👩‍💻IW Weekly #88: Process Injection, Race Condition, CLRF to XSS in Snapchat, Active Directory Guide, Main App Hacking Methodology, CSP Research, CORS Misconfigurations and many more…

👩‍💻IW Weekly #88: Process Injection, Race Condition, CLRF to XSS in Snapchat, Active Directory Guide, Main App Hacking Methodology, CSP Research, CORS Misconfigurations and many more…
Photo by Florian Olivo / Unsplash

Welcome to the #IWWeekly88 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

GuidedHacking is the best resource to learn reverse engineering, covering a wide range of topics including malware analysis, exploit development & game hacking. In addition to 10 courses, we have 440+ video tutorials, thousands of text tutorials, source codes & comprehensive guides.

📝 5 Infosec Articles

  1. Explore stealthy process injection techniques in r-tec's recent blog post. 
  2. @a7med.ctf found an interesting way to escalate a CRLF vulnerability to XSS in a domain belonging to Snapchat.
  3. @JerrySh43332033 details his chaotic yet successful exploitation of a race condition using cURL.
  4. @shubhdeepp shares his tale on how he was able to find a vulnerability due to a third-party integration. 
  5. @zer1t0 pens an excellent active directory guide covering essential aspects and terms for pentesters to navigate potential active directory network attacks.
  1. @7h3h4ckv157 compiles resources discussing EDR and AV bypass techniques. 
  2. @Jayesh25_ expertly shares essential tips on approaching bug bounties with restricted scope, providing valuable insights for the community.
  3. Gain insights into bug bounty strategies as @Jayesh25_ shares tips on dealing with wide scope targets.
  4. @Jayesh25_ shares expertise on CORS misconfigurations, offering valuable tips and guidance for the community. 

📽️ 3 Insightful Videos

  1. In the recent @ctbbpodcast episode, the hosts discuss CSP Research, Iframe Hopping, JS Hoisting and more.
  2. @InsiderPhD shows us how to approach the main application of a program and shares her tips.
  3. Learn what are ports, services and other network fundamentals that every hacker and cybersecurity professional should know via this latest video by @davidbombal. 

💼 2 Job Alerts

  1. CyberNX Technologies is hiring for an Associate Security Consultant at Mumbai. Interested folks, do apply.
  2. Bugcrowd is hiring across the globe for roles such as AppSec Engineer, Senior DevOps Engineer and more.

🎁 1 Special Item

  1. Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.

IWCON 2023 CTF Registrations Now Open

Get your team together or register as a lone wolf today.

For the first time ever, IWCON is hosting a CTF. 🎊

Difficulty level: Easy to Medium.

Share this with your CTF player and bug bounty hunter friends so they don’t miss out on this fun challenge.

On episode 1 of IW Studio's first live interview series "Screenside Chats", we have Vivek Ramachandran, Founder and CEO, SquareX. Checkout the interview here

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Ayush Singh, Bhavesh Harmalkar, Bimal Kumar Sahoo, Vinay Kumar, Tuhin Bose, Mohit Khemchandani, Rachit Arora, Eeshan V
Newsletter formatting by: Bhavesh Harmalkar, Manan, Nithin R, Shlok, Rachit Arora

Lots of love
Editorial team,

Infosec Writeups

If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]

Subscribe to The Infosec Newsletter

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]