👩‍💻IW Weekly #90: Django Debug Mode, Attacking The Rsync Service, DOM XSS to Stored XSS, CVE-2022-2216, Hacking AWS & Kubernetes, Twitter’s XSS + CSRF Leads to Account Takeover and many more…

Welcome to the #IWWeekly90 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. @albinowax explores the discovery of peculiar endpoints through the lens of Bambdas in this intriguing article
2. @rokkam_vamshi unmasks the inner workings of Django Debug Mode, providing a backdoor to unrestricted access to the internal dashboard.
3. Delve into the world of cybersecurity with @Rodriguezjorgex as he reveals the journey from DOM XSS to stored XSS, shedding light on web vulnerabilities and their potential impact.
4. Dive into the 18-year potential compromise, full remote code execution, and the journey from discovery to responsible disclosure by @JonathanBouman. 
5. Discover the high stakes of a single vulnerable port in @sword0x00's latest article as they delve into the risks of attacking the Rsync service in a private program.

🧵4 Trending Tweets

1. @shoucccc exposes critical Twitter XSS + CSRF vulnerability, enabling account takeover via crafted links or specific web pages.
2. Unveiling the insights of a bug bounty journey, @Jayesh25_ shares invaluable tips and highlights the top 5 lessons learned from early mistakes.
3. Exploring the rising threat landscape: @thebinarybot reveals a 35% surge in Man-In-The-Middle attacks on inboxes from Q1 2022 to Q1 2023, with 94% of MitM credential phishing focusing on O365 authentication.
4. Dive into the world of Server-Side Request Forgeries (SSRF) with @0xblackbird's mega-thread, guiding you beyond the usual blind spots and unlocking the secrets to finding impactful vulnerabilities.

📽️ 3 Insightful Videos

1. Explore recent hacking discoveries, bug bounty collaborations, and a sneak peek into 2024's hacking events with @ctbbpodcast and @naglinagli in Ep. 49.
2. Join @_JohnHammond on a cybersecurity journey—hack AWS and Kubernetes clusters for free. Gain practical skills, insights, and level up your security game!
3. Check out the intricacies of SSRF exploitation through the lens of @NahamSec as he delves into leveraging Parse URL to read local files, uncovering the CVE-2022-2216 vulnerability.

💼 2 Job Alerts

1. Explore your career opportunities with Payatu Labs, a GPTW certified company! Exciting job openings in Pune and Bangalore, India await you.
2. Unlock new career horizons by applying for this exciting job opportunity in Mumbai, Maharashtra. Join simplyhired.co and elevate your professional journey!

🎁 1 Special Item

1. Discover an alert() on the origin in this real-world XSS challenge by @fransrosen.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Ayush Singh, Bhavesh Harmalkar, Rachit Arora

Newsletter formatting by: Bhavesh Harmalkar, Manan, Nithin R, Shlok, AnuPallavi

Lots of love
Editorial team,
Infosec Writeups