👩‍💻IW Weekly #91: Hacking Adobe For $50K, Google OAuth Hack, SSTI, Self XSS to Stored XSS, JSLuice Tips, Dealing With Burnout, SQL Injection Worth $4K and many more…

Welcome to the #IWWeekly91 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. @tirtha_mandal and @_naaash_ share their experience of accumulating close to $50,000 through Adobe's VIP Bug Bounty Program.
2. @InsecureNature unveils a potential vulnerability in Google OAuth that may be broken in many ways.
3. @mo9kHu93r discusses SSTI on Achmea, ultimately earning a t-shirt and 50 euros as a reward.
4. Learn with @Rodriguezjorgex as he explains the methods employed to enhance the impact of typical XSS by utilizing self-XSS vectors.
5. In this informative post, @0x_Akoko gives a deep dive into the discovery of a SQL Injection vulnerability, resulting in a bounty worth $4,000.

🧵4 Trending Tweets

1. @expankita gives pivotal advice for cybersecurity beginners, outlining essential dos and don'ts to navigate the field effectively.
2. @kannthu1 shares insights from his IWCON 2023 presentation, summarizing key takeaways and learnings as a bug bounty hunter while scanning 2 million hosts daily.
3. In optimizing bug bounty returns, @Jayesh25_ lights up on leveraging the JSLuice tool, offering concise yet invaluable tips for cybersecurity enthusiasts.
4. @Jayesh25_ provides essential tips on XSS hunting across diverse targets using AEM, showcasing expertise in an insightful and practical manner.

📽️ 3 Insightful Videos

1. 
   Watch @Nahamsec delve into the strategic use of web archives for bug bounty hunting, providing a comprehensive guide to maximize success.
2. In Episode 50 of @ctbbpodcast, with hacking expert @avlidienbrunn, the host and guest discuss burnout, collaboration, and the importance of specialization in cybersecurity.
3. In his latest video, @LiveOverflow dives into the intricacies of CVE-2023-4863, providing an in-depth exploration and analysis.

💼 2 Job Alerts

1. Glean is looking out for an entry-level Infrastructure Security Engineer to work on site in Bangalore. Do apply if the JD fits you.
2. Microsoft is hiring a Senior Security Researcher on site in Bangalore with over 7 years of experience in security.

🎁 1 Special Item

1. This week’s special items come from @intigriti where they challenge you to spot the vulnerability in the given code.

On behalf of the entire IW team, we wish you all a Merry Christmas!

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Bhavesh Harmalkar

Newsletter formatting by: Hardik Singh, Shlok, Rachit Arora, Eeshan V, Pawan Gambhir

Lots of love
Editorial team,
Infosec Writeups