👩‍💻IW Weekly #87: Okta for Red Teamers, Hijacking OAuth, Account Hijacking via Invite Flows, Full Time Bug Bounty Hunting, Unpredictable IDs in IDOR and many more…

👩‍💻IW Weekly #87: Okta for Red Teamers, Hijacking OAuth, Account Hijacking via Invite Flows, Full Time Bug Bounty Hunting, Unpredictable IDs in IDOR and many more…
Photo by Towfiqu barbhuiya / Unsplash

Welcome to the #IWWeekly87 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

  1. Want to explore everything from Okta to prevention and detection recommendations for the blue team? Check out Okta for Red Teamers Perimeter Edition by @nickvangilder
  2.  Discover how hijacking OAuth Code is done via Reverse Proxy for Account Takeover as shared by @omidxrz, who provides valuable insights and strategies. 
  3.  @decoder_it explains the purposes of cert publishers and permissions granted to them in configuration partitions.
  4. Join the journey of Gabriel Schneider discovering a free Burp Collaborator with Cloudflare Workers
  5. Know how to efficiently check thousands of endpoints for potential Cross Site Scripting vulnerabilities in a very short time??  @ott3rly made it easy for us.
  1. Dive into the insightful bug bounty tips by @Jayesh25_ on Account Hijacking via Invite Flows 
  2. Explore the­ Chrome bug bounty world with an interactive tre­e diagram! Discover the ins and outs of submissions, re­wards, and commits, artfully created by @rebane2001.
  3. Unveil the secrets of tackling unpredictable IDs in IDOR or RBAC issues with tips from @Jayesh25_
  4. Struggling to pick the right bug bounty program? @0xblackbird has your back! Discover how to choose a program to hunt on.

📽️ 3 Insightful Videos

  1. Dive into the world of full-time bug bounty hunting with Justin 'rhynorater' Gardner from @criticalthinkingpodcast, as he shares a wealth of insights, expert advice, and real-life lessons in his latest video on BugBountyReportsExplained's YouTube channel.
  2. Join Justin in uncovering the­ complexities of SAML in the ne­west episode of @criticalthinkingpodcast.
  3. Join @gregxsunday from BugBountyReportsExplained in a deep dive into the world of Remote Code Execution (RCE) with an illuminating case study.

💼 2 Job Alerts

  1. Unmissable chance at SecurityBoat in Pune,India. Looking for talented individuals in graphic designing, business development and many more.
  2. Payatu in Pune, India is offering jobs for individuals who have hands-on experience on Security appliances,SIEM tools and others

🎁 1 Special Item

  1.  LEAKEY is a bash script which checks and validates for leaked credentials. 

The much-awaited cybersecurity conference IWCON is now back with edition 3.0 on 16 and 17 December 2023. With 16 amazing speakers, this year is going to be a blast of learning and networking. TICKETS NOW OPEN FOR SALE! Go grab yours today.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Bhavesh Harmalkar, Tuhin Bose, Shlok
Newsletter formatting by: Ayush Singh, Hardik Singh, Nithin R, Eeshan V, AnuPallavi

Lots of love
Editorial team,

Infosec Writeups

If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]

Subscribe to The Infosec Newsletter

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]