👩‍💻IW Weekly #91: Hacking Adobe For $50K, Google OAuth Hack, SSTI, Self XSS to Stored XSS, JSLuice Tips, Dealing With Burnout, SQL Injection Worth $4K and many more…

👩‍💻IW Weekly #91: Hacking Adobe For $50K, Google OAuth Hack, SSTI, Self XSS to Stored XSS, JSLuice Tips, Dealing With Burnout, SQL Injection Worth $4K and many more…
Photo by Pankaj Patel / Unsplash

Welcome to the #IWWeekly91 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

  1. @tirtha_mandal and @_naaash_ share their experience of accumulating close to $50,000 through Adobe's VIP Bug Bounty Program.
  2. @InsecureNature unveils a potential vulnerability in Google OAuth that may be broken in many ways.
  3. @mo9kHu93r discusses SSTI on Achmea, ultimately earning a t-shirt and 50 euros as a reward.
  4. Learn with @Rodriguezjorgex as he explains the methods employed to enhance the impact of typical XSS by utilizing self-XSS vectors.
  5. In this informative post, @0x_Akoko gives a deep dive into the discovery of a SQL Injection vulnerability, resulting in a bounty worth $4,000.
  1. @expankita gives pivotal advice for cybersecurity beginners, outlining essential dos and don'ts to navigate the field effectively.
  2. @kannthu1 shares insights from his IWCON 2023 presentation, summarizing key takeaways and learnings as a bug bounty hunter while scanning 2 million hosts daily.
  3. In optimizing bug bounty returns, @Jayesh25_ lights up on leveraging the JSLuice tool, offering concise yet invaluable tips for cybersecurity enthusiasts.
  4. @Jayesh25_ provides essential tips on XSS hunting across diverse targets using AEM, showcasing expertise in an insightful and practical manner.

📽️ 3 Insightful Videos

  1. Watch @Nahamsec delve into the strategic use of web archives for bug bounty hunting, providing a comprehensive guide to maximize success.
  2. In Episode 50 of @ctbbpodcast, with hacking expert @avlidienbrunn, the host and guest discuss burnout, collaboration, and the importance of specialization in cybersecurity.
  3. In his latest video, @LiveOverflow dives into the intricacies of CVE-2023-4863, providing an in-depth exploration and analysis.

💼 2 Job Alerts

  1. Glean is looking out for an entry-level Infrastructure Security Engineer to work on site in Bangalore. Do apply if the JD fits you.
  2. Microsoft is hiring a Senior Security Researcher on site in Bangalore with over 7 years of experience in security.

🎁 1 Special Item

  1. This week’s special items come from @intigriti where they challenge you to spot the vulnerability in the given code.

red and white snowman ornament
Photo by Angel Ceballos / Unsplash
On behalf of the entire IW team, we wish you all a Merry Christmas!

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Bhavesh Harmalkar
Newsletter formatting by: Hardik Singh, Shlok, Rachit Arora, Eeshan V, Pawan Gambhir

Lots of love
Editorial team,

Infosec Writeups

If you have questions, comments, or feedback reach out to us on Twitter @InfoSecComm or email [email protected]

Subscribe to The Infosec Newsletter

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]