👩‍💻IW Weekly #78: OAuth Misconfiguration, Account Takeover, Virtual Hosts, SQL Injection, Hacker Tweets, Advanced Root Detection Bypass Techniques and many more..

Welcome to the #IWWeekly78 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. Discover how OAuth misconfigurations can inadvertently grant unauthorized admin access across an organization's products in this eye-opening article by @H4cktus.
2. Learn the art of manual SQL Injection with @bug4you as he reveals his journey of finding four of them in a single target by leveraging Repeater Tab.
3. Exploring Cutting-Edge Root Detection and Bypass Methods in Mobile Security by @8kSec.
4. Check how misconfigured SSO [OIDC] implementations can lead to account takeovers in this eye-opening article by @Crypt0g30rgy.
5. Presidential hopeful Ahmed Eltantawy falls prey to digital espionage in 'Predator in the Wires,' a chilling expose by @jsrailton, @RonDeibert, @billmarczak, and their dedicated team.
   

🧵4 Trending Tweets

1. Learn tmux to avoid juggling between multiple terminals via this informative thread by @marcolivermunz
2. @vidocsecurity shows us how Unicodes can be used to takeover accounts and bypass block lists
3. Find out how @dothash_ found was able to perform account takeover by exploiting reset password functionality
4. @iustinBB shows us how to find domains associated to an organization using duckduckgo-radar.
   

📽️ 3 Insightful Videos

1. Watch this super informative video on virtual hosts by @nahamsec
2. @LiveOverflow explains various hacker tweets in much more detail.
3. Another interesting @ctbbpodcast podcast episode with Lupin where interesting topics such as pair hacking, joining a team, and starting a business together are discussed.

💼 2 Job Alerts

1. Join LTI Mindtree as an OT Security Professional in Hyderabad with 5-10 years of experience required.
2. Join Meta team as a Product Security Engineer for Web, with opportunities in multiple locations and remote work options.

🎁 1 Special Item

1. Join @gregxsunday as he delves into the world of Bug Bounty with a case study on predicting identifiers in IDOR vulnerabilities.

Caido is a lightweight web security auditing toolkit that aims to help security professionals and enthusiasts audit web applications with efficiency and ease.

Get 10$ off on the annual plans for https://caido.io/ using our code: infosecwriteups

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Ayush Singh, Nithin R, Vinay Kumar, Tuhin Bose

Newsletter formatting by: Manan, Ayush Singh, Hardik Singh, Rushi Padhiyar, Nithin R

Lots of love
Editorial team,
Infosec Writeups