👩💻IW Weekly #8: Cloudflare WAF, OAuth, TLS Fingerprinting, Talosplus, and more...
Welcome to the eighth edition of Infosec Weekly - the Monday newsletter that brings the best insights in Infosec straight to your inbox.
In today’s edition, we’ve handpicked some of the most trending and latest articles of InfoSec Write-ups to help you understand new and interesting concepts in Infosec.
Sounds good? Let’s dive in👇
#1 - Learn how to bypass cloudflare waf to trigger stored XSS.
#2 - Want to run bash scripts at a faster rate by executing commands in parallel using goroutines? Read about this tool talosplus which could run the most complex bash scripts in the easiest way possible.
Read these 3 blogs to understand/setup this tool :
#3 - PWN101 Walkthrough of tryhackme.
#4 - Ever wondered if there is a port 443 open but not able to open it in burp? It should be because of the TLS fingerprinting technique called JA3. Read this to learn in more detail.
#5 - Learn how an Oauth misconfiguration could lead to account takeover.
#6 - Learn how to make boot2root VM’s with ease.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter.
Videos of the week
Here are the 2 new IWCON2022 recordings of the week:
- Zseano talked about how to find bugs on NFT websites for fun and profit. If you’re interested in the NFT world and want to learn how to find amazing bugs there, you should definitely watch this talk.
- Dhiyaneshwaran DK gave insights on Security automation,(re) defined - Security Through Intelligent Automation using Nuclei. Watch it here.
Before we say bye…
If you found this newsletter interesting, and know other people who would too, we'd really appreciate if you could forward it to them 📨
If you have questions, comments, or feedback, just reply to this email or let us know on Twitter @InfoSecComm.
See you again next week.
Lots of love