👩💻IW Weekly #76: Android Native Libraries, Proton Mail’s Security, Source Code & Secrets exposed on Top Websites, Zero Click Mass ATO, CSP Protection Bypass on Google, Hacking Online Casino and many more..
Welcome to the #IWWeekly76 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- Explore the world of Android native libraries emulation with Qiling in this insightful guide by @appknox.
- Unveiling critical code vulnerabilities: @Sonar_Research sheds light on potential risks to Proton Mail's security.
- Discover how 4,500 of the web's elite were exposed as @trufflesec unveils leaked source code and hidden secrets.
- Learn the art of session hijacking through HTTP request smuggling in this insightful exploit walkthrough by @outpost24.
- Unlocking the power of low-impact vulnerabilities: @HaitamHayteex explores how chaining them can result in a zero-click Mass ATO.
🧵4 Trending Tweets
- @caljhud explores Identity & Access Management (IAM), a critical cybersecurity domain, emphasizing the protection of access, risk factors, core controls, and service providers.
- @Rhynorater shares his strategy to recover his lost bug bounty knowledge and discusses how he plans to make $100k in the first year through engaging and informative threads.
- Discovering a CSP Protection Bypass with Google's Domain – @therceman's First Bug Bounty Tip.
- Join @bug_vs_me in a thread of captivating bug bounty writeups – a hidden treasure trove of knowledge waiting to be discovered by the cybersecurity community!
📽️ 3 Insightful Videos
- @NahamSec shares thrilling Bug Bounty Stories in EP1: Unveiling the Secrets of Hacking an Online Casino.
- @SecurityMB delves into enhancing browser security, from self-XSS reporting to advanced mechanisms, in this insightful video by @gregxsunday.
- Join @ctbbpodcast as they chat with bug bounty hunter extraordinaire @ArchAngelDDay, diving into his inventive endpoint discovery methods, Intercom widget exploits, collaboration insights, and the art of finding joy in the hunt!
💼 2 Job Alerts
- Join Jio in Mumbai, India, as an Application Security expert and safeguard digital assets on-site.
- Join PhonePe in Bengaluru as a Risk Analyst (Security Engineering) and safeguard digital transactions.
🎁 1 Special Item
- Embark on an exhilarating XSS challenge with @avlidienbrunn and discover the world of tax-free (mostly) useless knowledge.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Nikhil A Memane, Hardik Singh, Ayush Singh, Bhavesh Harmalkar, Vinay Kumar, Tuhin Bose, Rushi Padhiyar.
Newsletter formatting by: Manan, Hardik Singh, Nithin R.
Lots of love
Editorial team,
Infosec Writeups
📧
If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]