👩‍💻IW Weekly #86: CVE-2023-46729, Hacked Google’s Bug Tracking System, Outsmarting AI Models, Sandbox Escaping, Self-Redirect to XSS, Critical 0-day XXE to SSRF and many more…

Welcome to the #IWWeekly86 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

GuidedHacking is the best resource to learn reverse engineering, covering a wide range of topics including malware analysis, exploit development & game hacking. In addition to 10 courses, we have 440+ video tutorials, thousands of text tutorials, source codes & comprehensive guides.

📝 5 Infosec Articles

1. In-depth analysis by @aszx87410 uncovering the intricacies of CVE-2023-46729, delving into the URL Rewrite Vulnerability within the Sentry Next.js SDK.
2. Discover the intriguing journey of @homosapienimo as they share insights into hacking Google's bug tracking system, securing $15,600 in bounties along the way.
3. @learnprompting explores prompt hacking in HackAPrompt, unveiling how participants outsmarted AI models like GPT-3, prompting them to say 'I have been PWNED' across 10 challenging levels.
4. @MicrosoftEdge spills the beans on a bug that's not just a glitch, but a sandbox escape maestro!
5. @erickfernandox reveals scaling a Self-Redirect to an XSS in a cutting-edge web 3.0 system, earning a $1000 bounty on Hackenproof.

🧵4 Trending Tweets

1. Unveiling a rapid discovery: a critical 0-day XXE vulnerability transforms into a full read SSRF exploit in less than 6 hours by @eduardo_nuri.
2. Discover a wealth of free Active Directory learning resources in @thebinarybot's Twitter thread .
3. @learnprompting reveals the outcomes of the first-ever global Prompt Hacking competition, HackAPrompt. The analysis unearthed 29 techniques and a groundbreaking NEW exploit .
4. Delve into @Jayesh25_'s Twitter thread for savvy tips on automating bug bounty hunting—efficiently monitoring targets for successful results.

📽️ 3 Insightful Videos

1. In his latest video, @Nahamsec outlines a quick list of easy-to-find bugs for a straightforward path to $500 rewards .
2. Explore NoSQL injection attacks with @thecybermentor, where he provides detailed guidance on learning from @PortSwigger labs.
3. In his latest video, @gregxsunday takes us through his remarkable 2-year bug bounty journey, offering incredible advice and real-life lessons.

💼 2 Job Alerts

1. Exciting opportunity at @Meta in London for a Security Engineer specializing in Investigations & Response, safeguarding digital landscapes with cutting-edge expertise.
2. Job Alert at eSec Forte® Technologies in Noida, India: Join as an Appsec L1 & L2 to passionately secure web and mobile applications.

🎁 1 Special Item

1. This week’s special item deals with an amazing BurpSuite Protobuf extension by @GoogleVRP that can help you hack @Google and make dollars rain.

The much-awaited cybersecurity conference IWCON is now back with edition 3.0 on 16 and 17 December 2023. With 16 amazing speakers, this year is going to be a blast of learning and networking. TICKETS NOW OPEN FOR SALE! Go grab yours today.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Bhavesh Harmalkar, Tuhin Bose, Eeshan

Newsletter formatting by: Bhavesh Harmalkar, Manan, Hardik Singh, Nithin R, Shlok

Lots of love
Editorial team,
Infosec Writeups