for hosting Rayder workflow to smooth and organize bug bounty hunting.
![](https://weekly.infosecwriteups.com/content/images/2023/08/image.png)
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Nikhil A Memane, Ayush Singh, Manikesh Singh, Bhavesh Harmalkar, Bimal Kumar Sahoo, Nithin R, Vinay Kumar, Tuhin Bose.
Newsletter formatting by: Nikhil A Memane, Ayush Singh, Siddharth, Rushi Padhiyar, Nithin R, Shlok.
Lots of love
Editorial team,
Infosec Writeups
📧
If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]