πŸ‘©β€πŸ’»IW Weekly #78: OAuth Misconfiguration, Account Takeover, Virtual Hosts, SQL Injection, Hacker Tweets, Advanced Root Detection Bypass Techniques and many more..

πŸ‘©β€πŸ’»IW Weekly #78: OAuth Misconfiguration, Account Takeover, Virtual Hosts, SQL Injection, Hacker Tweets, Advanced Root Detection Bypass Techniques and many more..
Photo by Hacker Noon / Unsplash

Welcome to the #IWWeekly78 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫒

Read, upskill yourself and spread love to the community πŸ’

Excited? Let’s jump in πŸ‘‡

πŸ“ 5 Infosec Articles

  1. Discover how OAuth misconfigurations can inadvertently grant unauthorized admin access across an organization's products in this eye-opening article by @H4cktus.
  2. Learn the art of manual SQL Injection with @bug4you as he reveals his journey of finding four of them in a single target by leveraging Repeater Tab.
  3. Exploring Cutting-Edge Root Detection and Bypass Methods in Mobile Security by @8kSec.
  4. Check how misconfigured SSO [OIDC] implementations can lead to account takeovers in this eye-opening article by @Crypt0g30rgy.
  5. Presidential hopeful Ahmed Eltantawy falls prey to digital espionage in 'Predator in the Wires,' a chilling expose by @jsrailton, @RonDeibert, @billmarczak, and their dedicated team.
  1. Learn tmux to avoid juggling between multiple terminals via this informative thread by @marcolivermunz
  2. @vidocsecurity shows us how Unicodes can be used to takeover accounts and bypass block lists
  3. Find out how @dothash_ found was able to perform account takeover by exploiting reset password functionality
  4. @iustinBB shows us how to find domains associated to an organization using duckduckgo-radar.

πŸ“½οΈ 3 Insightful Videos

  1. Watch this super informative video on virtual hosts by @nahamsec
  2. @LiveOverflow explains various hacker tweets in much more detail.
  3. Another interesting @ctbbpodcast podcast episode with Lupin where interesting topics such as pair hacking, joining a team, and starting a business together are discussed.

πŸ’Ό 2 Job Alerts

  1. Join LTI Mindtree as an OT Security Professional in Hyderabad with 5-10 years of experience required.
  2. Join Meta team as a Product Security Engineer for Web, with opportunities in multiple locations and remote work options.

🎁 1 Special Item

  1. Join @gregxsunday as he delves into the world of Bug Bounty with a case study on predicting identifiers in IDOR vulnerabilities.

Caido is a lightweight web security auditing toolkit that aims to help security professionals and enthusiasts audit web applications with efficiency and ease.

Get 10$ off on the annual plans for https://caido.io/ using our code: infosecwriteups


That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing πŸ’ͺ

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Ayush Singh, Nithin R, Vinay Kumar, Tuhin Bose
Newsletter formatting by: Manan, Ayush Singh, Hardik Singh, Rushi Padhiyar, Nithin R

Lots of love
Editorial team,
Infosec Writeups

πŸ“§
If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]

Subscribe to The Infosec Newsletter

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]
Subscribe