👩‍💻IW Weekly #79: RCE in Google Chrome, CVE-2023-40044, OIDC misconfiguration to ATO, accessing millions of call recordings and many more..

Welcome to the #IWWeekly79 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. A simple vulnerability which allowed access to millions of call recordings, by @hax0rgb.
2. @m-y-mo writes about getting RCE in Chrome with incorrect side effect in the JIT compiler.
3. Vulnerability in Progress WS_FTP Ad Hoc Transfer allows Remote Code Execution (RCE) via IIS HTTP Modules (CVE-2023-40044) discovered by @assetnote.
4. @Crypt0g30rgy shares a story of exploiting a misconfigured OIDC login provider allowing an account takeover on a different web app.
5. @bug4you shares effective manual SQL injection testing strategies using Burpsuite’s repeater tabs.

🧵4 Trending Tweets

1. Refer to this twitter thread by @vidocsecurity explaining the vulnerable code snippet.
2. @atomiczsec shares some tips on finding XSS while discussing a stored XSS they found in an assessment.
3. Read about business logic vulnerabilities in this thread by @expankita.
4. @expankita shares some free and paid security certifications that can help you land an entry-level pentesting role.

📽️ 3 Insightful Videos

1. In his latest episode of "Bug bounty stories", @nahamsec shares the story of his prison hack.
2. Gain insights into mobile hacking with the maestro @_bagipro in the latest podcast .
3. "A career transition from a software engineer to a bug bounty hunter" :- @ByteBloggerBase interviews @ReebootToInit5 .

💼 2 Job Alerts

1. Accelya groups are hiring for penetration testers with 3-5 years of experience for Pune.
2. Meta is hiring for Product security engineers . Do grab this opportunity.

🎁 1 Special Item

1. Learn how to predict an identifier in IDOR taught by gregxsunday.
   

This newsletter is brought to you by Masterworks

A Banksy got everyday investors 32% returns?

Mm-hmm, sure. So, what’s the catch?

We know it may sound too good to be true. But thousands of investors are already smiling all the way to the bank. All thanks to the fine-art investing platform Masterworks.  

These results aren’t cherry-picking. This is the whole bushel. Masterworks has built a track record of 16 exits, realizing +10.4%, +27.3%, and +35.0% net returns, even while financial markets plummeted.

Offerings can sell out in just minutes, but as a trusted partner, Infosec readers are invited to skip the waitlist with this exclusive link.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Ayush Singh, Manikesh Singh, Vinay Kumar, Tuhin Bose, Manan, Shlok, Rachit Arora

Newsletter formatting by: Manan, Ayush Singh, Hardik Singh, Rushi Padhiyar, Nithin R, Shlok, Rachit Arora

Lots of love
Editorial team,
Infosec Writeups

  PS: Past performance is not indicative of future returns, Investing involves risk. See disclosures masterworks.com/cd