👩💻IW Weekly #84: DOM-based race condition, Bypassing Android Debug and root detection, F5-BIG-IP CVE-2023-46747, SQL injection on admin login , Hacking HP monitor display, Analyzing Metamask snaps and many more…
Welcome to the #IWWeekly84 - the Monday newsletter that brings the best in Infosec straight to your inbox.
To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢
Read, upskill yourself and spread love to the community 💝
Excited? Let’s jump in 👇
📝 5 Infosec Articles
- Highlighting a critical issue in web applications, the article shared by @ryotek delves into an amazing DOM-based race conditions finding.
- Get insights on bypassing Android application debug and root detection via debug from this article by @shubham_sonani.
- The latest publication by the team at @praetorianlabs delves into compromising F5 BIG-IP with Request Smuggling, with a specific focus on CVE-2023-46747.
- In a recent write-up shared by @spaceraccoonsec, he discloses his findings on hacking HP Display Monitors using the Monitor Control Command Set, highlighting the implications of CVE-2023-5449.
- In their recent write-up, @osec_io explores Metamask Snaps, discussing safety considerations, environment design, and dissecting a property spoofing vulnerability within the Snaps sandboxing layer.
🧵4 Trending Tweets
- Grab the secret tips and revelations about a remarkable discovery of @Jayesh25_ , where he made $16k in under 10 minutes due to an OAuth misconfiguration .
- Get hands on API subdomain enumeration with crucial tips and tricks from @thebinarybot’s latest twitter thread.
- @Jayesh25_ shares key tips for a successful bug hunt in his recent post, focusing on approaching targets with restricted functionalities hidden behind login pages.
- Hacking on a salesforce target? Here are essential tips to keep in mind from @Jayesh25_.
📽️ 3 Insightful Videos
- Here are 5 best pieces of advice from @Nahamsec to be kept in mind for efficient hunting.
- In their latest video, @ctbbpodcast conducted a podcast with the cofounder of Caido , discussing its features and can it be the next big name in HTTP proxy?
- Discover the latest video from @null0x00, featuring @_niteshsurana, as he takes you on a journey into cloud vulnerabilities by uncovering Azure's silent threats.
💼 2 Job Alerts
- Github is hiring for a Senior Security Engineer role for the US or remote.
- Paralok is hiring Pentesters with 2 or more years of experience for remote locations .
🎁 1 Special Item
This week’s special item deals with an amazing CTF announcement from @Securityb0at. Go, hack and win an amazing 1 month pentesterlab voucher.
The much-awaited cybersecurity conference IWCON is now back with edition 3.0 on 16 and 17 December 2023. With 16 amazing speakers, this year is going to be a blast of learning and networking. TICKETS NOW OPEN FOR SALE! Go grab yours today.
PS: If you're a brand looking to advertise your company among our 30k+ community, book a sponsorship slot here.
That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪
This newsletter would not have been made possible without our amazing ambassadors.
Resource contribution by: Nikhil A Memane, Hardik Singh,Bhavesh Harmalkar, Vinay Kumar, Tuhin Bose, Nithin R
Newsletter formatting by: Hardik Singh, Nithin R, Shlok
Lots of love
Editorial team,
Infosec Writeups