👩‍💻IW Weekly #77: Azure AD privilege escalation, CVE-2022-3910, Web Cache deception attack, GraphQL enumeration techniques, IDOR and many more..

Welcome to the #IWWeekly77 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. The article by @secureworks explains about Azure Active Directory Domain Services privilege escalation, including proof of concept and steps.
2. In the article by @a13h1_, explore how he earned $500 by uncovering a privilege escalation vulnerability that allowed him to delete documents with student roles.
3. The team at @whiteoaksecurity has brought up an article which explains about Graphql APIs and its enumeration techniques.
4. A new method for container escape using file-based DirtyCred to exploit CVE-2022-3910 has been brought up by the team at @starlabs_sg .
5. Get a detailed mind map on how to hunt for Web Cache Deception vulnerability through this article by  @hbenja_m.

🧵4 Trending Tweets

1. Discover the leading tools for automating SQL Injection vulnerability testing in an insightful thread by @intigriti.
2. Explore a captivating account of an crazy IDOR adventure by @atomiczsec.
3. Uncover the secrets of espionage malware, unraveling its features and techniques in this insightful post by @RedHatPentester.
4. Discovering a CSP Protection Bypass with Google's Domain – @therceman's First Bug Bounty Tip.

📽️ 3 Insightful Videos

1. Explore the world of Windows security research in this informative video by @hacktricks_live.
2. Gain insights into bounty ethics and real findings in this episode of @ctbbpodcast.
3. Unlock network pivoting techniques with Chisel in this video, guided by @_JohnHammond.

💼 2 Job Alerts

1. Techdefencelab is hiring for Security Analysts with 1-2 years of experience.
2. Payatu has open roles for Cyber threat Intelligence Interns and Customer Success manager.

🎁 1 Special Item

1. Kunai: Enhancing monitoring tasks and security on Linux-based systems developed by @0xrawsec.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Ayush Singh, Bhavesh Harmalkar, Bimal Kumar Sahoo, Tuhin Bose, Mohit Khemchandani, Rushi Padhiyar

Newsletter formatting by: Nikhil A Memane, Rushi Padhiyar, Nithin R, Shlok

Lots of love
Editorial team,
Infosec Writeups