👩💻IW Weekly #81: Chrome SOP Bypass, Unauthorized access to Admin panel, Access to Instagram’s private posts, Looney Tunable Linux Privilege escalation [CVE-2023-4911], NoSQL injections and many more…
Welcome to the #IWWeekly81 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- Explore Chrome's SOP Bypass uncovered by @joaxcar.
- Discover how @parkerzanta got unauthorized access to the admin panel and detected a SQL injection vulnerability.
- Learn how @rub003 reveals a surprising vulnerability in Instagram's privacy settings which exposes Instagram's private posts by Blocking users.
- Dive deep into the world of NoSQL injections in this insightful blog post by @7h3h4ckv157.
- Exploring Red Team Operations with Cobalt Strike: Insights from Raphael Mudge's 2019 Guide – @rach1tarora.
🧵4 Trending Tweets
- Tired of Hack the Box and Portswigger labs? , @GTKlondike has shared 5 free platforms to brush up your cybersecurity skills.
- Wanna know how to do fast and automated bug bounty recon?, @0day_exploit_ has shared precious tips and his way of doing it.
- Ever found Django debug mode enabled while bug hunting ? , @vidocsecurity has shared keynotes on how to escalate it to higher severity.
- In their latest Twitter thread, @intigriti dives into four key bug bounty tools and their effective use for impressive results.
📽️ 3 Insightful Videos
- Deep dive into Looney Tunable Linux Privilege escalation [CVE-2023-4911] with @ippsec’s latest video.
- Get insightful knowledge and tips on cybersecurity from the latest podcast between @nahamsec and @hacker_ .
- Detect hackers and malwares on your device for free and learn to do so from @_johnhammond’s latest video.
💼 2 Job Alerts
- Meta Security is hiring software and security engineers at various experience levels to protect and advance the security of Meta's software and services.
- Exciting opportunity: Penetration Tester role at Securseed in Bengaluru, India (On-site Contract).
🎁 1 Special Item
- QRFuzz by @SPRITZGROUP is a fuzzing toolkit for testing malicious QR Codes in mobile apps.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Nikhil A Memane, Hardik Singh, Ayush Singh, Manikesh Singh, Bhavesh Harmalkar, Bimal Kumar Sahoo, Nithin R, Vinay Kumar, Tuhin Bose, Mohit Khemchandani, Manan, Rushi Padhiyar, Shlok, Rachit Arora
Newsletter formatting by: Nikhil A Memane, Manan, Ayush Singh, Hardik Singh, Shlok, Rachit Arora
Lots of love
Editorial team,
Infosec Writeups
📧
If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]